From 64ca5d42be0ec967b00ec7c3c7fced16311e0db8 Mon Sep 17 00:00:00 2001 From: Marc 'risson' Schmitt Date: Thu, 28 Dec 2023 14:21:08 +0100 Subject: [PATCH] outposts/ldap: allow overriding gidNumber for a user (#8003) Signed-off-by: Marc 'risson' Schmitt --- internal/outpost/ldap/entries.go | 5 +++-- internal/outpost/ldap/group/group.go | 5 +++-- internal/outpost/ldap/server/base.go | 6 ++++-- internal/outpost/ldap/utils.go | 14 ++++++++++++-- 4 files changed, 22 insertions(+), 8 deletions(-) diff --git a/internal/outpost/ldap/entries.go b/internal/outpost/ldap/entries.go index 2236a9964..d0f4abcf6 100644 --- a/internal/outpost/ldap/entries.go +++ b/internal/outpost/ldap/entries.go @@ -6,6 +6,7 @@ import ( "strings" "beryju.io/ldap" + "goauthentik.io/api/v3" "goauthentik.io/internal/outpost/ldap/constants" "goauthentik.io/internal/outpost/ldap/utils" @@ -49,8 +50,8 @@ func (pi *ProviderInstance) UserEntry(u api.User) *ldap.Entry { constants.OCPosixAccount, constants.OCAKUser, }, - "uidNumber": {pi.GetUidNumber(u)}, - "gidNumber": {pi.GetUidNumber(u)}, + "uidNumber": {pi.GetUserUidNumber(u)}, + "gidNumber": {pi.GetUserGidNumber(u)}, "homeDirectory": {fmt.Sprintf("/home/%s", u.Username)}, "sn": {u.Name}, }) diff --git a/internal/outpost/ldap/group/group.go b/internal/outpost/ldap/group/group.go index abfdf987f..21fd39b05 100644 --- a/internal/outpost/ldap/group/group.go +++ b/internal/outpost/ldap/group/group.go @@ -4,6 +4,7 @@ import ( "strconv" "beryju.io/ldap" + "goauthentik.io/api/v3" "goauthentik.io/internal/outpost/ldap/constants" "goauthentik.io/internal/outpost/ldap/server" @@ -50,7 +51,7 @@ func FromAPIGroup(g api.Group, si server.LDAPServerInstance) *LDAPGroup { DN: si.GetGroupDN(g.Name), CN: g.Name, Uid: string(g.Pk), - GidNumber: si.GetGidNumber(g), + GidNumber: si.GetGroupGidNumber(g), Member: si.UsersForGroup(g), IsVirtualGroup: false, IsSuperuser: *g.IsSuperuser, @@ -63,7 +64,7 @@ func FromAPIUser(u api.User, si server.LDAPServerInstance) *LDAPGroup { DN: si.GetVirtualGroupDN(u.Username), CN: u.Username, Uid: u.Uid, - GidNumber: si.GetUidNumber(u), + GidNumber: si.GetUserGidNumber(u), Member: []string{si.GetUserDN(u.Username)}, IsVirtualGroup: true, IsSuperuser: false, diff --git a/internal/outpost/ldap/server/base.go b/internal/outpost/ldap/server/base.go index ff6649a03..2983e3afc 100644 --- a/internal/outpost/ldap/server/base.go +++ b/internal/outpost/ldap/server/base.go @@ -3,6 +3,7 @@ package server import ( "beryju.io/ldap" "github.com/go-openapi/strfmt" + "goauthentik.io/api/v3" "goauthentik.io/internal/outpost/ldap/flags" ) @@ -28,8 +29,9 @@ type LDAPServerInstance interface { GetGroupDN(string) string GetVirtualGroupDN(string) string - GetUidNumber(api.User) string - GetGidNumber(api.Group) string + GetUserUidNumber(api.User) string + GetUserGidNumber(api.User) string + GetGroupGidNumber(api.Group) string UsersForGroup(api.Group) []string diff --git a/internal/outpost/ldap/utils.go b/internal/outpost/ldap/utils.go index 6dbf0723b..22c44fe90 100644 --- a/internal/outpost/ldap/utils.go +++ b/internal/outpost/ldap/utils.go @@ -35,7 +35,7 @@ func (pi *ProviderInstance) GetVirtualGroupDN(group string) string { return fmt.Sprintf("cn=%s,%s", group, pi.VirtualGroupDN) } -func (pi *ProviderInstance) GetUidNumber(user api.User) string { +func (pi *ProviderInstance) GetUserUidNumber(user api.User) string { uidNumber, ok := user.GetAttributes()["uidNumber"].(string) if ok { @@ -45,7 +45,17 @@ func (pi *ProviderInstance) GetUidNumber(user api.User) string { return strconv.FormatInt(int64(pi.uidStartNumber+user.Pk), 10) } -func (pi *ProviderInstance) GetGidNumber(group api.Group) string { +func (pi *ProviderInstance) GetUserGidNumber(user api.User) string { + gidNumber, ok := user.GetAttributes()["gidNumber"].(string) + + if ok { + return gidNumber + } + + return pi.GetUserUidNumber(user) +} + +func (pi *ProviderInstance) GetGroupGidNumber(group api.Group) string { gidNumber, ok := group.GetAttributes()["gidNumber"].(string) if ok {