trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

sources/ldap: use entryDN attribute from ldap3 as opposed to implicit DN attribute

This commit is contained in:
Jens Langhammer 2021-02-05 11:43:13 +01:00
parent 51cbb7cc8e
commit b0e3b8b39d
1 changed files with 10 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
authentik/sources/ldap/sync/users.py
View File

@ -29,16 +29,17 @@ class UserLDAPSynchronizer(BaseLDAPSynchronizer):
user_count = 0 user_count = 0
for user in users: for user in users:
attributes = user.get("attributes", {}) attributes = user.get("attributes", {})
user_dn = user.get("entryDN", "")
if self._source.object_uniqueness_field not in attributes: if self._source.object_uniqueness_field not in attributes:
self._logger.warning( self._logger.warning(
"Cannot find uniqueness Field in attributes", "Cannot find uniqueness Field in attributes",
attributes=attributes.keys(), attributes=attributes.keys(),
dn=attributes.get(LDAP_DISTINGUISHED_NAME, ""), dn=user_dn,
) )
continue continue
uniq = attributes[self._source.object_uniqueness_field] uniq = attributes[self._source.object_uniqueness_field]
try: try:
defaults = self._build_object_properties(attributes) defaults = self._build_object_properties(user_dn, **attributes)
user, created = User.objects.update_or_create( user, created = User.objects.update_or_create(
**{ **{
f"attributes__{LDAP_UNIQUENESS}": uniq, f"attributes__{LDAP_UNIQUENESS}": uniq,
@ -64,7 +65,7 @@ class UserLDAPSynchronizer(BaseLDAPSynchronizer):
return user_count return user_count
def _build_object_properties( def _build_object_properties(
self, attributes: dict[str, Any] self, user_dn: str, **kwargs
) -> dict[str, dict[Any, Any]]: ) -> dict[str, dict[Any, Any]]:
properties = {"attributes": {}} properties = {"attributes": {}}
for mapping in self._source.property_mappings.all().select_subclasses(): for mapping in self._source.property_mappings.all().select_subclasses():
@ -72,7 +73,9 @@ class UserLDAPSynchronizer(BaseLDAPSynchronizer):
continue continue
mapping: LDAPPropertyMapping mapping: LDAPPropertyMapping
try: try:
value = mapping.evaluate(user=None, request=None, ldap=attributes) value = mapping.evaluate(
user=None, request=None, ldap=kwargs, dn=user_dn
)
if value is None: if value is None:
continue continue
object_field = mapping.object_field object_field = mapping.object_field
@ -87,11 +90,9 @@ class UserLDAPSynchronizer(BaseLDAPSynchronizer):
"Mapping failed to evaluate", exc=exc, mapping=mapping "Mapping failed to evaluate", exc=exc, mapping=mapping
) )
continue continue
if self._source.object_uniqueness_field in attributes: if self._source.object_uniqueness_field in kwargs:
properties["attributes"][LDAP_UNIQUENESS] = attributes.get( properties["attributes"][LDAP_UNIQUENESS] = kwargs.get(
self._source.object_uniqueness_field self._source.object_uniqueness_field
) )
properties["attributes"][LDAP_DISTINGUISHED_NAME] = attributes.get( properties["attributes"][LDAP_DISTINGUISHED_NAME] = user_dn
"distinguishedName", attributes.get("dn")
)
return properties return properties