|
|
5af2378738
|
outposts/ldap: Handle comma-separated attributes in LDAP search requests (#15000)
Closes https://github.com/goauthentik/authentik/issues/13539
When LDAP clients like Jira submit search requests with comma-separated attributes
(e.g., ["uid,cn,sn"] instead of ["uid", "cn", "sn"]), the LDAP outpost would return
an "Operations Error". Ths fix adds attribute normalization to properly handle
both formats by splitting comma separated attributes into individual entries.
Tests pass:
```
=== RUN TestNormalizeAttributes
=== RUN TestNormalizeAttributes/Empty_input
=== RUN TestNormalizeAttributes/No_commas
=== RUN TestNormalizeAttributes/Single_comma-separated_string
=== RUN TestNormalizeAttributes/Mixed_input
=== RUN TestNormalizeAttributes/With_spaces
=== RUN TestNormalizeAttributes/Empty_parts
=== RUN TestNormalizeAttributes/Single_element
=== RUN TestNormalizeAttributes/Only_commas
=== RUN TestNormalizeAttributes/Multiple_comma-separated_attributes
=== RUN TestNormalizeAttributes/Case_preservation
=== RUN TestNormalizeAttributes/Leading_and_trailing_spaces
=== RUN TestNormalizeAttributes/Real-world_LDAP_attribute_examples
=== RUN TestNormalizeAttributes/Jira-style_attribute_format
=== RUN TestNormalizeAttributes/Single_string_with_single_attribute
=== RUN TestNormalizeAttributes/Mix_of_standard_and_operational_attributes
--- PASS: TestNormalizeAttributes (0.00s)
--- PASS: TestNormalizeAttributes/Empty_input (0.00s)
--- PASS: TestNormalizeAttributes/No_commas (0.00s)
--- PASS: TestNormalizeAttributes/Single_comma-separated_string (0.00s)
--- PASS: TestNormalizeAttributes/Mixed_input (0.00s)
--- PASS: TestNormalizeAttributes/With_spaces (0.00s)
--- PASS: TestNormalizeAttributes/Empty_parts (0.00s)
--- PASS: TestNormalizeAttributes/Single_element (0.00s)
--- PASS: TestNormalizeAttributes/Only_commas (0.00s)
--- PASS: TestNormalizeAttributes/Multiple_comma-separated_attributes (0.00s)
--- PASS: TestNormalizeAttributes/Case_preservation (0.00s)
--- PASS: TestNormalizeAttributes/Leading_and_trailing_spaces (0.00s)
--- PASS: TestNormalizeAttributes/Real-world_LDAP_attribute_examples (0.00s)
--- PASS: TestNormalizeAttributes/Jira-style_attribute_format (0.00s)
--- PASS: TestNormalizeAttributes/Single_string_with_single_attribute (0.00s)
--- PASS: TestNormalizeAttributes/Mix_of_standard_and_operational_attributes (0.00s)
PASS
ok goauthentik.io/internal/outpost/ldap/search 0.194s
```
|
2025-06-11 18:16:40 +02:00 |
|
|
|
ae7ea4dd11
|
outposts/ldap: add more tests (#6188)
* outposts/ldap: add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix missing posixAccount
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* attempt to expand attributes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix routing without base DN
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more logging
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove our custom attribute filtering since this is done by the ldap library
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add test for schema
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-07-08 20:51:05 +02:00 |
|
|
|
54ef88a6fa
|
providers/ldap: rework Schema and DSE (#5838)
* rework Root DSE
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* always parse filter objectClass
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start adding LDAP Schema
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add more schema
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update schema more
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix cn for schema
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* only include main DN in namingContexts
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use schema from gh
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add description
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add response filtering
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix response filtering
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* don't return rootDSE entry when searching for singleLevel
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove currentTime
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix attribute filtering
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* set SINGLE-VALUE
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix numbers
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-06-08 15:16:40 +02:00 |
|
|
|
0ce41a1b2d
|
providers/ldap: add StartTLS support (#5861)
* providers/ldap: add StartTLS support
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add starttls test
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update form and docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* re-add tls server name
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update release notes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-06-06 21:40:19 +02:00 |
|
|
|
4d58eba027
|
core: bump github.com/getsentry/sentry-go from 0.20.0 to 0.21.0 (#5548)
* core: bump github.com/getsentry/sentry-go from 0.20.0 to 0.21.0
Bumps [github.com/getsentry/sentry-go](https://github.com/getsentry/sentry-go) from 0.20.0 to 0.21.0.
- [Release notes](https://github.com/getsentry/sentry-go/releases)
- [Changelog](https://github.com/getsentry/sentry-go/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-go/compare/v0.20.0...v0.21.0)
---
updated-dependencies:
- dependency-name: github.com/getsentry/sentry-go
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
|
2023-05-09 11:22:57 +02:00 |
|
|
|
947ecec02b
|
outposts/ldap: Fix more case sensitivity issues. (#2144)
|
2022-01-25 11:27:27 +01:00 |
|
|
|
7d6e88061f
|
outposts: check if hub from context is set and fallback
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-12-16 11:19:57 +01:00 |
|
|
|
f8aab40e3e
|
internal: cleanup duplicate and redundant code, properly set sentry SDK scope settings
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-12-16 11:00:19 +01:00 |
|
|
|
bd2e453218
|
outposts/ldap: Fix search case sensitivity. (#1897)
|
2021-12-08 20:11:56 +01:00 |
|
|
|
5a8c66d325
|
providers/ldap: memory Query (#1681)
* outposts/ldap: modularise ldap outpost, to allow different searchers and binders
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* outposts/ldap: add basic in-memory searcher
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* providers/ldap: add search mode field
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* outpost: add search mode field
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-11-05 10:37:30 +01:00 |
|
