2021-11-05 09:37:30 +00:00
|
|
|
package ldap
|
|
|
|
|
|
|
|
import (
|
2023-02-22 14:26:41 +00:00
|
|
|
"fmt"
|
2022-10-16 20:32:18 +00:00
|
|
|
"strconv"
|
2023-02-22 14:26:41 +00:00
|
|
|
"strings"
|
2022-10-16 20:32:18 +00:00
|
|
|
|
2021-11-05 09:37:30 +00:00
|
|
|
"github.com/nmcclain/ldap"
|
2022-03-03 09:40:07 +00:00
|
|
|
"goauthentik.io/api/v3"
|
2021-11-05 09:37:30 +00:00
|
|
|
"goauthentik.io/internal/outpost/ldap/constants"
|
|
|
|
"goauthentik.io/internal/outpost/ldap/utils"
|
|
|
|
)
|
|
|
|
|
|
|
|
func (pi *ProviderInstance) UserEntry(u api.User) *ldap.Entry {
|
|
|
|
dn := pi.GetUserDN(u.Username)
|
2023-02-22 14:26:41 +00:00
|
|
|
userValueMap := func(value []string) []string {
|
|
|
|
for i, v := range value {
|
|
|
|
if strings.Contains(v, "%s") {
|
|
|
|
value[i] = fmt.Sprintf(v, u.Username)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return value
|
|
|
|
}
|
|
|
|
attrs := utils.AttributesToLDAP(u.Attributes, func(key string) string {
|
|
|
|
return utils.AttributeKeySanitize(key)
|
|
|
|
}, userValueMap)
|
|
|
|
rawAttrs := utils.AttributesToLDAP(u.Attributes, func(key string) string {
|
|
|
|
return key
|
|
|
|
}, userValueMap)
|
|
|
|
// Only append attributes that don't already exist
|
|
|
|
// TODO: Remove in 2023.3
|
|
|
|
for _, rawAttr := range rawAttrs {
|
2023-03-16 11:14:17 +00:00
|
|
|
exists := false
|
2023-02-22 14:26:41 +00:00
|
|
|
for _, attr := range attrs {
|
2023-03-16 11:14:17 +00:00
|
|
|
if strings.EqualFold(attr.Name, rawAttr.Name) {
|
|
|
|
exists = true
|
2023-02-22 14:26:41 +00:00
|
|
|
}
|
|
|
|
}
|
2023-03-16 11:14:17 +00:00
|
|
|
if !exists {
|
|
|
|
attrs = append(attrs, rawAttr)
|
|
|
|
}
|
2023-02-22 14:26:41 +00:00
|
|
|
}
|
2021-11-05 09:37:30 +00:00
|
|
|
|
2022-09-23 20:11:47 +00:00
|
|
|
if u.IsActive == nil {
|
|
|
|
u.IsActive = api.PtrBool(false)
|
|
|
|
}
|
|
|
|
if u.Email == nil {
|
|
|
|
u.Email = api.PtrString("")
|
|
|
|
}
|
2021-11-05 09:37:30 +00:00
|
|
|
attrs = utils.EnsureAttributes(attrs, map[string][]string{
|
2023-02-22 13:18:22 +00:00
|
|
|
// Old fields for backwards compatibility
|
2022-10-16 20:32:18 +00:00
|
|
|
"goauthentik.io/ldap/active": {strconv.FormatBool(*u.IsActive)},
|
|
|
|
"goauthentik.io/ldap/superuser": {strconv.FormatBool(u.IsSuperuser)},
|
2023-02-22 13:18:22 +00:00
|
|
|
// End old fields
|
|
|
|
"ak-active": {strconv.FormatBool(*u.IsActive)},
|
|
|
|
"ak-superuser": {strconv.FormatBool(u.IsSuperuser)},
|
|
|
|
"memberOf": pi.GroupsForUser(u),
|
|
|
|
"cn": {u.Username},
|
|
|
|
"sAMAccountName": {u.Username},
|
|
|
|
"uid": {u.Uid},
|
|
|
|
"name": {u.Name},
|
|
|
|
"displayName": {u.Name},
|
|
|
|
"mail": {*u.Email},
|
|
|
|
"objectClass": {constants.OCUser, constants.OCOrgPerson, constants.OCInetOrgPerson, constants.OCAKUser},
|
|
|
|
"uidNumber": {pi.GetUidNumber(u)},
|
|
|
|
"gidNumber": {pi.GetUidNumber(u)},
|
2023-02-22 14:26:41 +00:00
|
|
|
"homeDirectory": {fmt.Sprintf("/home/%s", u.Username)},
|
|
|
|
"sn": {u.Name},
|
2021-11-05 09:37:30 +00:00
|
|
|
})
|
|
|
|
return &ldap.Entry{DN: dn, Attributes: attrs}
|
|
|
|
}
|