From 8f0572d11e13342bc0f6c7e95d131697b5a2dfd8 Mon Sep 17 00:00:00 2001 From: Jens L Date: Thu, 2 Jun 2022 18:48:07 +0200 Subject: [PATCH] outposts/ldap: add correct group objectClass (#3023) Signed-off-by: Jens Langhammer #2861 --- internal/outpost/ldap/constants/constants.go | 3 +++ internal/outpost/ldap/group/group.go | 2 +- website/docs/releases/v2022.6.md | 6 +++--- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/internal/outpost/ldap/constants/constants.go b/internal/outpost/ldap/constants/constants.go index f4a5a612d..d5647f780 100644 --- a/internal/outpost/ldap/constants/constants.go +++ b/internal/outpost/ldap/constants/constants.go @@ -9,6 +9,7 @@ const ( const ( OCGroup = "group" OCGroupOfUniqueNames = "groupOfUniqueNames" + OCGroupOfNames = "groupOfNames" OCAKGroup = "goauthentik.io/ldap/group" OCAKVirtualGroup = "goauthentik.io/ldap/virtual-group" ) @@ -53,6 +54,7 @@ func GetGroupOCs() map[string]bool { return map[string]bool{ OCGroup: true, OCGroupOfUniqueNames: true, + OCGroupOfNames: true, OCAKGroup: true, } } @@ -61,6 +63,7 @@ func GetVirtualGroupOCs() map[string]bool { return map[string]bool{ OCGroup: true, OCGroupOfUniqueNames: true, + OCGroupOfNames: true, OCAKVirtualGroup: true, } } diff --git a/internal/outpost/ldap/group/group.go b/internal/outpost/ldap/group/group.go index 94a1ae913..638e0f61c 100644 --- a/internal/outpost/ldap/group/group.go +++ b/internal/outpost/ldap/group/group.go @@ -22,7 +22,7 @@ type LDAPGroup struct { func (lg *LDAPGroup) Entry() *ldap.Entry { attrs := utils.AKAttrsToLDAP(lg.AKAttributes) - objectClass := []string{constants.OCGroup, constants.OCGroupOfUniqueNames, constants.OCAKGroup} + objectClass := []string{constants.OCGroup, constants.OCGroupOfUniqueNames, constants.OCGroupOfNames, constants.OCAKGroup} if lg.IsVirtualGroup { objectClass = append(objectClass, constants.OCAKVirtualGroup) } diff --git a/website/docs/releases/v2022.6.md b/website/docs/releases/v2022.6.md index 289ddd103..81e60bdf0 100644 --- a/website/docs/releases/v2022.6.md +++ b/website/docs/releases/v2022.6.md @@ -3,11 +3,9 @@ title: Release 2022.6 slug: "2022.6" --- -## Breaking changes - ## New features -- Added well-known and JWKS URL in OAuth Source +- Added OIDC well-known and JWKS URL in OAuth Source These fields can be used to automatically configure OAuth Sources based on the [OpenID Connect Discovery Spec](https://openid.net/specs/openid-connect-discovery-1_0.html). Additionally, you can manually define a JWKS URL or raw JWKS data, and this can be used for Machine-to-machine authentication for OAuth2 Providers. @@ -23,6 +21,8 @@ slug: "2022.6" SMS authenticator stages can now be configured to hash the phone number. This is useful if you want to require your users to configure and confirm their phone numbers, without saving them in a readable-format. +- The LDAP outpost would incorrectly return `groupOfUniqueNames` as a group class when the members where returned in a manner like `groupOfNames` requires. `groupOfNames` has been added as an objectClass for LDAP Groups, and `groupOfUniqueNames` will be removed in the next version. + ## Minor changes/fixes ## Upgrading