diff --git a/outpost/pkg/ldap/instance_search.go b/outpost/pkg/ldap/instance_search.go index 0e459e03e..01c500702 100644 --- a/outpost/pkg/ldap/instance_search.go +++ b/outpost/pkg/ldap/instance_search.go @@ -98,19 +98,9 @@ func (pi *ProviderInstance) UserEntry(u api.User) *ldap.Entry { }, } - if *u.IsActive { - attrs = append(attrs, &ldap.EntryAttribute{Name: "accountStatus", Values: []string{"active"}}) - } else { - attrs = append(attrs, &ldap.EntryAttribute{Name: "accountStatus", Values: []string{"inactive"}}) - } - - if u.IsSuperuser { - attrs = append(attrs, &ldap.EntryAttribute{Name: "superuser", Values: []string{"active"}}) - } else { - attrs = append(attrs, &ldap.EntryAttribute{Name: "superuser", Values: []string{"inactive"}}) - } - attrs = append(attrs, &ldap.EntryAttribute{Name: "memberOf", Values: pi.GroupsForUser(u)}) + attrs = append(attrs, &ldap.EntryAttribute{Name: "goauthentik.io/ldap/active", Values: []string{BoolToString(*u.IsActive)}}) + attrs = append(attrs, &ldap.EntryAttribute{Name: "goauthentik.io/ldap/superuser", Values: []string{BoolToString(u.IsSuperuser)}}) attrs = append(attrs, AKAttrsToLDAP(u.Attributes)...) diff --git a/outpost/pkg/ldap/utils.go b/outpost/pkg/ldap/utils.go index b32c20783..8252bf80e 100644 --- a/outpost/pkg/ldap/utils.go +++ b/outpost/pkg/ldap/utils.go @@ -7,6 +7,13 @@ import ( "goauthentik.io/outpost/api" ) +func BoolToString(in bool) string { + if in { + return "true" + } + return "false" +} + func AKAttrsToLDAP(attrs interface{}) []*ldap.EntryAttribute { attrList := []*ldap.EntryAttribute{} a := attrs.(*map[string]interface{}) @@ -17,6 +24,8 @@ func AKAttrsToLDAP(attrs interface{}) []*ldap.EntryAttribute { entry.Values = t case string: entry.Values = []string{t} + case bool: + entry.Values = []string{BoolToString(t)} } attrList = append(attrList, entry) } diff --git a/website/docs/outposts/ldap/ldap.md b/website/docs/outposts/ldap/ldap.md index 90f7c740a..5e3af2469 100644 --- a/website/docs/outposts/ldap/ldap.md +++ b/website/docs/outposts/ldap/ldap.md @@ -40,9 +40,9 @@ The following fields are currently sent for users: - "user" - "organizationalPerson" - "goauthentik.io/ldap/user" -- `accountStatus`: "active" if the account is active, otherwise "inactive" -- `superuser`: "active" if the account is part of a group with superuser permissions, otherwise "inactive" - `memberOf`: A list of all DNs that the user is a member of +- `goauthentik.io/ldap/active`: "true" if the account is active, otherwise "false" +- `goauthentik.io/ldap/superuser`: "true" if the account is part of a group with superuser permissions, otherwise "false" The following fields are current set for groups: