outpost/ldap: fix errors with new UserSelf serializer
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer
parent
1b91543add
commit
8e797fa76b
|
|
@ -75,7 +75,7 @@ func (pi *ProviderInstance) Bind(username string, req BindRequest) (ldap.LDAPRes
|
||||||
pi.boundUsersMutex.Lock()
|
pi.boundUsersMutex.Lock()
|
||||||
cs := pi.SearchAccessCheck(userInfo.User)
|
cs := pi.SearchAccessCheck(userInfo.User)
|
||||||
pi.boundUsers[req.BindDN] = UserFlags{
|
pi.boundUsers[req.BindDN] = UserFlags{
|
||||||
UserInfo: userInfo.User,
|
UserPk: userInfo.User.Pk,
|
||||||
CanSearch: cs != nil,
|
CanSearch: cs != nil,
|
||||||
}
|
}
|
||||||
if pi.boundUsers[req.BindDN].CanSearch {
|
if pi.boundUsers[req.BindDN].CanSearch {
|
||||||
|
|
@ -88,7 +88,7 @@ func (pi *ProviderInstance) Bind(username string, req BindRequest) (ldap.LDAPRes
|
||||||
}
|
}
|
||||||
|
|
||||||
// SearchAccessCheck Check if the current user is allowed to search
|
// SearchAccessCheck Check if the current user is allowed to search
|
||||||
func (pi *ProviderInstance) SearchAccessCheck(user api.User) *string {
|
func (pi *ProviderInstance) SearchAccessCheck(user api.UserSelf) *string {
|
||||||
for _, group := range user.Groups {
|
for _, group := range user.Groups {
|
||||||
for _, allowedGroup := range pi.searchAllowedGroups {
|
for _, allowedGroup := range pi.searchAllowedGroups {
|
||||||
pi.log.WithField("userGroup", group.Pk).WithField("allowedGroup", allowedGroup).Trace("Checking search access")
|
pi.log.WithField("userGroup", group.Pk).WithField("allowedGroup", allowedGroup).Trace("Checking search access")
|
||||||
|
|
|
||||||
|
|
@ -11,9 +11,17 @@ import (
|
||||||
"goauthentik.io/api"
|
"goauthentik.io/api"
|
||||||
)
|
)
|
||||||
|
|
||||||
func (pi *ProviderInstance) SearchMe(user api.User) (ldap.ServerSearchResult, error) {
|
func (pi *ProviderInstance) SearchMe(req SearchRequest, f UserFlags) (ldap.ServerSearchResult, error) {
|
||||||
|
if f.UserInfo == nil {
|
||||||
|
u, _, err := pi.s.ac.Client.CoreApi.CoreUsersRetrieve(req.ctx, f.UserInfo.Pk).Execute()
|
||||||
|
if err != nil {
|
||||||
|
req.log.WithError(err).Warning("Failed to get user info")
|
||||||
|
return ldap.ServerSearchResult{ResultCode: ldap.LDAPResultOperationsError}, fmt.Errorf("Failed to get userinfo")
|
||||||
|
}
|
||||||
|
f.UserInfo = &u
|
||||||
|
}
|
||||||
entries := make([]*ldap.Entry, 1)
|
entries := make([]*ldap.Entry, 1)
|
||||||
entries[0] = pi.UserEntry(user)
|
entries[0] = pi.UserEntry(*f.UserInfo)
|
||||||
return ldap.ServerSearchResult{Entries: entries, Referrals: []string{}, Controls: []ldap.Control{}, ResultCode: ldap.LDAPResultSuccess}, nil
|
return ldap.ServerSearchResult{Entries: entries, Referrals: []string{}, Controls: []ldap.Control{}, ResultCode: ldap.LDAPResultSuccess}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -42,7 +50,7 @@ func (pi *ProviderInstance) Search(req SearchRequest) (ldap.ServerSearchResult,
|
||||||
}
|
}
|
||||||
if !flags.CanSearch {
|
if !flags.CanSearch {
|
||||||
pi.log.Debug("User can't search, showing info about user")
|
pi.log.Debug("User can't search, showing info about user")
|
||||||
return pi.SearchMe(flags.UserInfo)
|
return pi.SearchMe(req, flags)
|
||||||
}
|
}
|
||||||
accsp.Finish()
|
accsp.Finish()
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -39,7 +39,8 @@ type ProviderInstance struct {
|
||||||
}
|
}
|
||||||
|
|
||||||
type UserFlags struct {
|
type UserFlags struct {
|
||||||
UserInfo api.User
|
UserInfo *api.User
|
||||||
|
UserPk int32
|
||||||
CanSearch bool
|
CanSearch bool
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Reference in New Issue