providers/ldap: Improve compatibility with LDAP clients (#4750)

* Fixed invalid LDAP attributes by replacing '.'s and '/'s with '-' * Leave old fields for now for backward compatibility * Add forgotten depreceated field * Fix tests * Fix tests * use shorter attribute names Signed-off-by: Jens Langhammer <jens@goauthentik.io> * sanitize attributes Signed-off-by: Jens Langhammer <jens@goauthentik.io> * keep both sanitized and unsanitized user fields Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add sanitized fields to test Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-02-22 15:18:22 +02:00
parent 75866406dc
commit 51c6a14786
6 changed files with 86 additions and 39 deletions
--- a/internal/outpost/ldap/utils/utils_test.go
+++ b/internal/outpost/ldap/utils/utils_test.go
@ -19,16 +19,16 @@ func TestAKAttrsToLDAP_String(t *testing.T) {
 	u.Attributes = map[string]interface{}{
 		"foo": "bar",
 	}
-	assert.Equal(t, 1, len(AKAttrsToLDAP(u.Attributes)))
-	assert.Equal(t, "foo", AKAttrsToLDAP(u.Attributes)[0].Name)
-	assert.Equal(t, []string{"bar"}, AKAttrsToLDAP(u.Attributes)[0].Values)
+	assert.Equal(t, 1, len(AttributesToLDAP(u.Attributes, true)))
+	assert.Equal(t, "foo", AttributesToLDAP(u.Attributes, true)[0].Name)
+	assert.Equal(t, []string{"bar"}, AttributesToLDAP(u.Attributes, true)[0].Values)
 	// pointer string
 	u.Attributes = map[string]interface{}{
 		"foo": api.PtrString("bar"),
 	}
-	assert.Equal(t, 1, len(AKAttrsToLDAP(u.Attributes)))
-	assert.Equal(t, "foo", AKAttrsToLDAP(u.Attributes)[0].Name)
-	assert.Equal(t, []string{"bar"}, AKAttrsToLDAP(u.Attributes)[0].Values)
+	assert.Equal(t, 1, len(AttributesToLDAP(u.Attributes, true)))
+	assert.Equal(t, "foo", AttributesToLDAP(u.Attributes, true)[0].Name)
+	assert.Equal(t, []string{"bar"}, AttributesToLDAP(u.Attributes, true)[0].Values)
 }

 func TestAKAttrsToLDAP_String_List(t *testing.T) {
@ -37,16 +37,16 @@ func TestAKAttrsToLDAP_String_List(t *testing.T) {
 	u.Attributes = map[string]interface{}{
 		"foo": []string{"bar"},
 	}
-	assert.Equal(t, 1, len(AKAttrsToLDAP(u.Attributes)))
-	assert.Equal(t, "foo", AKAttrsToLDAP(u.Attributes)[0].Name)
-	assert.Equal(t, []string{"bar"}, AKAttrsToLDAP(u.Attributes)[0].Values)
+	assert.Equal(t, 1, len(AttributesToLDAP(u.Attributes, true)))
+	assert.Equal(t, "foo", AttributesToLDAP(u.Attributes, true)[0].Name)
+	assert.Equal(t, []string{"bar"}, AttributesToLDAP(u.Attributes, true)[0].Values)
 	// pointer string list
 	u.Attributes = map[string]interface{}{
 		"foo": &[]string{"bar"},
 	}
-	assert.Equal(t, 1, len(AKAttrsToLDAP(u.Attributes)))
-	assert.Equal(t, "foo", AKAttrsToLDAP(u.Attributes)[0].Name)
-	assert.Equal(t, []string{"bar"}, AKAttrsToLDAP(u.Attributes)[0].Values)
+	assert.Equal(t, 1, len(AttributesToLDAP(u.Attributes, true)))
+	assert.Equal(t, "foo", AttributesToLDAP(u.Attributes, true)[0].Name)
+	assert.Equal(t, []string{"bar"}, AttributesToLDAP(u.Attributes, true)[0].Values)
 }

 func TestAKAttrsToLDAP_Dict(t *testing.T) {
@ -56,9 +56,9 @@ func TestAKAttrsToLDAP_Dict(t *testing.T) {
 			"foo": "bar",
 		},
 	}
-	assert.Equal(t, 1, len(AKAttrsToLDAP(d)))
-	assert.Equal(t, "foo", AKAttrsToLDAP(d)[0].Name)
-	assert.Equal(t, []string{"map[foo:bar]"}, AKAttrsToLDAP(d)[0].Values)
+	assert.Equal(t, 1, len(AttributesToLDAP(d, true)))
+	assert.Equal(t, "foo", AttributesToLDAP(d, true)[0].Name)
+	assert.Equal(t, []string{"map[foo:bar]"}, AttributesToLDAP(d, true)[0].Values)
 }

 func TestAKAttrsToLDAP_Mixed(t *testing.T) {
@ -69,7 +69,7 @@ func TestAKAttrsToLDAP_Mixed(t *testing.T) {
 			6,
 		},
 	}
-	assert.Equal(t, 1, len(AKAttrsToLDAP(d)))
-	assert.Equal(t, "foo", AKAttrsToLDAP(d)[0].Name)
-	assert.Equal(t, []string{"foo", "6"}, AKAttrsToLDAP(d)[0].Values)
+	assert.Equal(t, 1, len(AttributesToLDAP(d, true)))
+	assert.Equal(t, "foo", AttributesToLDAP(d, true)[0].Name)
+	assert.Equal(t, []string{"foo", "6"}, AttributesToLDAP(d, true)[0].Values)
 }