From 408fa926b384693b78d254224664ef9816afb0d8 Mon Sep 17 00:00:00 2001
From: "Jens L." <jens@goauthentik.io>
Date: Wed, 11 Sep 2024 13:34:51 +0200
Subject: [PATCH] sources/ldap: fix missing search attribute (#11125)

* unrelated

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* sources/ldap: fix ldap sync not requesting uniqueness attribute

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* check object_uniqueness_field for none

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---
 authentik/enterprise/signals.py                        |  8 +++++++-
 authentik/sources/ldap/sync/groups.py                  | 10 +++++++---
 authentik/sources/ldap/sync/users.py                   | 10 +++++++---
 .../commit/ak-application-wizard-commit-application.ts |  2 +-
 4 files changed, 22 insertions(+), 8 deletions(-)

diff --git a/authentik/enterprise/signals.py b/authentik/enterprise/signals.py
index c921f49466..4fb11d4841 100644
--- a/authentik/enterprise/signals.py
+++ b/authentik/enterprise/signals.py
@@ -3,7 +3,7 @@
 from datetime import datetime
 
 from django.core.cache import cache
-from django.db.models.signals import post_save, pre_save
+from django.db.models.signals import post_delete, post_save, pre_save
 from django.dispatch import receiver
 from django.utils.timezone import get_current_timezone
 
@@ -27,3 +27,9 @@ def post_save_license(sender: type[License], instance: License, **_):
     """Trigger license usage calculation when license is saved"""
     cache.delete(CACHE_KEY_ENTERPRISE_LICENSE)
     enterprise_update_usage.delay()
+
+
+@receiver(post_delete, sender=License)
+def post_delete_license(sender: type[License], instance: License, **_):
+    """Clear license cache when license is deleted"""
+    cache.delete(CACHE_KEY_ENTERPRISE_LICENSE)
diff --git a/authentik/sources/ldap/sync/groups.py b/authentik/sources/ldap/sync/groups.py
index 69b81ef5c2..ae972b6053 100644
--- a/authentik/sources/ldap/sync/groups.py
+++ b/authentik/sources/ldap/sync/groups.py
@@ -38,7 +38,11 @@ class GroupLDAPSynchronizer(BaseLDAPSynchronizer):
             search_base=self.base_dn_groups,
             search_filter=self._source.group_object_filter,
             search_scope=SUBTREE,
-            attributes=[ALL_ATTRIBUTES, ALL_OPERATIONAL_ATTRIBUTES],
+            attributes=[
+                ALL_ATTRIBUTES,
+                ALL_OPERATIONAL_ATTRIBUTES,
+                self._source.object_uniqueness_field,
+            ],
             **kwargs,
         )
 
@@ -53,9 +57,9 @@ class GroupLDAPSynchronizer(BaseLDAPSynchronizer):
                 continue
             attributes = group.get("attributes", {})
             group_dn = flatten(flatten(group.get("entryDN", group.get("dn"))))
-            if self._source.object_uniqueness_field not in attributes:
+            if not attributes.get(self._source.object_uniqueness_field):
                 self.message(
-                    f"Cannot find uniqueness field in attributes: '{group_dn}'",
+                    f"Uniqueness field not found/not set in attributes: '{group_dn}'",
                     attributes=attributes.keys(),
                     dn=group_dn,
                 )
diff --git a/authentik/sources/ldap/sync/users.py b/authentik/sources/ldap/sync/users.py
index 6cbaec4214..901f161cd3 100644
--- a/authentik/sources/ldap/sync/users.py
+++ b/authentik/sources/ldap/sync/users.py
@@ -40,7 +40,11 @@ class UserLDAPSynchronizer(BaseLDAPSynchronizer):
             search_base=self.base_dn_users,
             search_filter=self._source.user_object_filter,
             search_scope=SUBTREE,
-            attributes=[ALL_ATTRIBUTES, ALL_OPERATIONAL_ATTRIBUTES],
+            attributes=[
+                ALL_ATTRIBUTES,
+                ALL_OPERATIONAL_ATTRIBUTES,
+                self._source.object_uniqueness_field,
+            ],
             **kwargs,
         )
 
@@ -55,9 +59,9 @@ class UserLDAPSynchronizer(BaseLDAPSynchronizer):
                 continue
             attributes = user.get("attributes", {})
             user_dn = flatten(user.get("entryDN", user.get("dn")))
-            if self._source.object_uniqueness_field not in attributes:
+            if not attributes.get(self._source.object_uniqueness_field):
                 self.message(
-                    f"Cannot find uniqueness field in attributes: '{user_dn}'",
+                    f"Uniqueness field not found/not set in attributes: '{user_dn}'",
                     attributes=attributes.keys(),
                     dn=user_dn,
                 )
diff --git a/web/src/admin/applications/wizard/commit/ak-application-wizard-commit-application.ts b/web/src/admin/applications/wizard/commit/ak-application-wizard-commit-application.ts
index bc33225a4d..087d05703a 100644
--- a/web/src/admin/applications/wizard/commit/ak-application-wizard-commit-application.ts
+++ b/web/src/admin/applications/wizard/commit/ak-application-wizard-commit-application.ts
@@ -59,7 +59,7 @@ const runningState: State = {
 };
 const errorState: State = {
     state: "error",
-    label: msg("Authentik was unable to save this application:"),
+    label: msg("authentik was unable to save this application:"),
     icon: ["fa-times-circle", "pf-m-danger"],
 };