From 7fd35b1dfcf550d414da13cf205d98823c76445b Mon Sep 17 00:00:00 2001 From: Marc 'risson' Schmitt Date: Fri, 11 Apr 2025 14:07:18 +0200 Subject: [PATCH] sources/ldap: add source connections (#13796) --- authentik/sources/ldap/api.py | 35 +- ...urceconnection_userldapsourceconnection.py | 57 ++ authentik/sources/ldap/models.py | 36 +- authentik/sources/ldap/sync/groups.py | 13 +- authentik/sources/ldap/sync/users.py | 13 +- authentik/sources/ldap/urls.py | 9 +- blueprints/schema.json | 199 +++++ schema.yml | 696 ++++++++++++++++++ 8 files changed, 1052 insertions(+), 6 deletions(-) create mode 100644 authentik/sources/ldap/migrations/0008_groupldapsourceconnection_userldapsourceconnection.py diff --git a/authentik/sources/ldap/api.py b/authentik/sources/ldap/api.py index bb04682afa..167bb2059a 100644 --- a/authentik/sources/ldap/api.py +++ b/authentik/sources/ldap/api.py @@ -15,11 +15,22 @@ from rest_framework.response import Response from rest_framework.viewsets import ModelViewSet from authentik.core.api.property_mappings import PropertyMappingFilterSet, PropertyMappingSerializer -from authentik.core.api.sources import SourceSerializer +from authentik.core.api.sources import ( + GroupSourceConnectionSerializer, + GroupSourceConnectionViewSet, + SourceSerializer, + UserSourceConnectionSerializer, + UserSourceConnectionViewSet, +) from authentik.core.api.used_by import UsedByMixin from authentik.crypto.models import CertificateKeyPair from authentik.lib.sync.outgoing.api import SyncStatusSerializer -from authentik.sources.ldap.models import LDAPSource, LDAPSourcePropertyMapping +from authentik.sources.ldap.models import ( + GroupLDAPSourceConnection, + LDAPSource, + LDAPSourcePropertyMapping, + UserLDAPSourceConnection, +) from authentik.sources.ldap.tasks import CACHE_KEY_STATUS, SYNC_CLASSES @@ -221,3 +232,23 @@ class LDAPSourcePropertyMappingViewSet(UsedByMixin, ModelViewSet): filterset_class = LDAPSourcePropertyMappingFilter search_fields = ["name"] ordering = ["name"] + + +class UserLDAPSourceConnectionSerializer(UserSourceConnectionSerializer): + class Meta(UserSourceConnectionSerializer.Meta): + model = UserLDAPSourceConnection + + +class UserLDAPSourceConnectionViewSet(UserSourceConnectionViewSet, ModelViewSet): + queryset = UserLDAPSourceConnection.objects.all() + serializer_class = UserLDAPSourceConnectionSerializer + + +class GroupLDAPSourceConnectionSerializer(GroupSourceConnectionSerializer): + class Meta(GroupSourceConnectionSerializer.Meta): + model = GroupLDAPSourceConnection + + +class GroupLDAPSourceConnectionViewSet(GroupSourceConnectionViewSet, ModelViewSet): + queryset = GroupLDAPSourceConnection.objects.all() + serializer_class = GroupLDAPSourceConnectionSerializer diff --git a/authentik/sources/ldap/migrations/0008_groupldapsourceconnection_userldapsourceconnection.py b/authentik/sources/ldap/migrations/0008_groupldapsourceconnection_userldapsourceconnection.py new file mode 100644 index 0000000000..e07cfb7804 --- /dev/null +++ b/authentik/sources/ldap/migrations/0008_groupldapsourceconnection_userldapsourceconnection.py @@ -0,0 +1,57 @@ +# Generated by Django 5.0.14 on 2025-04-11 11:46 + +import django.db.models.deletion +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ("authentik_core", "0047_delete_oldauthenticatedsession"), + ("authentik_sources_ldap", "0007_ldapsource_lookup_groups_from_user"), + ] + + operations = [ + migrations.CreateModel( + name="GroupLDAPSourceConnection", + fields=[ + ( + "groupsourceconnection_ptr", + models.OneToOneField( + auto_created=True, + on_delete=django.db.models.deletion.CASCADE, + parent_link=True, + primary_key=True, + serialize=False, + to="authentik_core.groupsourceconnection", + ), + ), + ], + options={ + "verbose_name": "Group LDAP Source Connection", + "verbose_name_plural": "Group LDAP Source Connections", + }, + bases=("authentik_core.groupsourceconnection",), + ), + migrations.CreateModel( + name="UserLDAPSourceConnection", + fields=[ + ( + "usersourceconnection_ptr", + models.OneToOneField( + auto_created=True, + on_delete=django.db.models.deletion.CASCADE, + parent_link=True, + primary_key=True, + serialize=False, + to="authentik_core.usersourceconnection", + ), + ), + ], + options={ + "verbose_name": "User LDAP Source Connection", + "verbose_name_plural": "User LDAP Source Connections", + }, + bases=("authentik_core.usersourceconnection",), + ), + ] diff --git a/authentik/sources/ldap/models.py b/authentik/sources/ldap/models.py index 2bfbc03e44..da4e308982 100644 --- a/authentik/sources/ldap/models.py +++ b/authentik/sources/ldap/models.py @@ -15,7 +15,13 @@ from ldap3 import ALL, NONE, RANDOM, Connection, Server, ServerPool, Tls from ldap3.core.exceptions import LDAPException, LDAPInsufficientAccessRightsResult, LDAPSchemaError from rest_framework.serializers import Serializer -from authentik.core.models import Group, PropertyMapping, Source +from authentik.core.models import ( + Group, + GroupSourceConnection, + PropertyMapping, + Source, + UserSourceConnection, +) from authentik.crypto.models import CertificateKeyPair from authentik.lib.config import CONFIG from authentik.lib.models import DomainlessURLValidator @@ -312,3 +318,31 @@ class LDAPSourcePropertyMapping(PropertyMapping): class Meta: verbose_name = _("LDAP Source Property Mapping") verbose_name_plural = _("LDAP Source Property Mappings") + + +class UserLDAPSourceConnection(UserSourceConnection): + @property + def serializer(self) -> type[Serializer]: + from authentik.sources.ldap.api import ( + UserLDAPSourceConnectionSerializer, + ) + + return UserLDAPSourceConnectionSerializer + + class Meta: + verbose_name = _("User LDAP Source Connection") + verbose_name_plural = _("User LDAP Source Connections") + + +class GroupLDAPSourceConnection(GroupSourceConnection): + @property + def serializer(self) -> type[Serializer]: + from authentik.sources.ldap.api import ( + GroupLDAPSourceConnectionSerializer, + ) + + return GroupLDAPSourceConnectionSerializer + + class Meta: + verbose_name = _("Group LDAP Source Connection") + verbose_name_plural = _("Group LDAP Source Connections") diff --git a/authentik/sources/ldap/sync/groups.py b/authentik/sources/ldap/sync/groups.py index ae972b6053..1562d43247 100644 --- a/authentik/sources/ldap/sync/groups.py +++ b/authentik/sources/ldap/sync/groups.py @@ -14,7 +14,12 @@ from authentik.core.models import Group from authentik.core.sources.mapper import SourceMapper from authentik.events.models import Event, EventAction from authentik.lib.sync.outgoing.exceptions import StopSync -from authentik.sources.ldap.models import LDAP_UNIQUENESS, LDAPSource, flatten +from authentik.sources.ldap.models import ( + LDAP_UNIQUENESS, + GroupLDAPSourceConnection, + LDAPSource, + flatten, +) from authentik.sources.ldap.sync.base import BaseLDAPSynchronizer @@ -89,6 +94,12 @@ class GroupLDAPSynchronizer(BaseLDAPSynchronizer): defaults, ) self._logger.debug("Created group with attributes", **defaults) + if not GroupLDAPSourceConnection.objects.filter( + source=self._source, identifier=uniq + ): + GroupLDAPSourceConnection.objects.create( + source=self._source, group=ak_group, identifier=uniq + ) except SkipObjectException: continue except PropertyMappingExpressionException as exc: diff --git a/authentik/sources/ldap/sync/users.py b/authentik/sources/ldap/sync/users.py index 901f161cd3..6bdf66b610 100644 --- a/authentik/sources/ldap/sync/users.py +++ b/authentik/sources/ldap/sync/users.py @@ -14,7 +14,12 @@ from authentik.core.models import User from authentik.core.sources.mapper import SourceMapper from authentik.events.models import Event, EventAction from authentik.lib.sync.outgoing.exceptions import StopSync -from authentik.sources.ldap.models import LDAP_UNIQUENESS, LDAPSource, flatten +from authentik.sources.ldap.models import ( + LDAP_UNIQUENESS, + LDAPSource, + UserLDAPSourceConnection, + flatten, +) from authentik.sources.ldap.sync.base import BaseLDAPSynchronizer from authentik.sources.ldap.sync.vendor.freeipa import FreeIPA from authentik.sources.ldap.sync.vendor.ms_ad import MicrosoftActiveDirectory @@ -85,6 +90,12 @@ class UserLDAPSynchronizer(BaseLDAPSynchronizer): ak_user, created = User.update_or_create_attributes( {f"attributes__{LDAP_UNIQUENESS}": uniq}, defaults ) + if not UserLDAPSourceConnection.objects.filter( + source=self._source, identifier=uniq + ): + UserLDAPSourceConnection.objects.create( + source=self._source, user=ak_user, identifier=uniq + ) except PropertyMappingExpressionException as exc: raise StopSync(exc, None, exc.mapping) from exc except SkipObjectException: diff --git a/authentik/sources/ldap/urls.py b/authentik/sources/ldap/urls.py index 3d8bc26a23..bd5cbcfd3f 100644 --- a/authentik/sources/ldap/urls.py +++ b/authentik/sources/ldap/urls.py @@ -1,8 +1,15 @@ """API URLs""" -from authentik.sources.ldap.api import LDAPSourcePropertyMappingViewSet, LDAPSourceViewSet +from authentik.sources.ldap.api import ( + GroupLDAPSourceConnectionViewSet, + LDAPSourcePropertyMappingViewSet, + LDAPSourceViewSet, + UserLDAPSourceConnectionViewSet, +) api_urlpatterns = [ ("propertymappings/source/ldap", LDAPSourcePropertyMappingViewSet), ("sources/ldap", LDAPSourceViewSet), + ("sources/user_connections/ldap", UserLDAPSourceConnectionViewSet), + ("sources/group_connections/ldap", GroupLDAPSourceConnectionViewSet), ] diff --git a/blueprints/schema.json b/blueprints/schema.json index 9ff0cb00c2..23f0a2458f 100644 --- a/blueprints/schema.json +++ b/blueprints/schema.json @@ -1441,6 +1441,86 @@ } } }, + { + "type": "object", + "required": [ + "model", + "identifiers" + ], + "properties": { + "model": { + "const": "authentik_sources_ldap.userldapsourceconnection" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created", + "must_created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "permissions": { + "$ref": "#/$defs/model_authentik_sources_ldap.userldapsourceconnection_permissions" + }, + "attrs": { + "$ref": "#/$defs/model_authentik_sources_ldap.userldapsourceconnection" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_sources_ldap.userldapsourceconnection" + } + } + }, + { + "type": "object", + "required": [ + "model", + "identifiers" + ], + "properties": { + "model": { + "const": "authentik_sources_ldap.groupldapsourceconnection" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created", + "must_created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "permissions": { + "$ref": "#/$defs/model_authentik_sources_ldap.groupldapsourceconnection_permissions" + }, + "attrs": { + "$ref": "#/$defs/model_authentik_sources_ldap.groupldapsourceconnection" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_sources_ldap.groupldapsourceconnection" + } + } + }, { "type": "object", "required": [ @@ -4754,6 +4834,8 @@ "authentik_sources_kerberos.groupkerberossourceconnection", "authentik_sources_ldap.ldapsource", "authentik_sources_ldap.ldapsourcepropertymapping", + "authentik_sources_ldap.userldapsourceconnection", + "authentik_sources_ldap.groupldapsourceconnection", "authentik_sources_oauth.oauthsource", "authentik_sources_oauth.oauthsourcepropertymapping", "authentik_sources_oauth.useroauthsourceconnection", @@ -7112,14 +7194,22 @@ "authentik_sources_kerberos.view_kerberossource", "authentik_sources_kerberos.view_kerberossourcepropertymapping", "authentik_sources_kerberos.view_userkerberossourceconnection", + "authentik_sources_ldap.add_groupldapsourceconnection", "authentik_sources_ldap.add_ldapsource", "authentik_sources_ldap.add_ldapsourcepropertymapping", + "authentik_sources_ldap.add_userldapsourceconnection", + "authentik_sources_ldap.change_groupldapsourceconnection", "authentik_sources_ldap.change_ldapsource", "authentik_sources_ldap.change_ldapsourcepropertymapping", + "authentik_sources_ldap.change_userldapsourceconnection", + "authentik_sources_ldap.delete_groupldapsourceconnection", "authentik_sources_ldap.delete_ldapsource", "authentik_sources_ldap.delete_ldapsourcepropertymapping", + "authentik_sources_ldap.delete_userldapsourceconnection", + "authentik_sources_ldap.view_groupldapsourceconnection", "authentik_sources_ldap.view_ldapsource", "authentik_sources_ldap.view_ldapsourcepropertymapping", + "authentik_sources_ldap.view_userldapsourceconnection", "authentik_sources_oauth.add_groupoauthsourceconnection", "authentik_sources_oauth.add_oauthsource", "authentik_sources_oauth.add_oauthsourcepropertymapping", @@ -7971,6 +8061,107 @@ } } }, + "model_authentik_sources_ldap.userldapsourceconnection": { + "type": "object", + "properties": { + "user": { + "type": "integer", + "title": "User" + }, + "source": { + "type": "integer", + "title": "Source" + }, + "identifier": { + "type": "string", + "minLength": 1, + "title": "Identifier" + }, + "icon": { + "type": "string", + "minLength": 1, + "title": "Icon" + } + }, + "required": [] + }, + "model_authentik_sources_ldap.userldapsourceconnection_permissions": { + "type": "array", + "items": { + "type": "object", + "required": [ + "permission" + ], + "properties": { + "permission": { + "type": "string", + "enum": [ + "add_userldapsourceconnection", + "change_userldapsourceconnection", + "delete_userldapsourceconnection", + "view_userldapsourceconnection" + ] + }, + "user": { + "type": "integer" + }, + "role": { + "type": "string" + } + } + } + }, + "model_authentik_sources_ldap.groupldapsourceconnection": { + "type": "object", + "properties": { + "group": { + "type": "string", + "format": "uuid", + "title": "Group" + }, + "source": { + "type": "integer", + "title": "Source" + }, + "identifier": { + "type": "string", + "minLength": 1, + "title": "Identifier" + }, + "icon": { + "type": "string", + "minLength": 1, + "title": "Icon" + } + }, + "required": [] + }, + "model_authentik_sources_ldap.groupldapsourceconnection_permissions": { + "type": "array", + "items": { + "type": "object", + "required": [ + "permission" + ], + "properties": { + "permission": { + "type": "string", + "enum": [ + "add_groupldapsourceconnection", + "change_groupldapsourceconnection", + "delete_groupldapsourceconnection", + "view_groupldapsourceconnection" + ] + }, + "user": { + "type": "integer" + }, + "role": { + "type": "string" + } + } + } + }, "model_authentik_sources_oauth.oauthsource": { "type": "object", "properties": { @@ -13627,14 +13818,22 @@ "authentik_sources_kerberos.view_kerberossource", "authentik_sources_kerberos.view_kerberossourcepropertymapping", "authentik_sources_kerberos.view_userkerberossourceconnection", + "authentik_sources_ldap.add_groupldapsourceconnection", "authentik_sources_ldap.add_ldapsource", "authentik_sources_ldap.add_ldapsourcepropertymapping", + "authentik_sources_ldap.add_userldapsourceconnection", + "authentik_sources_ldap.change_groupldapsourceconnection", "authentik_sources_ldap.change_ldapsource", "authentik_sources_ldap.change_ldapsourcepropertymapping", + "authentik_sources_ldap.change_userldapsourceconnection", + "authentik_sources_ldap.delete_groupldapsourceconnection", "authentik_sources_ldap.delete_ldapsource", "authentik_sources_ldap.delete_ldapsourcepropertymapping", + "authentik_sources_ldap.delete_userldapsourceconnection", + "authentik_sources_ldap.view_groupldapsourceconnection", "authentik_sources_ldap.view_ldapsource", "authentik_sources_ldap.view_ldapsourcepropertymapping", + "authentik_sources_ldap.view_userldapsourceconnection", "authentik_sources_oauth.add_groupoauthsourceconnection", "authentik_sources_oauth.add_oauthsource", "authentik_sources_oauth.add_oauthsourcepropertymapping", diff --git a/schema.yml b/schema.yml index 3fc28b2136..73b2ecaf88 100644 --- a/schema.yml +++ b/schema.yml @@ -24375,8 +24375,10 @@ paths: - authentik_sources_kerberos.kerberossource - authentik_sources_kerberos.kerberossourcepropertymapping - authentik_sources_kerberos.userkerberossourceconnection + - authentik_sources_ldap.groupldapsourceconnection - authentik_sources_ldap.ldapsource - authentik_sources_ldap.ldapsourcepropertymapping + - authentik_sources_ldap.userldapsourceconnection - authentik_sources_oauth.groupoauthsourceconnection - authentik_sources_oauth.oauthsource - authentik_sources_oauth.oauthsourcepropertymapping @@ -24619,8 +24621,10 @@ paths: - authentik_sources_kerberos.kerberossource - authentik_sources_kerberos.kerberossourcepropertymapping - authentik_sources_kerberos.userkerberossourceconnection + - authentik_sources_ldap.groupldapsourceconnection - authentik_sources_ldap.ldapsource - authentik_sources_ldap.ldapsourcepropertymapping + - authentik_sources_ldap.userldapsourceconnection - authentik_sources_oauth.groupoauthsourceconnection - authentik_sources_oauth.oauthsource - authentik_sources_oauth.oauthsourcepropertymapping @@ -26446,6 +26450,275 @@ paths: schema: $ref: '#/components/schemas/GenericError' description: '' + /sources/group_connections/ldap/: + get: + operationId: sources_group_connections_ldap_list + description: Group-source connection Viewset + parameters: + - in: query + name: group + schema: + type: string + format: uuid + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - name: search + required: false + in: query + description: A search term. + schema: + type: string + - in: query + name: source__slug + schema: + type: string + tags: + - sources + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedGroupLDAPSourceConnectionList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: sources_group_connections_ldap_create + description: Group-source connection Viewset + tags: + - sources + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/GroupLDAPSourceConnectionRequest' + required: true + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/GroupLDAPSourceConnection' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /sources/group_connections/ldap/{id}/: + get: + operationId: sources_group_connections_ldap_retrieve + description: Group-source connection Viewset + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this Group LDAP Source Connection. + required: true + tags: + - sources + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/GroupLDAPSourceConnection' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: sources_group_connections_ldap_update + description: Group-source connection Viewset + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this Group LDAP Source Connection. + required: true + tags: + - sources + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/GroupLDAPSourceConnectionRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/GroupLDAPSourceConnection' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: sources_group_connections_ldap_partial_update + description: Group-source connection Viewset + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this Group LDAP Source Connection. + required: true + tags: + - sources + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedGroupLDAPSourceConnectionRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/GroupLDAPSourceConnection' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: sources_group_connections_ldap_destroy + description: Group-source connection Viewset + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this Group LDAP Source Connection. + required: true + tags: + - sources + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /sources/group_connections/ldap/{id}/used_by/: + get: + operationId: sources_group_connections_ldap_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this Group LDAP Source Connection. + required: true + tags: + - sources + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' /sources/group_connections/oauth/: get: operationId: sources_group_connections_oauth_list @@ -30564,6 +30837,274 @@ paths: schema: $ref: '#/components/schemas/GenericError' description: '' + /sources/user_connections/ldap/: + get: + operationId: sources_user_connections_ldap_list + description: User-source connection Viewset + parameters: + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - name: search + required: false + in: query + description: A search term. + schema: + type: string + - in: query + name: source__slug + schema: + type: string + - in: query + name: user + schema: + type: integer + tags: + - sources + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedUserLDAPSourceConnectionList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: sources_user_connections_ldap_create + description: User-source connection Viewset + tags: + - sources + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/UserLDAPSourceConnectionRequest' + required: true + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/UserLDAPSourceConnection' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /sources/user_connections/ldap/{id}/: + get: + operationId: sources_user_connections_ldap_retrieve + description: User-source connection Viewset + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this User LDAP Source Connection. + required: true + tags: + - sources + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/UserLDAPSourceConnection' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: sources_user_connections_ldap_update + description: User-source connection Viewset + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this User LDAP Source Connection. + required: true + tags: + - sources + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/UserLDAPSourceConnectionRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/UserLDAPSourceConnection' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: sources_user_connections_ldap_partial_update + description: User-source connection Viewset + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this User LDAP Source Connection. + required: true + tags: + - sources + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedUserLDAPSourceConnectionRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/UserLDAPSourceConnection' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: sources_user_connections_ldap_destroy + description: