providers/ldap: Improve compatibility with LDAP clients (#4750)

* Fixed invalid LDAP attributes by replacing '.'s and '/'s with '-' * Leave old fields for now for backward compatibility * Add forgotten depreceated field * Fix tests * Fix tests * use shorter attribute names Signed-off-by: Jens Langhammer <jens@goauthentik.io> * sanitize attributes Signed-off-by: Jens Langhammer <jens@goauthentik.io> * keep both sanitized and unsanitized user fields Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add sanitized fields to test Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-02-22 15:18:22 +02:00
parent 75866406dc
commit 51c6a14786
6 changed files with 86 additions and 39 deletions
--- a/tests/e2e/test_provider_ldap.py
+++ b/tests/e2e/test_provider_ldap.py
@ -225,10 +225,16 @@ class TestProviderLDAP(SeleniumTestCase):
                        "uidNumber": [str(2000 + o_user.pk)],
                        "gidNumber": [str(2000 + o_user.pk)],
                        "memberOf": [],
+                        # Old fields for backwards compatibility
                        "goauthentik.io/ldap/active": ["true"],
                        "goauthentik.io/ldap/superuser": ["false"],
                        "goauthentik.io/user/override-ips": ["true"],
                        "goauthentik.io/user/service-account": ["true"],
+                        # End old fields
+                        "ak-active": ["true"],
+                        "ak-superuser": ["false"],
+                        "goauthentikio-user-override-ips": ["true"],
+                        "goauthentikio-user-service-account": ["true"],
                    },
                    "type": "searchResEntry",
                },
@ -250,10 +256,16 @@ class TestProviderLDAP(SeleniumTestCase):
                        "uidNumber": [str(2000 + embedded_account.pk)],
                        "gidNumber": [str(2000 + embedded_account.pk)],
                        "memberOf": [],
+                        # Old fields for backwards compatibility
                        "goauthentik.io/ldap/active": ["true"],
                        "goauthentik.io/ldap/superuser": ["false"],
                        "goauthentik.io/user/override-ips": ["true"],
                        "goauthentik.io/user/service-account": ["true"],
+                        # End old fields
+                        "ak-active": ["true"],
+                        "ak-superuser": ["false"],
+                        "goauthentikio-user-override-ips": ["true"],
+                        "goauthentikio-user-service-account": ["true"],
                    },
                    "type": "searchResEntry",
                },
@ -278,8 +290,12 @@ class TestProviderLDAP(SeleniumTestCase):
                            f"cn={group.name},ou=groups,dc=ldap,dc=goauthentik,dc=io"
                            for group in self.user.ak_groups.all()
                        ],
+                        # Old fields for backwards compatibility
                        "goauthentik.io/ldap/active": ["true"],
                        "goauthentik.io/ldap/superuser": ["true"],
+                        # End old fields
+                        "ak-active": ["true"],
+                        "ak-superuser": ["true"],
                        "extraAttribute": ["bar"],
                    },
                    "type": "searchResEntry",