habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sources/ldap: rename ldappropertymapping to ldapsourcepropertymapping (#10606)

Browse Source
This commit is contained in:
Marc 'risson' Schmitt
2024-07-25 16:09:36 +02:00
committed by GitHub
parent 76fcdabae4
commit ced4533890
17 changed files with 673 additions and 570 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
authentik/sources/ldap/api.py
View File

@ -21,7 +21,7 @@ from authentik.core.api.sources import SourceSerializer
from authentik.core.api.used_by import UsedByMixin
from authentik.crypto.models import CertificateKeyPair
from authentik.lib.sync.outgoing.api import SyncStatusSerializer
from authentik.sources.ldap.models import LDAPPropertyMapping, LDAPSource
from authentik.sources.ldap.models import LDAPSource, LDAPSourcePropertyMapping
from authentik.sources.ldap.tasks import CACHE_KEY_STATUS, SYNC_CLASSES
@ -177,29 +177,29 @@ class LDAPSourceViewSet(UsedByMixin, ModelViewSet):
return Response(data=all_objects)
class LDAPPropertyMappingSerializer(PropertyMappingSerializer):
class LDAPSourcePropertyMappingSerializer(PropertyMappingSerializer):
"""LDAP PropertyMapping Serializer"""
class Meta:
model = LDAPPropertyMapping
model = LDAPSourcePropertyMapping
fields = PropertyMappingSerializer.Meta.fields
class LDAPPropertyMappingFilter(FilterSet):
"""Filter for LDAPPropertyMapping"""
class LDAPSourcePropertyMappingFilter(FilterSet):
"""Filter for LDAPSourcePropertyMapping"""
managed = extend_schema_field(OpenApiTypes.STR)(AllValuesMultipleFilter(field_name="managed"))
class Meta:
model = LDAPPropertyMapping
model = LDAPSourcePropertyMapping
fields = "__all__"
class LDAPPropertyMappingViewSet(UsedByMixin, ModelViewSet):
class LDAPSourcePropertyMappingViewSet(UsedByMixin, ModelViewSet):
"""LDAP PropertyMapping Viewset"""
queryset = LDAPPropertyMapping.objects.all()
serializer_class = LDAPPropertyMappingSerializer
filterset_class = LDAPPropertyMappingFilter
queryset = LDAPSourcePropertyMapping.objects.all()
serializer_class = LDAPSourcePropertyMappingSerializer
filterset_class = LDAPSourcePropertyMappingFilter
search_fields = ["name"]
ordering = ["name"]

25
authentik/sources/ldap/migrations/0006_rename_ldappropertymapping_ldapsourcepropertymapping_and_more.py Normal file
View File

@ -0,0 +1,25 @@
# Generated by Django 5.0.7 on 2024-07-24 12:44
from django.db import migrations
class Migration(migrations.Migration):
dependencies = [
("authentik_core", "0037_remove_source_property_mappings"),
("authentik_sources_ldap", "0005_remove_ldappropertymapping_object_field_and_more"),
]
operations = [
migrations.RenameModel(
old_name="LDAPPropertyMapping",
new_name="LDAPSourcePropertyMapping",
),
migrations.AlterModelOptions(
name="ldapsourcepropertymapping",
options={
"verbose_name": "LDAP Source Property Mapping",
"verbose_name_plural": "LDAP Source Property Mappings",
},
),
]

16
authentik/sources/ldap/models.py
View File

@ -135,9 +135,9 @@ class LDAPSource(Source):
@property
def property_mapping_type(self) -> "type[PropertyMapping]":
from authentik.sources.ldap.models import LDAPPropertyMapping
from authentik.sources.ldap.models import LDAPSourcePropertyMapping
return LDAPPropertyMapping
return LDAPSourcePropertyMapping
def update_properties_with_uniqueness_field(self, properties, dn, ldap, **kwargs):
properties.setdefault("attributes", {})[LDAP_DISTINGUISHED_NAME] = dn
@ -285,22 +285,22 @@ class LDAPSource(Source):
verbose_name_plural = _("LDAP Sources")
class LDAPPropertyMapping(PropertyMapping):
class LDAPSourcePropertyMapping(PropertyMapping):
"""Map LDAP Property to User or Group object attribute"""
@property
def component(self) -> str:
return "ak-property-mapping-ldap-form"
return "ak-property-mapping-ldap-source-form"
@property
def serializer(self) -> type[Serializer]:
from authentik.sources.ldap.api import LDAPPropertyMappingSerializer
from authentik.sources.ldap.api import LDAPSourcePropertyMappingSerializer
return LDAPPropertyMappingSerializer
return LDAPSourcePropertyMappingSerializer
def __str__(self):
return str(self.name)
class Meta:
verbose_name = _("LDAP Property Mapping")
verbose_name_plural = _("LDAP Property Mappings")
verbose_name = _("LDAP Source Property Mapping")
verbose_name_plural = _("LDAP Source Property Mappings")

8
authentik/sources/ldap/tests/test_auth.py
View File

@ -9,7 +9,7 @@ from authentik.blueprints.tests import apply_blueprint
from authentik.core.models import User
from authentik.lib.generators import generate_key
from authentik.sources.ldap.auth import LDAPBackend
from authentik.sources.ldap.models import LDAPPropertyMapping, LDAPSource
from authentik.sources.ldap.models import LDAPSource, LDAPSourcePropertyMapping
from authentik.sources.ldap.sync.users import UserLDAPSynchronizer
from authentik.sources.ldap.tests.mock_ad import mock_ad_connection
from authentik.sources.ldap.tests.mock_slapd import mock_slapd_connection
@ -33,7 +33,7 @@ class LDAPSyncTests(TestCase):
def test_auth_direct_user_ad(self):
"""Test direct auth"""
self.source.user_property_mappings.set(
LDAPPropertyMapping.objects.filter(
LDAPSourcePropertyMapping.objects.filter(
Q(managed__startswith="goauthentik.io/sources/ldap/default-")
| Q(managed__startswith="goauthentik.io/sources/ldap/ms-")
)
@ -64,7 +64,7 @@ class LDAPSyncTests(TestCase):
def test_auth_synced_user_ad(self):
"""Test Cached auth"""
self.source.user_property_mappings.set(
LDAPPropertyMapping.objects.filter(
LDAPSourcePropertyMapping.objects.filter(
Q(managed__startswith="goauthentik.io/sources/ldap/default-")
| Q(managed__startswith="goauthentik.io/sources/ldap/ms-")
)
@ -90,7 +90,7 @@ class LDAPSyncTests(TestCase):
"""Test Cached auth"""
self.source.object_uniqueness_field = "uid"
self.source.user_property_mappings.set(
LDAPPropertyMapping.objects.filter(
LDAPSourcePropertyMapping.objects.filter(
Q(name__startswith="authentik default LDAP Mapping")
| Q(name__startswith="authentik default OpenLDAP Mapping")
)

