This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.
authentik/blueprints/system/sources-ldap.yaml
Jens L 90aa5409cd
sources/ldap: add default property mapping to mirror directory structure (#6990)
* sources/ldap: add default property mapping to mirror directory structure

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* adjust name

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-09-26 18:55:33 +02:00

94 lines
3.2 KiB
YAML

version: 1
metadata:
labels:
blueprints.goauthentik.io/system: "true"
name: System - LDAP Source - Mappings
entries:
- identifiers:
managed: goauthentik.io/sources/ldap/default-dn-path
model: authentik_sources_ldap.ldappropertymapping
attrs:
name: "authentik default LDAP Mapping: DN to User Path"
object_field: "path"
expression: |
dn = ldap.get("distinguishedName")
path_elements = []
for pair in dn.split(","):
attr, _, value = pair.partition("=")
# Ignore elements from the Root DSE and the canonical name of the object
if attr.lower() in ["cn", "dc"]:
continue
path_elements.append(value)
path_elements.reverse()
path = source.get_user_path()
if len(path_elements) > 0:
path = f"{path}/{'/'.join(path_elements)}"
return path
- identifiers:
managed: goauthentik.io/sources/ldap/default-name
model: authentik_sources_ldap.ldappropertymapping
attrs:
name: "authentik default LDAP Mapping: Name"
object_field: "name"
expression: |
return ldap.get('name')
- identifiers:
managed: goauthentik.io/sources/ldap/default-mail
model: authentik_sources_ldap.ldappropertymapping
attrs:
name: "authentik default LDAP Mapping: mail"
object_field: "email"
expression: |
return ldap.get('mail')
# ActiveDirectory-specific mappings
- identifiers:
managed: goauthentik.io/sources/ldap/ms-samaccountname
model: authentik_sources_ldap.ldappropertymapping
attrs:
name: "authentik default Active Directory Mapping: sAMAccountName"
object_field: "username"
expression: |
return ldap.get('sAMAccountName')
- identifiers:
managed: goauthentik.io/sources/ldap/ms-userprincipalname
model: authentik_sources_ldap.ldappropertymapping
attrs:
name: "authentik default Active Directory Mapping: userPrincipalName"
object_field: "attributes.upn"
expression: |
return list_flatten(ldap.get('userPrincipalName'))
- identifiers:
managed: goauthentik.io/sources/ldap/ms-givenName
model: authentik_sources_ldap.ldappropertymapping
attrs:
name: "authentik default Active Directory Mapping: givenName"
object_field: "attributes.givenName"
expression: |
return list_flatten(ldap.get('givenName'))
- identifiers:
managed: goauthentik.io/sources/ldap/ms-sn
model: authentik_sources_ldap.ldappropertymapping
attrs:
name: "authentik default Active Directory Mapping: sn"
object_field: "attributes.sn"
expression: |
return list_flatten(ldap.get('sn'))
# OpenLDAP specific mappings
- identifiers:
managed: goauthentik.io/sources/ldap/openldap-uid
model: authentik_sources_ldap.ldappropertymapping
attrs:
name: "authentik default OpenLDAP Mapping: uid"
object_field: "username"
expression: |
return ldap.get('uid')
- identifiers:
managed: goauthentik.io/sources/ldap/openldap-cn
model: authentik_sources_ldap.ldappropertymapping
attrs:
name: "authentik default OpenLDAP Mapping: cn"
object_field: "name"
expression: |
return ldap.get('cn')