LDAP Provider: TLS support (#1137)

outpost/pkg/ldap/utils.go

@@ -2,8 +2,10 @@ package ldap
 
 import (
 	"fmt"
+	"reflect"
 
 	"github.com/nmcclain/ldap"
+	log "github.com/sirupsen/logrus"
 	"goauthentik.io/outpost/api"
 )
 
@@ -14,6 +16,24 @@ func BoolToString(in bool) string {
 	return "false"
 }
 
+func ldapResolveTypeSingle(in interface{}) *string {
+	switch t := in.(type) {
+	case string:
+		return &t
+	case *string:
+		return t
+	case bool:
+		s := BoolToString(t)
+		return &s
+	case *bool:
+		s := BoolToString(*t)
+		return &s
+	default:
+		log.WithField("type", reflect.TypeOf(in).String()).Warning("Type can't be mapped to LDAP yet")
+		return nil
+	}
+}
+
 func AKAttrsToLDAP(attrs interface{}) []*ldap.EntryAttribute {
 	attrList := []*ldap.EntryAttribute{}
 	a := attrs.(*map[string]interface{})
@@ -22,10 +42,19 @@ func AKAttrsToLDAP(attrs interface{}) []*ldap.EntryAttribute {
 		switch t := attrValue.(type) {
 		case []string:
 			entry.Values = t
-		case string:
-			entry.Values = []string{t}
-		case bool:
-			entry.Values = []string{BoolToString(t)}
+		case *[]string:
+			entry.Values = *t
+		case []interface{}:
+			entry.Values = make([]string, len(t))
+			for idx, v := range t {
+				v := ldapResolveTypeSingle(v)
+				entry.Values[idx] = *v
+			}
+		default:
+			v := ldapResolveTypeSingle(t)
+			if v != nil {
+				entry.Values = []string{*v}
+			}
 		}
 		attrList = append(attrList, entry)
 	}
@@ -40,6 +69,18 @@ func (pi *ProviderInstance) GroupsForUser(user api.User) []string {
 	return groups
 }
 
+func (pi *ProviderInstance) UsersForGroup(group api.Group) []string {
+	users := make([]string, len(group.UsersObj))
+	for i, user := range group.UsersObj {
+		users[i] = pi.GetUserDN(user.Username)
+	}
+	return users
+}
+
+func (pi *ProviderInstance) GetUserDN(user string) string {
+	return fmt.Sprintf("cn=%s,%s", user, pi.UserDN)
+}
+
 func (pi *ProviderInstance) GetGroupDN(group api.Group) string {
 	return fmt.Sprintf("cn=%s,%s", group.Name, pi.GroupDN)
 }