4
authentik/sources/ldap/tests/test_password.py
View File

@ -6,7 +6,7 @@ from django.test import TestCase
from authentik.core.models import User
from authentik.lib.generators import generate_key
from authentik.sources.ldap.models import LDAPPropertyMapping, LDAPSource
from authentik.sources.ldap.models import LDAPSource, LDAPSourcePropertyMapping
from authentik.sources.ldap.password import LDAPPasswordChanger
from authentik.sources.ldap.tests.mock_ad import mock_ad_connection
@ -25,7 +25,7 @@ class LDAPPasswordTests(TestCase):
additional_user_dn="ou=users",
additional_group_dn="ou=groups",
)
self.source.user_property_mappings.set(LDAPPropertyMapping.objects.all())
self.source.user_property_mappings.set(LDAPSourcePropertyMapping.objects.all())
self.source.save()
@patch("authentik.sources.ldap.models.LDAPSource.connection", LDAP_CONNECTION_PATCH)

42
authentik/sources/ldap/tests/test_sync.py
View File

@ -13,7 +13,7 @@ from authentik.events.system_tasks import TaskStatus
from authentik.lib.generators import generate_id, generate_key
from authentik.lib.sync.outgoing.exceptions import StopSync
from authentik.lib.utils.reflection import class_to_path
from authentik.sources.ldap.models import LDAPPropertyMapping, LDAPSource
from authentik.sources.ldap.models import LDAPSource, LDAPSourcePropertyMapping
from authentik.sources.ldap.sync.groups import GroupLDAPSynchronizer
from authentik.sources.ldap.sync.membership import MembershipLDAPSynchronizer
from authentik.sources.ldap.sync.users import UserLDAPSynchronizer
@ -49,12 +49,12 @@ class LDAPSyncTests(TestCase):
def test_sync_error(self):
"""Test user sync"""
self.source.user_property_mappings.set(
LDAPPropertyMapping.objects.filter(
LDAPSourcePropertyMapping.objects.filter(
Q(managed__startswith="goauthentik.io/sources/ldap/default")
| Q(managed__startswith="goauthentik.io/sources/ldap/ms")
)
)
mapping = LDAPPropertyMapping.objects.create(
mapping = LDAPSourcePropertyMapping.objects.create(
name="name",
expression="q",
)
@ -76,12 +76,14 @@ class LDAPSyncTests(TestCase):
def test_sync_mapping(self):
"""Test property mappings"""
none = LDAPPropertyMapping.objects.create(name=generate_id(), expression="return None")
byte_mapping = LDAPPropertyMapping.objects.create(
none = LDAPSourcePropertyMapping.objects.create(
name=generate_id(), expression="return None"
)
byte_mapping = LDAPSourcePropertyMapping.objects.create(
name=generate_id(), expression="return b''"
)
self.source.user_property_mappings.set(
LDAPPropertyMapping.objects.filter(
LDAPSourcePropertyMapping.objects.filter(
Q(managed__startswith="goauthentik.io/sources/ldap/default")
| Q(managed__startswith="goauthentik.io/sources/ldap/ms")
)
@ -97,7 +99,7 @@ class LDAPSyncTests(TestCase):
def test_sync_users_ad(self):
"""Test user sync"""
self.source.user_property_mappings.set(
LDAPPropertyMapping.objects.filter(
LDAPSourcePropertyMapping.objects.filter(
Q(managed__startswith="goauthentik.io/sources/ldap/default")
| Q(managed__startswith="goauthentik.io/sources/ldap/ms")
)
@ -131,7 +133,7 @@ class LDAPSyncTests(TestCase):
"""Test user sync"""
self.source.object_uniqueness_field = "uid"
self.source.user_property_mappings.set(
LDAPPropertyMapping.objects.filter(
LDAPSourcePropertyMapping.objects.filter(
Q(managed__startswith="goauthentik.io/sources/ldap/default")
| Q(managed__startswith="goauthentik.io/sources/ldap/openldap")
)
@ -147,7 +149,7 @@ class LDAPSyncTests(TestCase):
"""Test user sync (FreeIPA-ish), mainly testing vendor quirks"""
self.source.object_uniqueness_field = "uid"
self.source.user_property_mappings.set(
LDAPPropertyMapping.objects.filter(
LDAPSourcePropertyMapping.objects.filter(
Q(managed__startswith="goauthentik.io/sources/ldap/default")
| Q(managed__startswith="goauthentik.io/sources/ldap/openldap")
)
@ -163,13 +165,15 @@ class LDAPSyncTests(TestCase):
def test_sync_groups_ad(self):
"""Test group sync"""
self.source.user_property_mappings.set(
LDAPPropertyMapping.objects.filter(
LDAPSourcePropertyMapping.objects.filter(
Q(managed__startswith="goauthentik.io/sources/ldap/default")
| Q(managed__startswith="goauthentik.io/sources/ldap/ms")
)
)
self.source.group_property_mappings.set(
LDAPPropertyMapping.objects.filter(managed="goauthentik.io/sources/ldap/default-name")
LDAPSourcePropertyMapping.objects.filter(
managed="goauthentik.io/sources/ldap/default-name"
)
)
connection = MagicMock(return_value=mock_ad_connection(LDAP_PASSWORD))
with patch("authentik.sources.ldap.models.LDAPSource.connection", connection):
@ -190,13 +194,15 @@ class LDAPSyncTests(TestCase):
self.source.object_uniqueness_field = "uid"
self.source.group_object_filter = "(objectClass=groupOfNames)"
self.source.user_property_mappings.set(
LDAPPropertyMapping.objects.filter(
LDAPSourcePropertyMapping.objects.filter(
Q(managed__startswith="goauthentik.io/sources/ldap/default")
| Q(managed__startswith="goauthentik.io/sources/ldap/openldap")
)
)
self.source.group_property_mappings.set(
LDAPPropertyMapping.objects.filter(managed="goauthentik.io/sources/ldap/openldap-cn")
LDAPSourcePropertyMapping.objects.filter(
managed="goauthentik.io/sources/ldap/openldap-cn"
)
)
connection = MagicMock(return_value=mock_slapd_connection(LDAP_PASSWORD))
with patch("authentik.sources.ldap.models.LDAPSource.connection", connection):
@ -215,13 +221,15 @@ class LDAPSyncTests(TestCase):
self.source.user_object_filter = "(objectClass=posixAccount)"
self.source.group_object_filter = "(objectClass=posixGroup)"
self.source.user_property_mappings.set(
LDAPPropertyMapping.objects.filter(
LDAPSourcePropertyMapping.objects.filter(
Q(managed__startswith="goauthentik.io/sources/ldap/default")
| Q(managed__startswith="goauthentik.io/sources/ldap/openldap")
)
)
self.source.group_property_mappings.set(
LDAPPropertyMapping.objects.filter(managed="goauthentik.io/sources/ldap/openldap-cn")
LDAPSourcePropertyMapping.objects.filter(
managed="goauthentik.io/sources/ldap/openldap-cn"
)
)
connection = MagicMock(return_value=mock_slapd_connection(LDAP_PASSWORD))
with patch("authentik.sources.ldap.models.LDAPSource.connection", connection):
@ -239,7 +247,7 @@ class LDAPSyncTests(TestCase):
def test_tasks_ad(self):
"""Test Scheduled tasks"""
self.source.user_property_mappings.set(
LDAPPropertyMapping.objects.filter(
LDAPSourcePropertyMapping.objects.filter(
Q(managed__startswith="goauthentik.io/sources/ldap/default")
| Q(managed__startswith="goauthentik.io/sources/ldap/ms")
)
@ -254,7 +262,7 @@ class LDAPSyncTests(TestCase):
self.source.object_uniqueness_field = "uid"
self.source.group_object_filter = "(objectClass=groupOfNames)"
self.source.user_property_mappings.set(
LDAPPropertyMapping.objects.filter(
LDAPSourcePropertyMapping.objects.filter(
Q(managed__startswith="goauthentik.io/sources/ldap/default")
| Q(managed__startswith="goauthentik.io/sources/ldap/openldap")
)

