outposts/ldap: allow custom attributes to shadow built-in attributes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer
@ -181,99 +181,45 @@ func (pi *ProviderInstance) Search(req SearchRequest) (ldap.ServerSearchResult,
|
||||
}
|
||||
|
||||
func (pi *ProviderInstance) UserEntry(u api.User) *ldap.Entry {
|
||||
attrs := []*ldap.EntryAttribute{
|
||||
{
|
||||
Name: "cn",
|
||||
Values: []string{u.Username},
|
||||
},
|
||||
{
|
||||
Name: "sAMAccountName",
|
||||
Values: []string{u.Username},
|
||||
},
|
||||
{
|
||||
Name: "uid",
|
||||
Values: []string{u.Uid},
|
||||
},
|
||||
{
|
||||
Name: "name",
|
||||
Values: []string{u.Name},
|
||||
},
|
||||
{
|
||||
Name: "displayName",
|
||||
Values: []string{u.Name},
|
||||
},
|
||||
{
|
||||
Name: "mail",
|
||||
Values: []string{*u.Email},
|
||||
},
|
||||
{
|
||||
Name: "objectClass",
|
||||
Values: []string{UserObjectClass, "organizationalPerson", "goauthentik.io/ldap/user"},
|
||||
},
|
||||
{
|
||||
Name: "uidNumber",
|
||||
Values: []string{pi.GetUidNumber(u)},
|
||||
},
|
||||
{
|
||||
Name: "gidNumber",
|
||||
Values: []string{pi.GetUidNumber(u)},
|
||||
},
|
||||
}
|
||||
|
||||
attrs = append(attrs, &ldap.EntryAttribute{Name: "memberOf", Values: pi.GroupsForUser(u)})
|
||||
|
||||
// Old fields for backwards compatibility
|
||||
attrs = append(attrs, &ldap.EntryAttribute{Name: "accountStatus", Values: []string{BoolToString(*u.IsActive)}})
|
||||
attrs = append(attrs, &ldap.EntryAttribute{Name: "superuser", Values: []string{BoolToString(u.IsSuperuser)}})
|
||||
|
||||
attrs = append(attrs, &ldap.EntryAttribute{Name: "goauthentik.io/ldap/active", Values: []string{BoolToString(*u.IsActive)}})
|
||||
attrs = append(attrs, &ldap.EntryAttribute{Name: "goauthentik.io/ldap/superuser", Values: []string{BoolToString(u.IsSuperuser)}})
|
||||
|
||||
attrs = append(attrs, AKAttrsToLDAP(u.Attributes)...)
|
||||
|
||||
dn := pi.GetUserDN(u.Username)
|
||||
attrs := AKAttrsToLDAP(u.Attributes)
|
||||
|
||||
attrs = pi.ensureAttributes(attrs, map[string][]string{
|
||||
"memberOf": pi.GroupsForUser(u),
|
||||
// Old fields for backwards compatibility
|
||||
"accountStatus": {BoolToString(*u.IsActive)},
|
||||
"superuser": {BoolToString(u.IsSuperuser)},
|
||||
"goauthentik.io/ldap/active": {BoolToString(*u.IsActive)},
|
||||
"goauthentik.io/ldap/superuser": {BoolToString(u.IsSuperuser)},
|
||||
"cn": {u.Username},
|
||||
"sAMAccountName": {u.Username},
|
||||
"uid": {u.Uid},
|
||||
"name": {u.Name},
|
||||
"displayName": {u.Name},
|
||||
"mail": {*u.Email},
|
||||
"objectClass": {UserObjectClass, "organizationalPerson", "goauthentik.io/ldap/user"},
|
||||
"uidNumber": {pi.GetUidNumber(u)},
|
||||
"gidNumber": {pi.GetUidNumber(u)},
|
||||
})
|
||||
return &ldap.Entry{DN: dn, Attributes: attrs}
|
||||
}
|
||||
|
||||
func (pi *ProviderInstance) GroupEntry(g LDAPGroup) *ldap.Entry {
|
||||
attrs := []*ldap.EntryAttribute{
|
||||
{
|
||||
Name: "cn",
|
||||
Values: []string{g.cn},
|
||||
},
|
||||
{
|
||||
Name: "uid",
|
||||
Values: []string{g.uid},
|
||||
},
|
||||
{
|
||||
Name: "sAMAccountName",
|
||||
Values: []string{g.cn},
|
||||
},
|
||||
{
|
||||
Name: "gidNumber",
|
||||
Values: []string{g.gidNumber},
|
||||
},
|
||||
}
|
||||
attrs := AKAttrsToLDAP(g.akAttributes)
|
||||
|
||||
objectClass := []string{GroupObjectClass, "goauthentik.io/ldap/group"}
|
||||
if g.isVirtualGroup {
|
||||
attrs = append(attrs, &ldap.EntryAttribute{
|
||||
Name: "objectClass",
|
||||
Values: []string{GroupObjectClass, "goauthentik.io/ldap/group", "goauthentik.io/ldap/virtual-group"},
|
||||
})
|
||||
} else {
|
||||
attrs = append(attrs, &ldap.EntryAttribute{
|
||||
Name: "objectClass",
|
||||
Values: []string{GroupObjectClass, "goauthentik.io/ldap/group"},
|
||||
})
|
||||
}
|
||||
|
||||
attrs = append(attrs, &ldap.EntryAttribute{Name: "member", Values: g.member})
|
||||
attrs = append(attrs, &ldap.EntryAttribute{Name: "goauthentik.io/ldap/superuser", Values: []string{BoolToString(g.isSuperuser)}})
|
||||
|
||||
if g.akAttributes != nil {
|
||||
attrs = append(attrs, AKAttrsToLDAP(g.akAttributes)...)
|
||||
objectClass = []string{GroupObjectClass, "goauthentik.io/ldap/group", "goauthentik.io/ldap/virtual-group"}
|
||||
}
|
||||
|
||||
attrs = pi.ensureAttributes(attrs, map[string][]string{
|
||||
"objectClass": objectClass,
|
||||
"member": g.member,
|
||||
"goauthentik.io/ldap/superuser": {BoolToString(g.isSuperuser)},
|
||||
"cn": {g.cn},
|
||||
"uid": {g.uid},
|
||||
"sAMAccountName": {g.cn},
|
||||
"gidNumber": {g.gidNumber},
|
||||
})
|
||||
return &ldap.Entry{DN: g.dn, Attributes: attrs}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user