outposts/ldap: add support for member query

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

internal/outpost/ldap/instance_search.go

@@ -105,7 +105,6 @@ func (pi *ProviderInstance) Search(req SearchRequest) (ldap.ServerSearchResult,
 			entries = append(entries, pi.UserEntry(u))
 		}
 	}
-	req.log.WithField("filter", req.Filter).WithField("results", len(entries)).Debug("Search OK")
 	return ldap.ServerSearchResult{Entries: entries, Referrals: []string{}, Controls: []ldap.Control{}, ResultCode: ldap.LDAPResultSuccess}, nil
 }
 

internal/outpost/ldap/instance_search_group.go

@@ -1,6 +1,7 @@
 package ldap
 
 import (
+	goldap "github.com/go-ldap/ldap/v3"
 	ber "github.com/nmcclain/asn1-ber"
 	"github.com/nmcclain/ldap"
 	"goauthentik.io/api"
@@ -40,6 +41,13 @@ func parseFilterForGroupSingle(req api.ApiCoreGroupsListRequest, f *ber.Packet)
 		switch k {
 		case "cn":
 			return req.Name(vv)
+		case "member":
+			userDN, err := goldap.ParseDN(vv)
+			if err != nil {
+				return req
+			}
+			username := userDN.RDNs[0].Attributes[0].Value
+			return req.MembersByUsername([]string{username})
 		}
 	// TODO: Support int
 	default:

internal/outpost/ldap/search.go

@@ -28,8 +28,6 @@ func (ls *LDAPServer) Search(bindDN string, searchReq ldap.SearchRequest, conn n
 	span.SetTag("ak_filter", searchReq.Filter)
 	span.SetTag("ak_base_dn", searchReq.BaseDN)
 
-	defer span.Finish()
-
 	bindDN = strings.ToLower(bindDN)
 	rid := uuid.New().String()
 	req := SearchRequest{
@@ -40,7 +38,11 @@ func (ls *LDAPServer) Search(bindDN string, searchReq ldap.SearchRequest, conn n
 		id:            rid,
 		ctx:           span.Context(),
 	}
-	req.log.Info("Search request")
+
+	defer func() {
+		span.Finish()
+		req.log.WithField("took-ms", span.EndTime.Sub(span.StartTime).Milliseconds()).Info("Search request")
+	}()
 
 	defer func() {
 		err := recover()