4
authentik/sources/ldap/urls.py
View File

@ -1,8 +1,8 @@
"""API URLs"""
from authentik.sources.ldap.api import LDAPPropertyMappingViewSet, LDAPSourceViewSet
from authentik.sources.ldap.api import LDAPSourcePropertyMappingViewSet, LDAPSourceViewSet
api_urlpatterns = [
("propertymappings/ldap", LDAPPropertyMappingViewSet),
("propertymappings/source/ldap", LDAPSourcePropertyMappingViewSet),
("sources/ldap", LDAPSourceViewSet),
]

236
blueprints/example/sources-google-ldap-mappings.yaml
View File

@ -6,217 +6,281 @@ metadata:
entries:
- identifiers:
managed: goauthentik.io/sources/ldap/google-uid
model: authentik_sources_ldap.ldappropertymapping
model: authentik_sources_ldap.ldapsourcepropertymapping
attrs:
name: "Google Secure LDAP Mapping: uid"
object_field: "username"
expression: |
return ldap.get('uid')
return {
"username": ldap.get("uid"),
}
- identifiers:
managed: goauthentik.io/sources/ldap/google-googleuid
model: authentik_sources_ldap.ldappropertymapping
model: authentik_sources_ldap.ldapsourcepropertymapping
attrs:
name: "Google Secure LDAP Mapping: googleUid"
object_field: "attributes.googleUid"
expression: |
return ldap.get('googleUid')
return {
"attributes": {
"googleUid": ldap.get("googleUid"),
},
}
- identifiers:
managed: goauthentik.io/sources/ldap/google-posixuid
model: authentik_sources_ldap.ldappropertymapping
model: authentik_sources_ldap.ldapsourcepropertymapping
attrs:
name: "Google Secure LDAP Mapping: posixUid"
object_field: "attributes.posixUid"
expression: |
return ldap.get('posixUid')
return {
"attributes": {
"posixUid": ldap.get("posixUid"),
},
}
- identifiers:
managed: goauthentik.io/sources/ldap/google-cn
model: authentik_sources_ldap.ldappropertymapping
model: authentik_sources_ldap.ldapsourcepropertymapping
attrs:
name: "Google Secure LDAP Mapping: cn"
object_field: "name"
expression: |
return ldap.get('cn')
return {
"name": ldap.get("cn"),
}
- identifiers:
managed: goauthentik.io/sources/ldap/google-sn
model: authentik_sources_ldap.ldappropertymapping
model: authentik_sources_ldap.ldapsourcepropertymapping
attrs:
name: "Google Secure LDAP Mapping: sn"
object_field: "attributes.sn"
expression: |
return list_flatten(ldap.get('sn'))
return {
"attributes": {
"sn": list_flatten(ldap.get("sn")),
},
}
- identifiers:
managed: goauthentik.io/sources/ldap/google-givenname
model: authentik_sources_ldap.ldappropertymapping
model: authentik_sources_ldap.ldapsourcepropertymapping
attrs:
name: "Google Secure LDAP Mapping: givenName"
object_field: "attributes.givenName"
expression: |
return list_flatten(ldap.get('givenName'))
return {
"attributes": {
"givenName": list_flatten(ldap.get("givenName")),
},
}
- identifiers:
managed: goauthentik.io/sources/ldap/google-displayname
model: authentik_sources_ldap.ldappropertymapping
model: authentik_sources_ldap.ldapsourcepropertymapping
attrs:
name: "Google Secure LDAP Mapping: displayName"
object_field: "attributes.displayName"
expression: |
return ldap.get('displayName')
return {
"attributes": {
"displayName": ldap.get("displayName"),
},
}
- identifiers:
managed: goauthentik.io/sources/ldap/google-mail
model: authentik_sources_ldap.ldappropertymapping
model: authentik_sources_ldap.ldapsourcepropertymapping
attrs:
name: "Google Secure LDAP Mapping: mail"
object_field: "email"
expression: |
return ldap.get('mail')
return {
"email": ldap.get("mail"),
}
- identifiers:
managed: goauthentik.io/sources/ldap/google-memberof
model: authentik_sources_ldap.ldappropertymapping
model: authentik_sources_ldap.ldapsourcepropertymapping
attrs:
name: "Google Secure LDAP Mapping: memberOf"
object_field: "attributes.memberOf"
expression: |
return ldap.get('memberOf')
return {
"attributes": {
"memberOf": ldap.get("memberOf"),
},
}
- identifiers:
managed: goauthentik.io/sources/ldap/google-title
model: authentik_sources_ldap.ldappropertymapping
model: authentik_sources_ldap.ldapsourcepropertymapping
attrs:
name: "Google Secure LDAP Mapping: title"
object_field: "attributes.title"
expression: |
return ldap.get('title')
return {
"attributes": {
"title": ldap.get("title"),
},
}
- identifiers:
managed: goauthentik.io/sources/ldap/google-employeenumber
model: authentik_sources_ldap.ldappropertymapping
model: authentik_sources_ldap.ldapsourcepropertymapping
attrs:
name: "Google Secure LDAP Mapping: employeeNumber"
object_field: "attributes.employeeNumber"
expression: |
return ldap.get('employeeNumber')
return {
"attributes": {
"employeeNumber": ldap.get("employeeNumber"),
},
}
- identifiers:
managed: goauthentik.io/sources/ldap/google-employeetype
model: authentik_sources_ldap.ldappropertymapping
model: authentik_sources_ldap.ldapsourcepropertymapping
attrs:
name: "Google Secure LDAP Mapping: employeeType"
object_field: "attributes.employeeType"
expression: |
return ldap.get('employeeType')
return {
"attributes": {
"employeeType": ldap.get("employeeType"),
},
}
- identifiers:
managed: goauthentik.io/sources/ldap/google-departmentnumber
model: authentik_sources_ldap.ldappropertymapping
model: authentik_sources_ldap.ldapsourcepropertymapping
attrs:
name: "Google Secure LDAP Mapping: departmentNumber"
object_field: "attributes.departmentNumber"
expression: |
return ldap.get('departmentNumber')
return {
"attributes": {
"departmentNumber": ldap.get("departmentNumber"),
},
}
- identifiers:
managed: goauthentik.io/sources/ldap/google-physicaldeliveryofficename
