5a8c66d325
* outposts/ldap: modularise ldap outpost, to allow different searchers and binders Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts/ldap: add basic in-memory searcher Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/ldap: add search mode field Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outpost: add search mode field Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
40 lines
1.4 KiB
Go
40 lines
1.4 KiB
Go
package ldap
|
|
|
|
import (
|
|
"github.com/nmcclain/ldap"
|
|
"goauthentik.io/api"
|
|
"goauthentik.io/internal/outpost/ldap/constants"
|
|
"goauthentik.io/internal/outpost/ldap/group"
|
|
"goauthentik.io/internal/outpost/ldap/utils"
|
|
)
|
|
|
|
func (pi *ProviderInstance) UserEntry(u api.User) *ldap.Entry {
|
|
dn := pi.GetUserDN(u.Username)
|
|
attrs := utils.AKAttrsToLDAP(u.Attributes)
|
|
|
|
attrs = utils.EnsureAttributes(attrs, map[string][]string{
|
|
"memberOf": pi.GroupsForUser(u),
|
|
// Old fields for backwards compatibility
|
|
"accountStatus": {utils.BoolToString(*u.IsActive)},
|
|
"superuser": {utils.BoolToString(u.IsSuperuser)},
|
|
// End old fields
|
|
"goauthentik.io/ldap/active": {utils.BoolToString(*u.IsActive)},
|
|
"goauthentik.io/ldap/superuser": {utils.BoolToString(u.IsSuperuser)},
|
|
"cn": {u.Username},
|
|
"sAMAccountName": {u.Username},
|
|
"uid": {u.Uid},
|
|
"name": {u.Name},
|
|
"displayName": {u.Name},
|
|
"mail": {*u.Email},
|
|
"objectClass": {constants.OCUser, constants.OCOrgPerson, constants.OCInetOrgPerson, constants.OCAKUser},
|
|
"uidNumber": {pi.GetUidNumber(u)},
|
|
"gidNumber": {pi.GetUidNumber(u)},
|
|
})
|
|
return &ldap.Entry{DN: dn, Attributes: attrs}
|
|
}
|
|
|
|
func (pi *ProviderInstance) GroupEntry(g group.LDAPGroup) *ldap.Entry {
|
|
// TODO: Remove
|
|
return g.Entry()
|
|
}
|