habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
20003dcee9de71ffb8858f380e6541557a3eaccb
authentik/internal/outpost
History
Dominic R 5af2378738 outposts/ldap: Handle comma-separated attributes in LDAP search requests (#15000) 
Closes https://github.com/goauthentik/authentik/issues/13539

When LDAP clients like Jira submit search requests with comma-separated attributes
(e.g., ["uid,cn,sn"] instead of ["uid", "cn", "sn"]), the LDAP outpost would return
an "Operations Error". Ths fix adds attribute normalization to properly handle
both formats by splitting comma separated attributes into individual entries.

Tests pass:
```
=== RUN   TestNormalizeAttributes
=== RUN   TestNormalizeAttributes/Empty_input
=== RUN   TestNormalizeAttributes/No_commas
=== RUN   TestNormalizeAttributes/Single_comma-separated_string
=== RUN   TestNormalizeAttributes/Mixed_input
=== RUN   TestNormalizeAttributes/With_spaces
=== RUN   TestNormalizeAttributes/Empty_parts
=== RUN   TestNormalizeAttributes/Single_element
=== RUN   TestNormalizeAttributes/Only_commas
=== RUN   TestNormalizeAttributes/Multiple_comma-separated_attributes
=== RUN   TestNormalizeAttributes/Case_preservation
=== RUN   TestNormalizeAttributes/Leading_and_trailing_spaces
=== RUN   TestNormalizeAttributes/Real-world_LDAP_attribute_examples
=== RUN   TestNormalizeAttributes/Jira-style_attribute_format
=== RUN   TestNormalizeAttributes/Single_string_with_single_attribute
=== RUN   TestNormalizeAttributes/Mix_of_standard_and_operational_attributes
--- PASS: TestNormalizeAttributes (0.00s)
    --- PASS: TestNormalizeAttributes/Empty_input (0.00s)
    --- PASS: TestNormalizeAttributes/No_commas (0.00s)
    --- PASS: TestNormalizeAttributes/Single_comma-separated_string (0.00s)
    --- PASS: TestNormalizeAttributes/Mixed_input (0.00s)
    --- PASS: TestNormalizeAttributes/With_spaces (0.00s)
    --- PASS: TestNormalizeAttributes/Empty_parts (0.00s)
    --- PASS: TestNormalizeAttributes/Single_element (0.00s)
    --- PASS: TestNormalizeAttributes/Only_commas (0.00s)
    --- PASS: TestNormalizeAttributes/Multiple_comma-separated_attributes (0.00s)
    --- PASS: TestNormalizeAttributes/Case_preservation (0.00s)
    --- PASS: TestNormalizeAttributes/Leading_and_trailing_spaces (0.00s)
    --- PASS: TestNormalizeAttributes/Real-world_LDAP_attribute_examples (0.00s)
    --- PASS: TestNormalizeAttributes/Jira-style_attribute_format (0.00s)
    --- PASS: TestNormalizeAttributes/Single_string_with_single_attribute (0.00s)
    --- PASS: TestNormalizeAttributes/Mix_of_standard_and_operational_attributes (0.00s)
PASS
ok      goauthentik.io/internal/outpost/ldap/search     0.194s
```
2025-06-11 18:16:40 +02:00
..
ak
outposts: Refactor session end signal and add LDAP support (#14539)
2025-06-10 12:11:21 +02:00
flow
outposts: Refactor session end signal and add LDAP support (#14539)
2025-06-10 12:11:21 +02:00
ldap
outposts/ldap: Handle comma-separated attributes in LDAP search requests (#15000)
2025-06-11 18:16:40 +02:00
proxyv2
outposts: Refactor session end signal and add LDAP support (#14539)
2025-06-10 12:11:21 +02:00
rac
outposts: Refactor session end signal and add LDAP support (#14539)
2025-06-10 12:11:21 +02:00
radius
internal/outpost: fix incorrect usage of golang SHA API (#14981)
2025-06-09 20:57:36 +02:00