providers/ldap: rework Schema and DSE (#5838)

* rework Root DSE Signed-off-by: Jens Langhammer <jens@goauthentik.io> * always parse filter objectClass Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start adding LDAP Schema Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add more schema Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update schema more Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix cn for schema Signed-off-by: Jens Langhammer <jens@goauthentik.io> * only include main DN in namingContexts Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use schema from gh Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add description Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add response filtering Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix response filtering Signed-off-by: Jens Langhammer <jens@goauthentik.io> * don't return rootDSE entry when searching for singleLevel Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove currentTime Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix attribute filtering Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * set SINGLE-VALUE Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix numbers Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-06-08 15:16:40 +02:00
parent bf1a363124
commit 54ef88a6fa
13 changed files with 369 additions and 188 deletions
--- a/internal/outpost/ldap/search/direct/base.go
+++ b/internal/outpost/ldap/search/direct/base.go
@ -2,40 +2,51 @@ package direct

 import (
 	"fmt"
+	"strings"

 	"beryju.io/ldap"
 	"goauthentik.io/internal/constants"
+	ldapConstants "goauthentik.io/internal/outpost/ldap/constants"
 	"goauthentik.io/internal/outpost/ldap/search"
 )

-func (ds *DirectSearcher) SearchBase(req *search.Request, authz bool) (ldap.ServerSearchResult, error) {
-	dn := ""
-	if authz {
-		dn = req.SearchRequest.BaseDN
+func (ds *DirectSearcher) SearchBase(req *search.Request) (ldap.ServerSearchResult, error) {
+	if req.Scope == ldap.ScopeSingleLevel {
+		return ldap.ServerSearchResult{
+			ResultCode: ldap.LDAPResultNoSuchObject,
+		}, nil
 	}
 	return ldap.ServerSearchResult{
 		Entries: []*ldap.Entry{
 			{
-				DN: dn,
+				DN: "",
 				Attributes: []*ldap.EntryAttribute{
 					{
-						Name:   "distinguishedName",
-						Values: []string{ds.si.GetBaseDN()},
+						Name:   "objectClass",
+						Values: []string{ldapConstants.OCTop},
 					},
 					{
-						Name:   "objectClass",
-						Values: []string{"top", "domain"},
+						Name:   "entryDN",
+						Values: []string{""},
 					},
 					{
 						Name:   "supportedLDAPVersion",
 						Values: []string{"3"},
 					},
+					{
+						Name:   "subschemaSubentry",
+						Values: []string{"cn=subschema"},
+					},
 					{
 						Name: "namingContexts",
 						Values: []string{
-							ds.si.GetBaseDN(),
-							ds.si.GetBaseUserDN(),
-							ds.si.GetBaseGroupDN(),
+							strings.ToLower(ds.si.GetBaseDN()),
+						},
+					},
+					{
+						Name: "rootDomainNamingContext",
+						Values: []string{
+							strings.ToLower(ds.si.GetBaseDN()),
 						},
 					},
 					{