From c3ff834ea7f2c3d6f8ae9c81509e193cb388532a Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Tue, 20 Aug 2024 13:17:42 +0200 Subject: [PATCH] move ldap Signed-off-by: Jens Langhammer --- authentik/common/ldap/__init__.py | 0 authentik/common/ldap/constants.py | 1 + authentik/providers/saml/processors/assertion.py | 2 +- authentik/sources/ldap/auth.py | 3 ++- authentik/sources/ldap/models.py | 6 ++++-- authentik/sources/ldap/password.py | 2 +- authentik/sources/ldap/sync/membership.py | 3 ++- 7 files changed, 11 insertions(+), 6 deletions(-) create mode 100644 authentik/common/ldap/__init__.py create mode 100644 authentik/common/ldap/constants.py diff --git a/authentik/common/ldap/__init__.py b/authentik/common/ldap/__init__.py new file mode 100644 index 0000000000..e69de29bb2 diff --git a/authentik/common/ldap/constants.py b/authentik/common/ldap/constants.py new file mode 100644 index 0000000000..fdc7a83e90 --- /dev/null +++ b/authentik/common/ldap/constants.py @@ -0,0 +1 @@ +LDAP_DISTINGUISHED_NAME = "distinguishedName" diff --git a/authentik/providers/saml/processors/assertion.py b/authentik/providers/saml/processors/assertion.py index 66678a92a1..5fcbacaeba 100644 --- a/authentik/providers/saml/processors/assertion.py +++ b/authentik/providers/saml/processors/assertion.py @@ -10,6 +10,7 @@ from lxml import etree # nosec from lxml.etree import Element, SubElement # nosec from structlog.stdlib import get_logger +from authentik.common.ldap.constants import LDAP_DISTINGUISHED_NAME from authentik.common.saml.constants import ( DIGEST_ALGORITHM_TRANSLATION_MAP, NS_MAP, @@ -36,7 +37,6 @@ from authentik.events.signals import get_login_event from authentik.lib.utils.time import timedelta_from_string from authentik.providers.saml.models import SAMLPropertyMapping, SAMLProvider from authentik.providers.saml.processors.authn_request_parser import AuthNRequest -from authentik.sources.ldap.auth import LDAP_DISTINGUISHED_NAME from authentik.stages.password.stage import PLAN_CONTEXT_METHOD, PLAN_CONTEXT_METHOD_ARGS LOGGER = get_logger() diff --git a/authentik/sources/ldap/auth.py b/authentik/sources/ldap/auth.py index 4ff742dc15..0f79c5d51f 100644 --- a/authentik/sources/ldap/auth.py +++ b/authentik/sources/ldap/auth.py @@ -4,9 +4,10 @@ from django.http import HttpRequest from ldap3.core.exceptions import LDAPException, LDAPInvalidCredentialsResult from structlog.stdlib import get_logger +from authentik.common.ldap.constants import LDAP_DISTINGUISHED_NAME from authentik.core.auth import InbuiltBackend from authentik.core.models import User -from authentik.sources.ldap.models import LDAP_DISTINGUISHED_NAME, LDAPSource +from authentik.sources.ldap.models import LDAPSource LOGGER = get_logger() diff --git a/authentik/sources/ldap/models.py b/authentik/sources/ldap/models.py index da4e308982..d34ec70c41 100644 --- a/authentik/sources/ldap/models.py +++ b/authentik/sources/ldap/models.py @@ -15,6 +15,7 @@ from ldap3 import ALL, NONE, RANDOM, Connection, Server, ServerPool, Tls from ldap3.core.exceptions import LDAPException, LDAPInsufficientAccessRightsResult, LDAPSchemaError from rest_framework.serializers import Serializer +from authentik.common.ldap.constants import LDAP_DISTINGUISHED_NAME from authentik.core.models import ( Group, GroupSourceConnection, @@ -24,11 +25,10 @@ from authentik.core.models import ( ) from authentik.crypto.models import CertificateKeyPair from authentik.lib.config import CONFIG -from authentik.lib.models import DomainlessURLValidator +from authentik.lib.models import DomainlessURLValidator, internal_model LDAP_TIMEOUT = 15 LDAP_UNIQUENESS = "ldap_uniq" -LDAP_DISTINGUISHED_NAME = "distinguishedName" def flatten(value: Any) -> Any: @@ -320,6 +320,7 @@ class LDAPSourcePropertyMapping(PropertyMapping): verbose_name_plural = _("LDAP Source Property Mappings") +@internal_model class UserLDAPSourceConnection(UserSourceConnection): @property def serializer(self) -> type[Serializer]: @@ -334,6 +335,7 @@ class UserLDAPSourceConnection(UserSourceConnection): verbose_name_plural = _("User LDAP Source Connections") +@internal_model class GroupLDAPSourceConnection(GroupSourceConnection): @property def serializer(self) -> type[Serializer]: diff --git a/authentik/sources/ldap/password.py b/authentik/sources/ldap/password.py index 662778aa8d..ea1a505982 100644 --- a/authentik/sources/ldap/password.py +++ b/authentik/sources/ldap/password.py @@ -11,8 +11,8 @@ from ldap3.core.exceptions import ( ) from structlog.stdlib import get_logger +from authentik.common.ldap.constants import LDAP_DISTINGUISHED_NAME from authentik.core.models import User -from authentik.sources.ldap.auth import LDAP_DISTINGUISHED_NAME from authentik.sources.ldap.models import LDAPSource LOGGER = get_logger() diff --git a/authentik/sources/ldap/sync/membership.py b/authentik/sources/ldap/sync/membership.py index cbeaacbdd1..97a152014f 100644 --- a/authentik/sources/ldap/sync/membership.py +++ b/authentik/sources/ldap/sync/membership.py @@ -6,8 +6,9 @@ from typing import Any from django.db.models import Q from ldap3 import SUBTREE +from authentik.common.ldap.constants import LDAP_DISTINGUISHED_NAME from authentik.core.models import Group, User -from authentik.sources.ldap.models import LDAP_DISTINGUISHED_NAME, LDAP_UNIQUENESS, LDAPSource +from authentik.sources.ldap.models import LDAP_UNIQUENESS, LDAPSource from authentik.sources.ldap.sync.base import BaseLDAPSynchronizer