trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

providers/ldap: remove deprecated fields (#5154) 

* providers/ldap: remove deprecated fields

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update changelog

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Jens L 2023-04-21 14:10:24 +03:00 committed by GitHub
parent b40caf12df
commit bb92c4a967
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 44 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
internal/outpost/ldap/entries.go
View File

@ -13,33 +13,16 @@ import (
func (pi *ProviderInstance) UserEntry(u api.User) *ldap.Entry { func (pi *ProviderInstance) UserEntry(u api.User) *ldap.Entry {
dn := pi.GetUserDN(u.Username) dn := pi.GetUserDN(u.Username)
userValueMap := func(value []string) []string { attrs := utils.AttributesToLDAP(u.Attributes, func(key string) string {
return utils.AttributeKeySanitize(key)
}, func(value []string) []string {
for i, v := range value { for i, v := range value {
if strings.Contains(v, "%s") { if strings.Contains(v, "%s") {
value[i] = fmt.Sprintf(v, u.Username) value[i] = fmt.Sprintf(v, u.Username)
} }
} }
return value return value
} })
attrs := utils.AttributesToLDAP(u.Attributes, func(key string) string {
return utils.AttributeKeySanitize(key)
}, userValueMap)
rawAttrs := utils.AttributesToLDAP(u.Attributes, func(key string) string {
return key
}, userValueMap)
// Only append attributes that don't already exist
// TODO: Remove in 2023.3
for _, rawAttr := range rawAttrs {
exists := false
for _, attr := range attrs {
if strings.EqualFold(attr.Name, rawAttr.Name) {
exists = true
}
}
if !exists {
attrs = append(attrs, rawAttr)
}
}
if u.IsActive == nil { if u.IsActive == nil {
u.IsActive = api.PtrBool(false) u.IsActive = api.PtrBool(false)
@ -48,10 +31,6 @@ func (pi *ProviderInstance) UserEntry(u api.User) *ldap.Entry {
u.Email = api.PtrString("") u.Email = api.PtrString("")
} }
attrs = utils.EnsureAttributes(attrs, map[string][]string{ attrs = utils.EnsureAttributes(attrs, map[string][]string{
// Old fields for backwards compatibility
"goauthentik.io/ldap/active": {strconv.FormatBool(*u.IsActive)},
"goauthentik.io/ldap/superuser": {strconv.FormatBool(u.IsSuperuser)},
// End old fields
"ak-active": {strconv.FormatBool(*u.IsActive)}, "ak-active": {strconv.FormatBool(*u.IsActive)},
"ak-superuser": {strconv.FormatBool(u.IsSuperuser)}, "ak-superuser": {strconv.FormatBool(u.IsSuperuser)},
"memberOf": pi.GroupsForUser(u), "memberOf": pi.GroupsForUser(u),

22
internal/outpost/ldap/group/group.go
View File

@ -2,7 +2,6 @@ package group
import ( import (
"strconv" "strconv"
"strings"
"github.com/nmcclain/ldap" "github.com/nmcclain/ldap"
"goauthentik.io/api/v3" "goauthentik.io/api/v3"
@ -28,24 +27,6 @@ func (lg *LDAPGroup) Entry() *ldap.Entry {
}, func(value []string) []string { }, func(value []string) []string {
return value return value
}) })
rawAttrs := utils.AttributesToLDAP(lg.Attributes, func(key string) string {
return key
}, func(value []string) []string {
return value
})
// Only append attributes that don't already exist
// TODO: Remove in 2023.3
for _, rawAttr := range rawAttrs {
exists := false
for _, attr := range attrs {
if strings.EqualFold(attr.Name, rawAttr.Name) {
exists = true
}
}
if !exists {
attrs = append(attrs, rawAttr)
}
}
objectClass := []string{constants.OCGroup, constants.OCGroupOfUniqueNames, constants.OCGroupOfNames, constants.OCAKGroup, constants.OCPosixGroup} objectClass := []string{constants.OCGroup, constants.OCGroupOfUniqueNames, constants.OCGroupOfNames, constants.OCAKGroup, constants.OCPosixGroup}
if lg.IsVirtualGroup { if lg.IsVirtualGroup {
@ -53,9 +34,6 @@ func (lg *LDAPGroup) Entry() *ldap.Entry {
} }
attrs = utils.EnsureAttributes(attrs, map[string][]string{ attrs = utils.EnsureAttributes(attrs, map[string][]string{
// Old fields for backwards compatibility
"goauthentik.io/ldap/superuser": {strconv.FormatBool(lg.IsSuperuser)},
// End old fields
"ak-superuser": {strconv.FormatBool(lg.IsSuperuser)}, "ak-superuser": {strconv.FormatBool(lg.IsSuperuser)},
"objectClass": objectClass, "objectClass": objectClass,
"member": lg.Member, "member": lg.Member,