model: authentik_sources_ldap.ldappropertymapping
model: authentik_sources_ldap.ldapsourcepropertymapping
attrs:
name: "Google Secure LDAP Mapping: physicalDeliveryOfficeName"
object_field: "attributes.physicalDeliveryOfficeName"
expression: |
return ldap.get('physicalDeliveryOfficeName')
return {
"attributes": {
"physicalDeliveryOfficeName": ldap.get("physicalDeliveryOfficeName"),
},
}
- identifiers:
managed: goauthentik.io/sources/ldap/google-jpegphoto
model: authentik_sources_ldap.ldappropertymapping
model: authentik_sources_ldap.ldapsourcepropertymapping
attrs:
name: "Google Secure LDAP Mapping: jpegPhoto"
object_field: "attributes.jpegPhoto"
expression: |
return ldap.get('jpegPhoto')
return {
"attributes": {
"jpegPhoto": ldap.get("jpegPhoto"),
},
}
- identifiers:
managed: goauthentik.io/sources/ldap/google-entryuuid
model: authentik_sources_ldap.ldappropertymapping
model: authentik_sources_ldap.ldapsourcepropertymapping
attrs:
name: "Google Secure LDAP Mapping: entryUuid"
object_field: "attributes.entryUuid"
expression: |
return ldap.get('entryUuid')
return {
"attributes": {
"entryUuid": ldap.get("entryUuid"),
},
}
- identifiers:
managed: goauthentik.io/sources/ldap/google-objectsid
model: authentik_sources_ldap.ldappropertymapping
model: authentik_sources_ldap.ldapsourcepropertymapping
attrs:
name: "Google Secure LDAP Mapping: objectSid"
object_field: "attributes.objectSid"
expression: |
return ldap.get('objectSid')
return {
"attributes": {
"objectSid": ldap.get("objectSid"),
},
}
- identifiers:
managed: goauthentik.io/sources/ldap/google-uidnumber
model: authentik_sources_ldap.ldappropertymapping
model: authentik_sources_ldap.ldapsourcepropertymapping
attrs:
name: "Google Secure LDAP Mapping: uidNumber"
object_field: "attributes.uidNumber"
expression: |
return ldap.get('uidNumber')
return {
"attributes": {
"uidNumber": ldap.get("uidNumber"),
},
}
- identifiers:
managed: goauthentik.io/sources/ldap/google-gidnumber
model: authentik_sources_ldap.ldappropertymapping
model: authentik_sources_ldap.ldapsourcepropertymapping
attrs:
name: "Google Secure LDAP Mapping: gidNumber"
object_field: "attributes.gidNumber"
expression: |
return ldap.get('gidNumber')
return {
"attributes": {
"gidNumber": ldap.get("gidNumber"),
},
}
- identifiers:
managed: goauthentik.io/sources/ldap/google-homedirectory
model: authentik_sources_ldap.ldappropertymapping
model: authentik_sources_ldap.ldapsourcepropertymapping
attrs:
name: "Google Secure LDAP Mapping: homeDirectory"
object_field: "attributes.homeDirectory"
expression: |
return ldap.get('homeDirectory')
return {
"attributes": {
"homeDirectoy": ldap.get("homeDirectory"),
},
}
- identifiers:
managed: goauthentik.io/sources/ldap/google-loginshell
model: authentik_sources_ldap.ldappropertymapping
model: authentik_sources_ldap.ldapsourcepropertymapping
attrs:
name: "Google Secure LDAP Mapping: loginShell"
object_field: "attributes.loginShell"
expression: |
return ldap.get('loginShell')
- identifiers:
managed: goauthentik.io/sources/ldap/google-gidnumber
model: authentik_sources_ldap.ldappropertymapping
attrs:
name: "Google Secure LDAP Mapping: gidNumber"
object_field: "attributes.gidNumber"
expression: |
return ldap.get('gidNumber')
return {
"attributes": {
"loginShell": ldap.get("loginShell"),
},
}
- identifiers:
managed: goauthentik.io/sources/ldap/google-sshpublickey
model: authentik_sources_ldap.ldappropertymapping
model: authentik_sources_ldap.ldapsourcepropertymapping
attrs:
name: "Google Secure LDAP Mapping: sshPublicKey"
object_field: "attributes.sshPublicKey"
expression: |
return list_flatten(ldap.get('sshPublicKey'))
return {
"attributes": {
"sshPublicKey": list_flatten(ldap.get("sshPublicKey")),
},
}
- identifiers:
managed: goauthentik.io/sources/ldap/google-description
model: authentik_sources_ldap.ldappropertymapping
model: authentik_sources_ldap.ldapsourcepropertymapping
attrs:
name: "Google Secure LDAP Mapping: description"
object_field: "attributes.description"
expression: |
return list_flatten(ldap.get('description'))
return {
"attributes": {
"description": list_flatten(ldap.get("description")),
},
}
- identifiers:
managed: goauthentik.io/sources/ldap/google-member
model: authentik_sources_ldap.ldappropertymapping
model: authentik_sources_ldap.ldapsourcepropertymapping
attrs:
name: "Google Secure LDAP Mapping: member"
object_field: "attributes.member"
expression: |
return list_flatten(ldap.get('member'))
return {
"attributes": {
"member": list_flatten(ldap.get("member")),
},
}
- identifiers:
managed: goauthentik.io/sources/ldap/google-memberuid
model: authentik_sources_ldap.ldappropertymapping
model: authentik_sources_ldap.ldapsourcepropertymapping
attrs:
name: "Google Secure LDAP Mapping: memberUid"
object_field: "attributes.memberUid"
expression: |
return list_flatten(ldap.get('memberUid'))
return {
"attributes": {
"memberUid": list_flatten(ldap.get("memberUid")),
},
}
- identifiers:
managed: goauthentik.io/sources/ldap/google-googleadmincreated
model: authentik_sources_ldap.ldappropertymapping
model: authentik_sources_ldap.ldapsourcepropertymapping
attrs:
name: "Google Secure LDAP Mapping: googleAdminCreated"
object_field: "attributes.googleAdminCreated"
expression: |
return list_flatten(ldap.get('googleAdminCreated'))
return {
"attributes": {
"googleAdminCreated": list_flatten(ldap.get("googleAdminCreated")),
},
}

