providers/ldap: memory Query (#1681)

* outposts/ldap: modularise ldap outpost, to allow different searchers and binders Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts/ldap: add basic in-memory searcher Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/ldap: add search mode field Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outpost: add search mode field Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-05 10:37:30 +01:00
parent 8de13d3f67
commit 5a8c66d325
37 changed files with 1293 additions and 639 deletions
--- a/internal/outpost/ldap/search.go
+++ b/internal/outpost/ldap/search.go
@ -1,47 +1,21 @@
 package ldap

 import (
-	"context"
 	"errors"
 	"net"
-	"strings"

 	"github.com/getsentry/sentry-go"
 	goldap "github.com/go-ldap/ldap/v3"
-	"github.com/google/uuid"
 	"github.com/nmcclain/ldap"
 	"github.com/prometheus/client_golang/prometheus"
 	log "github.com/sirupsen/logrus"
 	"goauthentik.io/internal/outpost/ldap/metrics"
+	"goauthentik.io/internal/outpost/ldap/search"
 	"goauthentik.io/internal/utils"
 )

-type SearchRequest struct {
-	ldap.SearchRequest
-	BindDN string
-	id     string
-	conn   net.Conn
-	log    *log.Entry
-	ctx    context.Context
-}
-
 func (ls *LDAPServer) Search(bindDN string, searchReq ldap.SearchRequest, conn net.Conn) (ldap.ServerSearchResult, error) {
-	span := sentry.StartSpan(context.TODO(), "authentik.providers.ldap.search", sentry.TransactionName("authentik.providers.ldap.search"))
-	rid := uuid.New().String()
-	span.SetTag("request_uid", rid)
-	span.SetTag("user.username", bindDN)
-	span.SetTag("ak_filter", searchReq.Filter)
-	span.SetTag("ak_base_dn", searchReq.BaseDN)
-
-	bindDN = strings.ToLower(bindDN)
-	req := SearchRequest{
-		SearchRequest: searchReq,
-		BindDN:        bindDN,
-		conn:          conn,
-		log:           ls.log.WithField("bindDN", bindDN).WithField("requestId", rid).WithField("scope", ldap.ScopeMap[searchReq.Scope]).WithField("client", utils.GetIP(conn.RemoteAddr())).WithField("filter", searchReq.Filter).WithField("baseDN", searchReq.BaseDN),
-		id:            rid,
-		ctx:           span.Context(),
-	}
+	req, span := search.NewRequest(bindDN, searchReq, conn)

 	defer func() {
 		span.Finish()
@ -50,9 +24,9 @@ func (ls *LDAPServer) Search(bindDN string, searchReq ldap.SearchRequest, conn n
 			"type":         "search",
 			"filter":       req.Filter,
 			"dn":           req.BindDN,
-			"client":       utils.GetIP(req.conn.RemoteAddr()),
+			"client":       utils.GetIP(conn.RemoteAddr()),
 		}).Observe(float64(span.EndTime.Sub(span.StartTime)))
-		req.log.WithField("took-ms", span.EndTime.Sub(span.StartTime).Milliseconds()).Info("Search request")
+		req.Log().WithField("took-ms", span.EndTime.Sub(span.StartTime).Milliseconds()).Info("Search request")
 	}()

 	defer func() {
@ -69,13 +43,13 @@ func (ls *LDAPServer) Search(bindDN string, searchReq ldap.SearchRequest, conn n
 	}
 	bd, err := goldap.ParseDN(searchReq.BaseDN)
 	if err != nil {
-		req.log.WithError(err).Info("failed to parse basedn")
+		req.Log().WithError(err).Info("failed to parse basedn")
 		return ldap.ServerSearchResult{ResultCode: ldap.LDAPResultOperationsError}, errors.New("invalid DN")
 	}
 	for _, provider := range ls.providers {
 		providerBase, _ := goldap.ParseDN(provider.BaseDN)
 		if providerBase.AncestorOf(bd) || providerBase.Equal(bd) {
-			return provider.Search(req)
+			return provider.searcher.Search(req)
 		}
 	}
 	return ldap.ServerSearchResult{ResultCode: ldap.LDAPResultOperationsError}, errors.New("no provider could handle request")