providers/ldap: making ldap compatible with synology (#4694)

* internal/outpost/ldap: making ldap compatible with synology * fix duplicate attributes Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add docs about homedirectory Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix duplicate attributes Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add substitution to values Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-02-22 15:26:41 +01:00
parent 51c6a14786
commit cd99b6e48f
8 changed files with 156 additions and 43 deletions
--- a/internal/outpost/ldap/group/group.go
+++ b/internal/outpost/ldap/group/group.go
@ -2,6 +2,7 @@ package group

 import (
 	"strconv"
+	"strings"

 	"github.com/nmcclain/ldap"
 	"goauthentik.io/api/v3"
@ -18,15 +19,31 @@ type LDAPGroup struct {
 	Member         []string
 	IsSuperuser    bool
 	IsVirtualGroup bool
-	AKAttributes   map[string]interface{}
+	Attributes     map[string]interface{}
 }

 func (lg *LDAPGroup) Entry() *ldap.Entry {
-	attrs := utils.AttributesToLDAP(lg.AKAttributes, false)
-	sanitizedAttrs := utils.AttributesToLDAP(lg.AKAttributes, true)
-	attrs = append(attrs, sanitizedAttrs...)
+	attrs := utils.AttributesToLDAP(lg.Attributes, func(key string) string {
+		return utils.AttributeKeySanitize(key)
+	}, func(value []string) []string {
+		return value
+	})
+	rawAttrs := utils.AttributesToLDAP(lg.Attributes, func(key string) string {
+		return key
+	}, func(value []string) []string {
+		return value
+	})
+	// Only append attributes that don't already exist
+	// TODO: Remove in 2023.3
+	for _, rawAttr := range rawAttrs {
+		for _, attr := range attrs {
+			if !strings.EqualFold(attr.Name, rawAttr.Name) {
+				attrs = append(attrs, rawAttr)
+			}
+		}
+	}

-	objectClass := []string{constants.OCGroup, constants.OCGroupOfUniqueNames, constants.OCGroupOfNames, constants.OCAKGroup}
+	objectClass := []string{constants.OCGroup, constants.OCGroupOfUniqueNames, constants.OCGroupOfNames, constants.OCAKGroup, constants.OCPosixGroup}
 	if lg.IsVirtualGroup {
 		objectClass = append(objectClass, constants.OCAKVirtualGroup)
 	}
@ -55,7 +72,7 @@ func FromAPIGroup(g api.Group, si server.LDAPServerInstance) *LDAPGroup {
 		Member:         si.UsersForGroup(g),
 		IsVirtualGroup: false,
 		IsSuperuser:    *g.IsSuperuser,
-		AKAttributes:   g.Attributes,
+		Attributes:     g.Attributes,
 	}
 }

@ -68,6 +85,6 @@ func FromAPIUser(u api.User, si server.LDAPServerInstance) *LDAPGroup {
 		Member:         []string{si.GetUserDN(u.Username)},
 		IsVirtualGroup: true,
 		IsSuperuser:    false,
-		AKAttributes:   nil,
+		Attributes:     nil,
 	}
 }