User-source connection Viewset + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this User LDAP Source Connection. + required: true + tags: + - sources + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /sources/user_connections/ldap/{id}/used_by/: + get: + operationId: sources_user_connections_ldap_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this User LDAP Source Connection. + required: true + tags: + - sources + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' /sources/user_connections/oauth/: get: operationId: sources_user_connections_oauth_list @@ -44814,6 +45355,59 @@ components: - group - identifier - source + GroupLDAPSourceConnection: + type: object + description: Group Source Connection + properties: + pk: + type: integer + readOnly: true + title: ID + group: + type: string + format: uuid + source: + type: string + format: uuid + source_obj: + allOf: + - $ref: '#/components/schemas/Source' + readOnly: true + identifier: + type: string + created: + type: string + format: date-time + readOnly: true + last_updated: + type: string + format: date-time + readOnly: true + required: + - created + - group + - identifier + - last_updated + - pk + - source + - source_obj + GroupLDAPSourceConnectionRequest: + type: object + description: Group Source Connection + properties: + group: + type: string + format: uuid + source: + type: string + format: uuid + identifier: + type: string + minLength: 1 + required: + - group + - identifier + - source GroupMatchingModeEnum: enum: - identifier @@ -47074,6 +47668,8 @@ components: - authentik_sources_kerberos.groupkerberossourceconnection - authentik_sources_ldap.ldapsource - authentik_sources_ldap.ldapsourcepropertymapping + - authentik_sources_ldap.userldapsourceconnection + - authentik_sources_ldap.groupldapsourceconnection - authentik_sources_oauth.oauthsource - authentik_sources_oauth.oauthsourcepropertymapping - authentik_sources_oauth.useroauthsourceconnection @@ -48710,6 +49306,18 @@ components: required: - pagination - results + PaginatedGroupLDAPSourceConnectionList: + type: object + properties: + pagination: + $ref: '#/components/schemas/Pagination' + results: + type: array + items: + $ref: '#/components/schemas/GroupLDAPSourceConnection' + required: + - pagination + - results PaginatedGroupList: type: object properties: @@ -49694,6 +50302,18 @@ components: required: - pagination - results + PaginatedUserLDAPSourceConnectionList: + type: object + properties: + pagination: + $ref: '#/components/schemas/Pagination' + results: + type: array + items: + $ref: '#/components/schemas/UserLDAPSourceConnection' + required: + - pagination + - results PaginatedUserList: type: object properties: @@ -51161,6 +51781,19 @@ components: identifier: type: string minLength: 1 + PatchedGroupLDAPSourceConnectionRequest: + type: object + description: Group Source Connection + properties: + group: + type: string + format: uuid + source: + type: string + format: uuid + identifier: + type: string + minLength: 1 PatchedGroupOAuthSourceConnectionRequest: type: object description: Group Source Connection @@ -53216,6 +53849,18 @@ components: identifier: type: string minLength: 1 + PatchedUserLDAPSourceConnectionRequest: + type: object + description: User source connection + properties: + user: + type: integer + source: + type: string + format: uuid + identifier: + type: string + minLength: 1 PatchedUserLoginStageRequest: type: object description: UserLoginStage Serializer @@ -58496,6 +59141,57 @@ components: - identifier - source - user + UserLDAPSourceConnection: + type: object + description: User source connection + properties: + pk: + type: integer + readOnly: true + title: ID + user: + type: integer + source: + type: string + format: uuid + source_obj: + allOf: + - $ref: '#/components/schemas/Source' + readOnly: true + identifier: + type: string + created: + type: string + format: date-time + readOnly: true + last_updated: + type: string + format: date-time + readOnly: true + required: + - created + - identifier + - last_updated + - pk + - source + - source_obj + - user + UserLDAPSourceConnectionRequest: + type: object + description: User source connection + properties: + user: + type: integer + source: + type: string + format: uuid + identifier: + type: string + minLength: 1 + required: + - identifier + - source + - user UserLoginChallenge: type: object description: Empty challenge