providers/ldap: making ldap compatible with synology (#4694)
* internal/outpost/ldap: making ldap compatible with synology * fix duplicate attributes Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add docs about homedirectory Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix duplicate attributes Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add substitution to values Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
roche-quentin
@ -1,7 +1,9 @@
|
||||
package ldap
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"strconv"
|
||||
"strings"
|
||||
|
||||
"github.com/nmcclain/ldap"
|
||||
"goauthentik.io/api/v3"
|
||||
@ -11,9 +13,29 @@ import (
|
||||
|
||||
func (pi *ProviderInstance) UserEntry(u api.User) *ldap.Entry {
|
||||
dn := pi.GetUserDN(u.Username)
|
||||
attrs := utils.AttributesToLDAP(u.Attributes, false)
|
||||
sanitizedAttrs := utils.AttributesToLDAP(u.Attributes, true)
|
||||
attrs = append(attrs, sanitizedAttrs...)
|
||||
userValueMap := func(value []string) []string {
|
||||
for i, v := range value {
|
||||
if strings.Contains(v, "%s") {
|
||||
value[i] = fmt.Sprintf(v, u.Username)
|
||||
}
|
||||
}
|
||||
return value
|
||||
}
|
||||
attrs := utils.AttributesToLDAP(u.Attributes, func(key string) string {
|
||||
return utils.AttributeKeySanitize(key)
|
||||
}, userValueMap)
|
||||
rawAttrs := utils.AttributesToLDAP(u.Attributes, func(key string) string {
|
||||
return key
|
||||
}, userValueMap)
|
||||
// Only append attributes that don't already exist
|
||||
// TODO: Remove in 2023.3
|
||||
for _, rawAttr := range rawAttrs {
|
||||
for _, attr := range attrs {
|
||||
if !strings.EqualFold(attr.Name, rawAttr.Name) {
|
||||
attrs = append(attrs, rawAttr)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if u.IsActive == nil {
|
||||
u.IsActive = api.PtrBool(false)
|
||||
@ -38,6 +60,8 @@ func (pi *ProviderInstance) UserEntry(u api.User) *ldap.Entry {
|
||||
"objectClass": {constants.OCUser, constants.OCOrgPerson, constants.OCInetOrgPerson, constants.OCAKUser},
|
||||
"uidNumber": {pi.GetUidNumber(u)},
|
||||
"gidNumber": {pi.GetUidNumber(u)},
|
||||
"homeDirectory": {fmt.Sprintf("/home/%s", u.Username)},
|
||||
"sn": {u.Name},
|
||||
})
|
||||
return &ldap.Entry{DN: dn, Attributes: attrs}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user