10
blueprints/schema.json
View File

@ -974,7 +974,7 @@
],
"properties": {
"model": {
"const": "authentik_sources_ldap.ldappropertymapping"
"const": "authentik_sources_ldap.ldapsourcepropertymapping"
},
"id": {
"type": "string"
@ -996,10 +996,10 @@
}
},
"attrs": {
"$ref": "#/$defs/model_authentik_sources_ldap.ldappropertymapping"
"$ref": "#/$defs/model_authentik_sources_ldap.ldapsourcepropertymapping"
},
"identifiers": {
"$ref": "#/$defs/model_authentik_sources_ldap.ldappropertymapping"
"$ref": "#/$defs/model_authentik_sources_ldap.ldapsourcepropertymapping"
}
}
},
@ -3526,7 +3526,7 @@
"authentik_providers_scim.scimmapping",
"authentik_rbac.role",
"authentik_sources_ldap.ldapsource",
"authentik_sources_ldap.ldappropertymapping",
"authentik_sources_ldap.ldapsourcepropertymapping",
"authentik_sources_oauth.oauthsource",
"authentik_sources_oauth.useroauthsourceconnection",
"authentik_sources_plex.plexsource",
@ -4623,7 +4623,7 @@
},
"required": []
},
"model_authentik_sources_ldap.ldappropertymapping": {
"model_authentik_sources_ldap.ldapsourcepropertymapping": {
"type": "object",
"properties": {
"managed": {

34
blueprints/system/sources-ldap.yaml
View File

@ -6,7 +6,7 @@ metadata:
entries:
- identifiers:
managed: goauthentik.io/sources/ldap/default-dn-path
model: authentik_sources_ldap.ldappropertymapping
model: authentik_sources_ldap.ldapsourcepropertymapping
attrs:
name: "authentik default LDAP Mapping: DN to User Path"
expression: |
@ -27,82 +27,82 @@ entries:
}
- identifiers:
managed: goauthentik.io/sources/ldap/default-name
model: authentik_sources_ldap.ldappropertymapping
model: authentik_sources_ldap.ldapsourcepropertymapping
attrs:
name: "authentik default LDAP Mapping: Name"
expression: |
return {
"name": ldap.get('name'),
"name": ldap.get("name"),
}
- identifiers:
managed: goauthentik.io/sources/ldap/default-mail
model: authentik_sources_ldap.ldappropertymapping
model: authentik_sources_ldap.ldapsourcepropertymapping
attrs:
name: "authentik default LDAP Mapping: mail"
expression: |
return {
"email": ldap.get('mail'),
"email": ldap.get("mail"),
}
# ActiveDirectory-specific mappings
- identifiers:
managed: goauthentik.io/sources/ldap/ms-samaccountname
model: authentik_sources_ldap.ldappropertymapping
model: authentik_sources_ldap.ldapsourcepropertymapping
attrs:
name: "authentik default Active Directory Mapping: sAMAccountName"
expression: |
return {
"username": ldap.get('sAMAccountName'),
"username": ldap.get("sAMAccountName"),
}
- identifiers:
managed: goauthentik.io/sources/ldap/ms-userprincipalname
model: authentik_sources_ldap.ldappropertymapping
model: authentik_sources_ldap.ldapsourcepropertymapping
attrs:
name: "authentik default Active Directory Mapping: userPrincipalName"
object_field: "attributes.upn"
expression: |
return {
"attributes": {
"upn": list_flatten(ldap.get('userPrincipalName')),
"upn": list_flatten(ldap.get("userPrincipalName")),
},
}
- identifiers:
managed: goauthentik.io/sources/ldap/ms-givenName
model: authentik_sources_ldap.ldappropertymapping
model: authentik_sources_ldap.ldapsourcepropertymapping
attrs:
name: "authentik default Active Directory Mapping: givenName"
expression: |
return {
"attributes": {
"givenName": list_flatten(ldap.get('givenName')),
"givenName": list_flatten(ldap.get("givenName")),
},
}
- identifiers:
managed: goauthentik.io/sources/ldap/ms-sn
model: authentik_sources_ldap.ldappropertymapping
model: authentik_sources_ldap.ldapsourcepropertymapping
attrs:
name: "authentik default Active Directory Mapping: sn"
expression: |
return {
"attributes": {
"sn": list_flatten(ldap.get('sn')),
"sn": list_flatten(ldap.get("sn")),
},
}
# OpenLDAP specific mappings
- identifiers:
managed: goauthentik.io/sources/ldap/openldap-uid
model: authentik_sources_ldap.ldappropertymapping
model: authentik_sources_ldap.ldapsourcepropertymapping
attrs:
name: "authentik default OpenLDAP Mapping: uid"
expression: |
return {
"username": ldap.get('uid'),
"username": ldap.get("uid"),
}
- identifiers:
managed: goauthentik.io/sources/ldap/openldap-cn
model: authentik_sources_ldap.ldappropertymapping
model: authentik_sources_ldap.ldapsourcepropertymapping
attrs:
name: "authentik default OpenLDAP Mapping: cn"
expression: |
return {
"name": ldap.get('cn'),
"name": ldap.get("cn"),
}

