providers/ldap: rework Schema and DSE (#5838)
* rework Root DSE Signed-off-by: Jens Langhammer <jens@goauthentik.io> * always parse filter objectClass Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start adding LDAP Schema Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add more schema Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update schema more Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix cn for schema Signed-off-by: Jens Langhammer <jens@goauthentik.io> * only include main DN in namingContexts Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use schema from gh Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add description Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add response filtering Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix response filtering Signed-off-by: Jens Langhammer <jens@goauthentik.io> * don't return rootDSE entry when searching for singleLevel Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove currentTime Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix attribute filtering Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * set SINGLE-VALUE Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix numbers Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Jens L
@ -238,88 +238,82 @@ class TestProviderLDAP(SeleniumTestCase):
|
||||
{
|
||||
"dn": f"cn={o_user.username},ou=users,dc=ldap,dc=goauthentik,dc=io",
|
||||
"attributes": {
|
||||
"cn": [o_user.username],
|
||||
"sAMAccountName": [o_user.username],
|
||||
"uid": [o_user.uid],
|
||||
"name": [o_user.name],
|
||||
"displayName": [o_user.name],
|
||||
"sn": [o_user.name],
|
||||
"mail": [""],
|
||||
"cn": o_user.username,
|
||||
"sAMAccountName": o_user.username,
|
||||
"uid": o_user.uid,
|
||||
"name": o_user.name,
|
||||
"displayName": o_user.name,
|
||||
"sn": o_user.name,
|
||||
"mail": "",
|
||||
"objectClass": [
|
||||
"user",
|
||||
"organizationalPerson",
|
||||
"inetOrgPerson",
|
||||
"goauthentik.io/ldap/user",
|
||||
],
|
||||
"uidNumber": [str(2000 + o_user.pk)],
|
||||
"gidNumber": [str(2000 + o_user.pk)],
|
||||
"uidNumber": 2000 + o_user.pk,
|
||||
"gidNumber": 2000 + o_user.pk,
|
||||
"memberOf": [],
|
||||
"homeDirectory": [
|
||||
f"/home/{o_user.username}",
|
||||
],
|
||||
"ak-active": ["true"],
|
||||
"ak-superuser": ["false"],
|
||||
"goauthentikio-user-override-ips": ["true"],
|
||||
"goauthentikio-user-service-account": ["true"],
|
||||
"homeDirectory": f"/home/{o_user.username}",
|
||||
"ak-active": True,
|
||||
"ak-superuser": False,
|
||||
"goauthentikio-user-override-ips": True,
|
||||
"goauthentikio-user-service-account": True,
|
||||
},
|
||||
"type": "searchResEntry",
|
||||
},
|
||||
{
|
||||
"dn": f"cn={embedded_account.username},ou=users,dc=ldap,dc=goauthentik,dc=io",
|
||||
"attributes": {
|
||||
"cn": [embedded_account.username],
|
||||
"sAMAccountName": [embedded_account.username],
|
||||
"uid": [embedded_account.uid],
|
||||
"name": [embedded_account.name],
|
||||
"displayName": [embedded_account.name],
|
||||
"sn": [embedded_account.name],
|
||||
"mail": [""],
|
||||
"cn": embedded_account.username,
|
||||
"sAMAccountName": embedded_account.username,
|
||||
"uid": embedded_account.uid,
|
||||
"name": embedded_account.name,
|
||||
"displayName": embedded_account.name,
|
||||
"sn": embedded_account.name,
|
||||
"mail": "",
|
||||
"objectClass": [
|
||||
"user",
|
||||
"organizationalPerson",
|
||||
"inetOrgPerson",
|
||||
"goauthentik.io/ldap/user",
|
||||
],
|
||||
"uidNumber": [str(2000 + embedded_account.pk)],
|
||||
"gidNumber": [str(2000 + embedded_account.pk)],
|
||||
"uidNumber": 2000 + embedded_account.pk,
|
||||
"gidNumber": 2000 + embedded_account.pk,
|
||||
"memberOf": [],
|
||||
"homeDirectory": [
|
||||
f"/home/{embedded_account.username}",
|
||||
],
|
||||
"ak-active": ["true"],
|
||||
"ak-superuser": ["false"],
|
||||
"goauthentikio-user-override-ips": ["true"],
|
||||
"goauthentikio-user-service-account": ["true"],
|
||||
"homeDirectory": f"/home/{embedded_account.username}",
|
||||
"ak-active": True,
|
||||
"ak-superuser": False,
|
||||
"goauthentikio-user-override-ips": True,
|
||||
"goauthentikio-user-service-account": True,
|
||||
},
|
||||
"type": "searchResEntry",
|
||||
},
|
||||
{
|
||||
"dn": f"cn={self.user.username},ou=users,dc=ldap,dc=goauthentik,dc=io",
|
||||
"attributes": {
|
||||
"cn": [self.user.username],
|
||||
"sAMAccountName": [self.user.username],
|
||||
"uid": [self.user.uid],
|
||||
"name": [self.user.name],
|
||||
"displayName": [self.user.name],
|
||||
"sn": [self.user.name],
|
||||
"mail": [self.user.email],
|
||||
"cn": self.user.username,
|
||||
"sAMAccountName": self.user.username,
|
||||
"uid": self.user.uid,
|
||||
"name": self.user.name,
|
||||
"displayName": self.user.name,
|
||||
"sn": self.user.name,
|
||||
"mail": self.user.email,
|
||||
"objectClass": [
|
||||
"user",
|
||||
"organizationalPerson",
|
||||
"inetOrgPerson",
|
||||
"goauthentik.io/ldap/user",
|
||||
],
|
||||
"uidNumber": [str(2000 + self.user.pk)],
|
||||
"gidNumber": [str(2000 + self.user.pk)],
|
||||
"uidNumber": 2000 + self.user.pk,
|
||||
"gidNumber": 2000 + self.user.pk,
|
||||
"memberOf": [
|
||||
f"cn={group.name},ou=groups,dc=ldap,dc=goauthentik,dc=io"
|
||||
for group in self.user.ak_groups.all()
|
||||
],
|
||||
"homeDirectory": [
|
||||
f"/home/{self.user.username}",
|
||||
],
|
||||
"ak-active": ["true"],
|
||||
"ak-superuser": ["true"],
|
||||
"homeDirectory": f"/home/{self.user.username}",
|
||||
"ak-active": True,
|
||||
"ak-superuser": True,
|
||||
"extraAttribute": ["bar"],
|
||||
},
|
||||
"type": "searchResEntry",
|
||||
|
||||
Reference in New Issue
Block a user