providers/ldap: Improve compatibility with LDAP clients (#4750)

* Fixed invalid LDAP attributes by replacing '.'s and '/'s with '-' * Leave old fields for now for backward compatibility * Add forgotten depreceated field * Fix tests * Fix tests * use shorter attribute names Signed-off-by: Jens Langhammer <jens@goauthentik.io> * sanitize attributes Signed-off-by: Jens Langhammer <jens@goauthentik.io> * keep both sanitized and unsanitized user fields Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add sanitized fields to test Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-02-22 15:18:22 +02:00
parent 75866406dc
commit 51c6a14786
6 changed files with 86 additions and 39 deletions
--- a/internal/outpost/ldap/utils/utils.go
+++ b/internal/outpost/ldap/utils/utils.go
@ -9,6 +9,14 @@ import (
 	ldapConstants "goauthentik.io/internal/outpost/ldap/constants"
 )

+func AttributeKeySanitize(key string) string {
+	return strings.ReplaceAll(
+		strings.ReplaceAll(key, "/", "-"),
+		".",
+		"",
+	)
+}
+
 func stringify(in interface{}) *string {
 	switch t := in.(type) {
 	case string:
@ -36,13 +44,16 @@ func stringify(in interface{}) *string {
 	}
 }

-func AKAttrsToLDAP(attrs map[string]interface{}) []*ldap.EntryAttribute {
+func AttributesToLDAP(attrs map[string]interface{}, sanitize bool) []*ldap.EntryAttribute {
 	attrList := []*ldap.EntryAttribute{}
 	if attrs == nil {
 		return attrList
 	}
 	for attrKey, attrValue := range attrs {
 		entry := &ldap.EntryAttribute{Name: attrKey}
+		if sanitize {
+			entry.Name = AttributeKeySanitize(attrKey)
+		}
 		switch t := attrValue.(type) {
 		case []string:
 			entry.Values = t