774
schema.yml
View File

@ -13473,292 +13473,6 @@ paths:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/propertymappings/ldap/:
get:
operationId: propertymappings_ldap_list
description: LDAP PropertyMapping Viewset
parameters:
- in: query
name: expression
schema:
type: string
- in: query
name: managed
schema:
type: array
items:
type: string
explode: true
style: form
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- in: query
name: pm_uuid
schema:
type: string
format: uuid
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- propertymappings
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedLDAPPropertyMappingList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: propertymappings_ldap_create
description: LDAP PropertyMapping Viewset
tags:
- propertymappings
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/LDAPPropertyMappingRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/LDAPPropertyMapping'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/propertymappings/ldap/{pm_uuid}/:
get:
operationId: propertymappings_ldap_retrieve
description: LDAP PropertyMapping Viewset
parameters:
- in: path
name: pm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this LDAP Property Mapping.
required: true
tags:
- propertymappings
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/LDAPPropertyMapping'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: propertymappings_ldap_update
description: LDAP PropertyMapping Viewset
parameters:
- in: path
name: pm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this LDAP Property Mapping.
required: true
tags:
- propertymappings
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/LDAPPropertyMappingRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/LDAPPropertyMapping'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: propertymappings_ldap_partial_update
description: LDAP PropertyMapping Viewset
parameters:
- in: path
name: pm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this LDAP Property Mapping.
required: true
tags:
- propertymappings
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedLDAPPropertyMappingRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/LDAPPropertyMapping'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: propertymappings_ldap_destroy
description: LDAP PropertyMapping Viewset
parameters:
- in: path
name: pm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this LDAP Property Mapping.
required: true
tags:
- propertymappings
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/propertymappings/ldap/{pm_uuid}/used_by/:
get:
operationId: propertymappings_ldap_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: pm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this LDAP Property Mapping.
required: true
tags:
- propertymappings
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/propertymappings/notification/:
get:
operationId: propertymappings_notification_list
@ -15738,6 +15452,292 @@ paths:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/propertymappings/source/ldap/:
get:
operationId: propertymappings_source_ldap_list
description: LDAP PropertyMapping Viewset
parameters:
- in: query
name: expression
schema:
type: string
- in: query
name: managed
schema:
type: array
items:
type: string
explode: true
style: form
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- in: query
name: pm_uuid
schema:
type: string
format: uuid
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- propertymappings
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedLDAPSourcePropertyMappingList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: propertymappings_source_ldap_create
description: LDAP PropertyMapping Viewset
tags:
- propertymappings
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/LDAPSourcePropertyMappingRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/LDAPSourcePropertyMapping'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/propertymappings/source/ldap/{pm_uuid}/:
get:
operationId: propertymappings_source_ldap_retrieve
description: LDAP PropertyMapping Viewset
parameters:
- in: path
name: pm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this LDAP Source Property Mapping.
required: true
tags:
- propertymappings
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/LDAPSourcePropertyMapping'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: propertymappings_source_ldap_update
description: LDAP PropertyMapping Viewset
parameters:
- in: path
name: pm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this LDAP Source Property Mapping.
required: true
tags:
- propertymappings
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/LDAPSourcePropertyMappingRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/LDAPSourcePropertyMapping'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: propertymappings_source_ldap_partial_update
description: LDAP PropertyMapping Viewset
parameters:
- in: path
name: pm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this LDAP Source Property Mapping.
required: true
tags:
- propertymappings
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedLDAPSourcePropertyMappingRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/LDAPSourcePropertyMapping'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: propertymappings_source_ldap_destroy
description: LDAP PropertyMapping Viewset
parameters:
- in: path
name: pm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this LDAP Source Property Mapping.
required: true
tags:
- propertymappings
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/propertymappings/source/ldap/{pm_uuid}/used_by/:
get:
operationId: propertymappings_source_ldap_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: pm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this LDAP Source Property Mapping.
required: true
tags:
- propertymappings
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/providers/all/:
get:
operationId: providers_all_list
@ -20803,8 +20803,8 @@ paths:
- authentik_providers_scim.scimmapping
- authentik_providers_scim.scimprovider
- authentik_rbac.role
- authentik_sources_ldap.ldappropertymapping
- authentik_sources_ldap.ldapsource
- authentik_sources_ldap.ldapsourcepropertymapping
- authentik_sources_oauth.oauthsource
- authentik_sources_oauth.useroauthsourceconnection
- authentik_sources_plex.plexsource
@ -21022,8 +21022,8 @@ paths:
- authentik_providers_scim.scimmapping
- authentik_providers_scim.scimprovider
- authentik_rbac.role
- authentik_sources_ldap.ldappropertymapping
- authentik_sources_ldap.ldapsource
- authentik_sources_ldap.ldapsourcepropertymapping
- authentik_sources_oauth.oauthsource
- authentik_sources_oauth.useroauthsourceconnection
- authentik_sources_plex.plexsource
@ -37596,73 +37596,6 @@ components:
- bind_flow_slug
- name
- pk
LDAPPropertyMapping:
type: object
description: LDAP PropertyMapping Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Pm uuid
managed:
type: string
nullable: true
title: Managed by authentik
description: Objects that are managed by authentik. These objects are created
and updated automatically. This flag only indicates that an object can
be overwritten by migrations. You can still modify the objects via the
API, but expect changes to be overwritten in a later update.
name:
type: string
expression:
type: string
component:
type: string
description: Get object's component so that we know how to edit the object
readOnly: true
verbose_name:
type: string
description: Return object's verbose_name
readOnly: true
verbose_name_plural:
type: string
description: Return object's plural verbose_name
readOnly: true
meta_model_name:
type: string
description: Return internal model name
readOnly: true
required:
- component
- expression
- meta_model_name
- name
- pk
- verbose_name
- verbose_name_plural
LDAPPropertyMappingRequest:
type: object
description: LDAP PropertyMapping Serializer
properties:
managed:
type: string
nullable: true
minLength: 1
title: Managed by authentik
description: Objects that are managed by authentik. These objects are created
and updated automatically. This flag only indicates that an object can
be overwritten by migrations. You can still modify the objects via the
API, but expect changes to be overwritten in a later update.
name:
type: string
minLength: 1
expression:
type: string
minLength: 1
required:
- expression
- name
LDAPProvider:
type: object
description: LDAPProvider Serializer
@ -38005,6 +37938,73 @@ components:
- slug
- verbose_name
- verbose_name_plural
LDAPSourcePropertyMapping:
type: object
description: LDAP PropertyMapping Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Pm uuid
managed:
type: string
nullable: true
title: Managed by authentik
description: Objects that are managed by authentik. These objects are created
and updated automatically. This flag only indicates that an object can
be overwritten by migrations. You can still modify the objects via the
API, but expect changes to be overwritten in a later update.
name:
type: string
expression:
type: string
component:
type: string
description: Get object's component so that we know how to edit the object
readOnly: true
verbose_name:
type: string
description: Return object's verbose_name
readOnly: true
verbose_name_plural:
type: string
description: Return object's plural verbose_name
readOnly: true
meta_model_name:
type: string
description: Return internal model name
readOnly: true
required:
- component
- expression
- meta_model_name
- name
- pk
- verbose_name
- verbose_name_plural
LDAPSourcePropertyMappingRequest:
type: object
description: LDAP PropertyMapping Serializer
properties:
managed:
type: string
nullable: true
minLength: 1
title: Managed by authentik
description: Objects that are managed by authentik. These objects are created
and updated automatically. This flag only indicates that an object can
be overwritten by migrations. You can still modify the objects via the
API, but expect changes to be overwritten in a later update.
name:
type: string
minLength: 1
expression:
type: string
minLength: 1
required:
- expression
- name
LDAPSourceRequest:
type: object
description: LDAP Source Serializer
@ -38608,7 +38608,7 @@ components:
- authentik_providers_scim.scimmapping
- authentik_rbac.role
- authentik_sources_ldap.ldapsource
- authentik_sources_ldap.ldappropertymapping
- authentik_sources_ldap.ldapsourcepropertymapping
- authentik_sources_oauth.oauthsource
- authentik_sources_oauth.useroauthsourceconnection
- authentik_sources_plex.plexsource
@ -40097,18 +40097,6 @@ components:
required:
- pagination
- results
PaginatedLDAPPropertyMappingList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/LDAPPropertyMapping'
required:
- pagination
- results
PaginatedLDAPProviderList:
type: object
properties:
@ -40133,6 +40121,18 @@ components:
required:
- pagination
- results
PaginatedLDAPSourcePropertyMappingList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/LDAPSourcePropertyMapping'
required:
- pagination
- results
PaginatedLicenseList:
type: object
properties:
@ -42247,25 +42247,6 @@ components:
verify_ssl:
type: boolean
description: Verify SSL Certificates of the Kubernetes API endpoint
PatchedLDAPPropertyMappingRequest:
type: object
description: LDAP PropertyMapping Serializer
properties:
managed:
type: string
nullable: true
minLength: 1
title: Managed by authentik
description: Objects that are managed by authentik. These objects are created
and updated automatically. This flag only indicates that an object can
be overwritten by migrations. You can still modify the objects via the
API, but expect changes to be overwritten in a later update.
name:
type: string
minLength: 1
expression:
type: string
minLength: 1
PatchedLDAPProviderRequest:
type: object
description: LDAPProvider Serializer
@ -42330,6 +42311,25 @@ components:
should only be enabled if all users that will bind to this provider have
a TOTP device configured, as otherwise a password may incorrectly be rejected
if it contains a semicolon.
PatchedLDAPSourcePropertyMappingRequest:
type: object
description: LDAP PropertyMapping Serializer
properties:
managed:
type: string
nullable: true
minLength: 1
title: Managed by authentik
description: Objects that are managed by authentik. These objects are created
and updated automatically. This flag only indicates that an object can
be overwritten by migrations. You can still modify the objects via the
API, but expect changes to be overwritten in a later update.
name:
type: string
minLength: 1
expression:
type: string
minLength: 1
PatchedLDAPSourceRequest:
type: object
description: LDAP Source Serializer