16
tests/e2e/test_provider_ldap.py
View File

@ -229,12 +229,6 @@ class TestProviderLDAP(SeleniumTestCase):
"homeDirectory": [ "homeDirectory": [
f"/home/{o_user.username}", f"/home/{o_user.username}",
], ],
# Old fields for backwards compatibility
"goauthentik.io/ldap/active": ["true"],
"goauthentik.io/ldap/superuser": ["false"],
"goauthentik.io/user/override-ips": ["true"],
"goauthentik.io/user/service-account": ["true"],
# End old fields
"ak-active": ["true"], "ak-active": ["true"],
"ak-superuser": ["false"], "ak-superuser": ["false"],
"goauthentikio-user-override-ips": ["true"], "goauthentikio-user-override-ips": ["true"],
@ -264,12 +258,6 @@ class TestProviderLDAP(SeleniumTestCase):
"homeDirectory": [ "homeDirectory": [
f"/home/{embedded_account.username}", f"/home/{embedded_account.username}",
], ],
# Old fields for backwards compatibility
"goauthentik.io/ldap/active": ["true"],
"goauthentik.io/ldap/superuser": ["false"],
"goauthentik.io/user/override-ips": ["true"],
"goauthentik.io/user/service-account": ["true"],
# End old fields
"ak-active": ["true"], "ak-active": ["true"],
"ak-superuser": ["false"], "ak-superuser": ["false"],
"goauthentikio-user-override-ips": ["true"], "goauthentikio-user-override-ips": ["true"],
@ -302,10 +290,6 @@ class TestProviderLDAP(SeleniumTestCase):
"homeDirectory": [ "homeDirectory": [
f"/home/{self.user.username}", f"/home/{self.user.username}",
], ],
# Old fields for backwards compatibility
"goauthentik.io/ldap/active": ["true"],
"goauthentik.io/ldap/superuser": ["true"],
# End old fields
"ak-active": ["true"], "ak-active": ["true"],
"ak-superuser": ["true"], "ak-superuser": ["true"],
"extraAttribute": ["bar"], "extraAttribute": ["bar"],

5
website/docs/providers/ldap/index.md
View File

@ -33,11 +33,6 @@ The following fields are currently sent for users:
- `ak-active`: "true" if the account is active, otherwise "false" - `ak-active`: "true" if the account is active, otherwise "false"
- `ak-superuser`: "true" if the account is part of a group with superuser permissions, otherwise "false" - `ak-superuser`: "true" if the account is part of a group with superuser permissions, otherwise "false"
:::warning
The use of the `goauthentik.io/ldap/active` and `goauthentik.io/ldap/superuser` attributes is deprecated as of authentik 2023.3. They will be removed completely in a future release.
Use the replacements fields above instead.
:::
The following fields are current set for groups: The following fields are current set for groups:
- `cn`: The group's name - `cn`: The group's name

40
website/docs/releases/2023/v2023.5.md Normal file
View File

@ -0,0 +1,40 @@
---
title: Release 2023.5
slug: "/releases/2023.5"
---
## Breaking changes
- Removal of deprecated LDAP fields
This version removes the deprecated LDAP fields `goauthentik.io/ldap/active` and `goauthentik.io/ldap/superuser`.
Additionally, any custom fields based on user attributes will only be represented with their sanitized key, removing any slashes with dashes, and removing periods.
## New features
## Upgrading
This release does not introduce any new requirements.
### docker-compose
Download the docker-compose file for 2023.5 from [here](https://goauthentik.io/version/2023.5/docker-compose.yml). Afterwards, simply run `docker-compose up -d`.
### Kubernetes
Update your values to use the new images:
```yaml
image:
repository: ghcr.io/goauthentik/server
tag: 2023.5.0
```
## Minor changes/fixes
_Insert the output of `make gen-changelog` here_
## API Changes
_Insert output of `make gen-diff` here_