From 83bf639926a17f36649765304f0418fd97b543dd Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Fri, 5 Feb 2021 15:17:57 +0100 Subject: [PATCH] sources/ldap: use both entryDN and dn (for active-directory) --- authentik/sources/ldap/sync/groups.py | 8 ++++---- authentik/sources/ldap/sync/membership.py | 14 ++++++++------ authentik/sources/ldap/sync/users.py | 3 +-- authentik/sources/ldap/tests/test_sync.py | 3 ++- 4 files changed, 15 insertions(+), 13 deletions(-) diff --git a/authentik/sources/ldap/sync/groups.py b/authentik/sources/ldap/sync/groups.py index 2d71de62f..cfa828c17 100644 --- a/authentik/sources/ldap/sync/groups.py +++ b/authentik/sources/ldap/sync/groups.py @@ -24,7 +24,9 @@ class GroupLDAPSynchronizer(BaseLDAPSynchronizer): group_count = 0 for group in groups: attributes = group.get("attributes", {}) - group_dn = self._flatten(group.get("entryDN", "")) + group_dn = self._flatten( + self._flatten(group.get("entryDN", group.get("dn"))) + ) if self._source.object_uniqueness_field not in attributes: self._logger.warning( "Cannot find uniqueness Field in attributes", @@ -48,8 +50,6 @@ class GroupLDAPSynchronizer(BaseLDAPSynchronizer): }, } ) - self._logger.debug( - "Synced group", group=name, created=created - ) + self._logger.debug("Synced group", group=name, created=created) group_count += 1 return group_count diff --git a/authentik/sources/ldap/sync/membership.py b/authentik/sources/ldap/sync/membership.py index 0fedf793f..90849a9a2 100644 --- a/authentik/sources/ldap/sync/membership.py +++ b/authentik/sources/ldap/sync/membership.py @@ -3,8 +3,8 @@ from typing import Any, Optional import ldap3 import ldap3.core.exceptions - from django.db.models import Q + from authentik.core.models import Group, User from authentik.sources.ldap.auth import LDAP_DISTINGUISHED_NAME from authentik.sources.ldap.models import LDAPSource @@ -42,11 +42,13 @@ class MembershipLDAPSynchronizer(BaseLDAPSynchronizer): continue users = User.objects.filter( - Q(**{f"attributes__{LDAP_DISTINGUISHED_NAME}__in": members}) | - Q(**{ - f"attributes__{LDAP_DISTINGUISHED_NAME}__isnull": True, - "ak_groups__in": [ak_group] - }) + Q(**{f"attributes__{LDAP_DISTINGUISHED_NAME}__in": members}) + | Q( + **{ + f"attributes__{LDAP_DISTINGUISHED_NAME}__isnull": True, + "ak_groups__in": [ak_group], + } + ) ) membership_count += 1 membership_count += users.count() diff --git a/authentik/sources/ldap/sync/users.py b/authentik/sources/ldap/sync/users.py index fed63b9a1..7506a8cd4 100644 --- a/authentik/sources/ldap/sync/users.py +++ b/authentik/sources/ldap/sync/users.py @@ -28,9 +28,8 @@ class UserLDAPSynchronizer(BaseLDAPSynchronizer): ) user_count = 0 for user in users: - self._logger.debug(user) attributes = user.get("attributes", {}) - user_dn = self._flatten(user.get("entryDN", "")) + user_dn = self._flatten(user.get("entryDN", user.get("dn"))) if self._source.object_uniqueness_field not in attributes: self._logger.warning( "Cannot find uniqueness Field in attributes", diff --git a/authentik/sources/ldap/tests/test_sync.py b/authentik/sources/ldap/tests/test_sync.py index 4c40ab733..1a6a53b2b 100644 --- a/authentik/sources/ldap/tests/test_sync.py +++ b/authentik/sources/ldap/tests/test_sync.py @@ -1,5 +1,4 @@ """LDAP Source tests""" -from authentik.sources.ldap.tests.mock_slapd import mock_slapd_connection from unittest.mock import PropertyMock, patch from django.db.models import Q @@ -14,9 +13,11 @@ from authentik.sources.ldap.sync.membership import MembershipLDAPSynchronizer from authentik.sources.ldap.sync.users import UserLDAPSynchronizer from authentik.sources.ldap.tasks import ldap_sync_all from authentik.sources.ldap.tests.mock_ad import mock_ad_connection +from authentik.sources.ldap.tests.mock_slapd import mock_slapd_connection LDAP_PASSWORD = generate_client_secret() + class LDAPSyncTests(TestCase): """LDAP Sync tests"""