20
tests/e2e/test_source_ldap_samba.py
View File

@ -9,7 +9,7 @@ from authentik.blueprints.tests import apply_blueprint
from authentik.core.models import Group, User
from authentik.lib.generators import generate_id, generate_key
from authentik.sources.ldap.auth import LDAPBackend
from authentik.sources.ldap.models import LDAPPropertyMapping, LDAPSource
from authentik.sources.ldap.models import LDAPSource, LDAPSourcePropertyMapping
from authentik.sources.ldap.sync.groups import GroupLDAPSynchronizer
from authentik.sources.ldap.sync.membership import MembershipLDAPSynchronizer
from authentik.sources.ldap.sync.users import UserLDAPSynchronizer
@ -56,13 +56,15 @@ class TestSourceLDAPSamba(SeleniumTestCase):
additional_group_dn="ou=groups",
)
source.user_property_mappings.set(
LDAPPropertyMapping.objects.filter(
LDAPSourcePropertyMapping.objects.filter(
Q(managed__startswith="goauthentik.io/sources/ldap/default-")
| Q(managed__startswith="goauthentik.io/sources/ldap/ms-")
)
)
source.group_property_mappings.set(
LDAPPropertyMapping.objects.filter(name="goauthentik.io/sources/ldap/default-name")
LDAPSourcePropertyMapping.objects.filter(
name="goauthentik.io/sources/ldap/default-name"
)
)
UserLDAPSynchronizer(source).sync_full()
self.assertTrue(User.objects.filter(username="bob").exists())
@ -87,13 +89,15 @@ class TestSourceLDAPSamba(SeleniumTestCase):
additional_group_dn="ou=groups",
)
source.user_property_mappings.set(
LDAPPropertyMapping.objects.filter(
LDAPSourcePropertyMapping.objects.filter(
Q(managed__startswith="goauthentik.io/sources/ldap/default-")
| Q(managed__startswith="goauthentik.io/sources/ldap/ms-")
)
)
source.group_property_mappings.set(
LDAPPropertyMapping.objects.filter(managed="goauthentik.io/sources/ldap/default-name")
LDAPSourcePropertyMapping.objects.filter(
managed="goauthentik.io/sources/ldap/default-name"
)
)
GroupLDAPSynchronizer(source).sync_full()
UserLDAPSynchronizer(source).sync_full()
@ -131,13 +135,15 @@ class TestSourceLDAPSamba(SeleniumTestCase):
password_login_update_internal_password=True,
)
source.user_property_mappings.set(
LDAPPropertyMapping.objects.filter(
LDAPSourcePropertyMapping.objects.filter(
Q(managed__startswith="goauthentik.io/sources/ldap/default-")
| Q(managed__startswith="goauthentik.io/sources/ldap/ms-")
)
)
source.group_property_mappings.set(
LDAPPropertyMapping.objects.filter(name="goauthentik.io/sources/ldap/default-name")
LDAPSourcePropertyMapping.objects.filter(
name="goauthentik.io/sources/ldap/default-name"
)
)
UserLDAPSynchronizer(source).sync_full()
username = "bob"

