outposts/ldap: add support for boolean fields in ldap
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
3c3fd53999
commit
ade8644da6
|
@ -98,19 +98,9 @@ func (pi *ProviderInstance) UserEntry(u api.User) *ldap.Entry {
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
if *u.IsActive {
|
|
||||||
attrs = append(attrs, &ldap.EntryAttribute{Name: "accountStatus", Values: []string{"active"}})
|
|
||||||
} else {
|
|
||||||
attrs = append(attrs, &ldap.EntryAttribute{Name: "accountStatus", Values: []string{"inactive"}})
|
|
||||||
}
|
|
||||||
|
|
||||||
if u.IsSuperuser {
|
|
||||||
attrs = append(attrs, &ldap.EntryAttribute{Name: "superuser", Values: []string{"active"}})
|
|
||||||
} else {
|
|
||||||
attrs = append(attrs, &ldap.EntryAttribute{Name: "superuser", Values: []string{"inactive"}})
|
|
||||||
}
|
|
||||||
|
|
||||||
attrs = append(attrs, &ldap.EntryAttribute{Name: "memberOf", Values: pi.GroupsForUser(u)})
|
attrs = append(attrs, &ldap.EntryAttribute{Name: "memberOf", Values: pi.GroupsForUser(u)})
|
||||||
|
attrs = append(attrs, &ldap.EntryAttribute{Name: "goauthentik.io/ldap/active", Values: []string{BoolToString(*u.IsActive)}})
|
||||||
|
attrs = append(attrs, &ldap.EntryAttribute{Name: "goauthentik.io/ldap/superuser", Values: []string{BoolToString(u.IsSuperuser)}})
|
||||||
|
|
||||||
attrs = append(attrs, AKAttrsToLDAP(u.Attributes)...)
|
attrs = append(attrs, AKAttrsToLDAP(u.Attributes)...)
|
||||||
|
|
||||||
|
|
|
@ -7,6 +7,13 @@ import (
|
||||||
"goauthentik.io/outpost/api"
|
"goauthentik.io/outpost/api"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
func BoolToString(in bool) string {
|
||||||
|
if in {
|
||||||
|
return "true"
|
||||||
|
}
|
||||||
|
return "false"
|
||||||
|
}
|
||||||
|
|
||||||
func AKAttrsToLDAP(attrs interface{}) []*ldap.EntryAttribute {
|
func AKAttrsToLDAP(attrs interface{}) []*ldap.EntryAttribute {
|
||||||
attrList := []*ldap.EntryAttribute{}
|
attrList := []*ldap.EntryAttribute{}
|
||||||
a := attrs.(*map[string]interface{})
|
a := attrs.(*map[string]interface{})
|
||||||
|
@ -17,6 +24,8 @@ func AKAttrsToLDAP(attrs interface{}) []*ldap.EntryAttribute {
|
||||||
entry.Values = t
|
entry.Values = t
|
||||||
case string:
|
case string:
|
||||||
entry.Values = []string{t}
|
entry.Values = []string{t}
|
||||||
|
case bool:
|
||||||
|
entry.Values = []string{BoolToString(t)}
|
||||||
}
|
}
|
||||||
attrList = append(attrList, entry)
|
attrList = append(attrList, entry)
|
||||||
}
|
}
|
||||||
|
|
|
@ -40,9 +40,9 @@ The following fields are currently sent for users:
|
||||||
- "user"
|
- "user"
|
||||||
- "organizationalPerson"
|
- "organizationalPerson"
|
||||||
- "goauthentik.io/ldap/user"
|
- "goauthentik.io/ldap/user"
|
||||||
- `accountStatus`: "active" if the account is active, otherwise "inactive"
|
|
||||||
- `superuser`: "active" if the account is part of a group with superuser permissions, otherwise "inactive"
|
|
||||||
- `memberOf`: A list of all DNs that the user is a member of
|
- `memberOf`: A list of all DNs that the user is a member of
|
||||||
|
- `goauthentik.io/ldap/active`: "true" if the account is active, otherwise "false"
|
||||||
|
- `goauthentik.io/ldap/superuser`: "true" if the account is part of a group with superuser permissions, otherwise "false"
|
||||||
|
|
||||||
The following fields are current set for groups:
|
The following fields are current set for groups:
|
||||||
|
|
||||||
|
|
Reference in New Issue