22
web/src/admin/property-mappings/PropertyMappingLDAPForm.ts → web/src/admin/property-mappings/PropertyMappingLDAPSourceForm.ts
View File

@ -10,25 +10,25 @@ import { TemplateResult, html } from "lit";
import { customElement } from "lit/decorators.js";
import { ifDefined } from "lit/directives/if-defined.js";
import { LDAPPropertyMapping, PropertymappingsApi } from "@goauthentik/api";
import { LDAPSourcePropertyMapping, PropertymappingsApi } from "@goauthentik/api";
@customElement("ak-property-mapping-ldap-form")
export class PropertyMappingLDAPForm extends BasePropertyMappingForm<LDAPPropertyMapping> {
loadInstance(pk: string): Promise<LDAPPropertyMapping> {
return new PropertymappingsApi(DEFAULT_CONFIG).propertymappingsLdapRetrieve({
@customElement("ak-property-mapping-ldap-source-form")
export class PropertyMappingLDAPSourceForm extends BasePropertyMappingForm<LDAPSourcePropertyMapping> {
loadInstance(pk: string): Promise<LDAPSourcePropertyMapping> {
return new PropertymappingsApi(DEFAULT_CONFIG).propertymappingsSourceLdapRetrieve({
pmUuid: pk,
});
}
async send(data: LDAPPropertyMapping): Promise<LDAPPropertyMapping> {
async send(data: LDAPSourcePropertyMapping): Promise<LDAPSourcePropertyMapping> {
if (this.instance) {
return new PropertymappingsApi(DEFAULT_CONFIG).propertymappingsLdapUpdate({
return new PropertymappingsApi(DEFAULT_CONFIG).propertymappingsSourceLdapUpdate({
pmUuid: this.instance.pk,
lDAPPropertyMappingRequest: data,
lDAPSourcePropertyMappingRequest: data,
});
} else {
return new PropertymappingsApi(DEFAULT_CONFIG).propertymappingsLdapCreate({
lDAPPropertyMappingRequest: data,
return new PropertymappingsApi(DEFAULT_CONFIG).propertymappingsSourceLdapCreate({
lDAPSourcePropertyMappingRequest: data,
});
}
}
@ -68,6 +68,6 @@ export class PropertyMappingLDAPForm extends BasePropertyMappingForm<LDAPPropert
declare global {
interface HTMLElementTagNameMap {
"ak-property-mapping-ldap-form": PropertyMappingLDAPForm;
"ak-property-mapping-ldap-source-form": PropertyMappingLDAPSourceForm;
}
}

2
web/src/admin/property-mappings/PropertyMappingListPage.ts
View File

@ -1,5 +1,5 @@
import "@goauthentik/admin/property-mappings/PropertyMappingGoogleWorkspaceForm";
import "@goauthentik/admin/property-mappings/PropertyMappingLDAPForm";
import "@goauthentik/admin/property-mappings/PropertyMappingLDAPSourceForm";
import "@goauthentik/admin/property-mappings/PropertyMappingMicrosoftEntraForm";
import "@goauthentik/admin/property-mappings/PropertyMappingNotification";
import "@goauthentik/admin/property-mappings/PropertyMappingRACForm";

4
web/src/admin/property-mappings/PropertyMappingRACForm.ts
View File

@ -33,7 +33,7 @@ export const staticSettingOptions: RadioOption<string | undefined>[] = [
];
@customElement("ak-property-mapping-rac-form")
export class PropertyMappingLDAPForm extends ModelForm<RACPropertyMapping, string> {
export class PropertyMappingRACForm extends ModelForm<RACPropertyMapping, string> {
loadInstance(pk: string): Promise<RACPropertyMapping> {
return new PropertymappingsApi(DEFAULT_CONFIG).propertymappingsRacRetrieve({
pmUuid: pk,
@ -177,6 +177,6 @@ export class PropertyMappingLDAPForm extends ModelForm<RACPropertyMapping, strin
declare global {
interface HTMLElementTagNameMap {
"ak-property-mapping-rac-form": PropertyMappingLDAPForm;
"ak-property-mapping-rac-form": PropertyMappingRACForm;
}
}

2
web/src/admin/property-mappings/PropertyMappingWizard.ts
View File

@ -1,4 +1,4 @@
import "@goauthentik/admin/property-mappings/PropertyMappingLDAPForm";
import "@goauthentik/admin/property-mappings/PropertyMappingLDAPSourceForm";
import "@goauthentik/admin/property-mappings/PropertyMappingNotification";
import "@goauthentik/admin/property-mappings/PropertyMappingRACForm";
import "@goauthentik/admin/property-mappings/PropertyMappingSAMLForm";

12
web/src/admin/sources/ldap/LDAPSourceForm.ts
View File

@ -18,22 +18,22 @@ import {
CoreApi,
CoreGroupsListRequest,
Group,
LDAPPropertyMapping,
LDAPSource,
LDAPSourcePropertyMapping,
LDAPSourceRequest,
PropertymappingsApi,
SourcesApi,
} from "@goauthentik/api";
async function propertyMappingsProvider(page = 1, search = "") {
const propertyMappings = await new PropertymappingsApi(DEFAULT_CONFIG).propertymappingsLdapList(
{
const propertyMappings = await new PropertymappingsApi(
DEFAULT_CONFIG,
).propertymappingsSourceLdapList({
ordering: "managed",
pageSize: 20,
search: search.trim(),
page,
},
);
});
return {
pagination: propertyMappings.pagination,
options: propertyMappings.results.map((m) => [m.pk, m.name, m.name, m]),
@ -44,7 +44,7 @@ function makePropertyMappingsSelector(instanceMappings?: string[]) {
const localMappings = instanceMappings ? new Set(instanceMappings) : undefined;
return localMappings
? ([pk, _]: DualSelectPair) => localMappings.has(pk)
: ([_0, _1, _2, mapping]: DualSelectPair<LDAPPropertyMapping>) =>
: ([_0, _1, _2, mapping]: DualSelectPair<LDAPSourcePropertyMapping>) =>
mapping?.managed?.startsWith("goauthentik.io/sources/ldap/default") ||
mapping?.managed?.startsWith("goauthentik.io/sources/ldap/ms");
}