providers/ldap: remove deprecated fields (#5154)
* providers/ldap: remove deprecated fields Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update changelog Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
parent
b40caf12df
commit
bb92c4a967
|
@ -13,33 +13,16 @@ import (
|
|||
|
||||
func (pi *ProviderInstance) UserEntry(u api.User) *ldap.Entry {
|
||||
dn := pi.GetUserDN(u.Username)
|
||||
userValueMap := func(value []string) []string {
|
||||
attrs := utils.AttributesToLDAP(u.Attributes, func(key string) string {
|
||||
return utils.AttributeKeySanitize(key)
|
||||
}, func(value []string) []string {
|
||||
for i, v := range value {
|
||||
if strings.Contains(v, "%s") {
|
||||
value[i] = fmt.Sprintf(v, u.Username)
|
||||
}
|
||||
}
|
||||
return value
|
||||
}
|
||||
attrs := utils.AttributesToLDAP(u.Attributes, func(key string) string {
|
||||
return utils.AttributeKeySanitize(key)
|
||||
}, userValueMap)
|
||||
rawAttrs := utils.AttributesToLDAP(u.Attributes, func(key string) string {
|
||||
return key
|
||||
}, userValueMap)
|
||||
// Only append attributes that don't already exist
|
||||
// TODO: Remove in 2023.3
|
||||
for _, rawAttr := range rawAttrs {
|
||||
exists := false
|
||||
for _, attr := range attrs {
|
||||
if strings.EqualFold(attr.Name, rawAttr.Name) {
|
||||
exists = true
|
||||
}
|
||||
}
|
||||
if !exists {
|
||||
attrs = append(attrs, rawAttr)
|
||||
}
|
||||
}
|
||||
})
|
||||
|
||||
if u.IsActive == nil {
|
||||
u.IsActive = api.PtrBool(false)
|
||||
|
@ -48,10 +31,6 @@ func (pi *ProviderInstance) UserEntry(u api.User) *ldap.Entry {
|
|||
u.Email = api.PtrString("")
|
||||
}
|
||||
attrs = utils.EnsureAttributes(attrs, map[string][]string{
|
||||
// Old fields for backwards compatibility
|
||||
"goauthentik.io/ldap/active": {strconv.FormatBool(*u.IsActive)},
|
||||
"goauthentik.io/ldap/superuser": {strconv.FormatBool(u.IsSuperuser)},
|
||||
// End old fields
|
||||
"ak-active": {strconv.FormatBool(*u.IsActive)},
|
||||
"ak-superuser": {strconv.FormatBool(u.IsSuperuser)},
|
||||
"memberOf": pi.GroupsForUser(u),
|
||||
|
|
|
@ -2,7 +2,6 @@ package group
|
|||
|
||||
import (
|
||||
"strconv"
|
||||
"strings"
|
||||
|
||||
"github.com/nmcclain/ldap"
|
||||
"goauthentik.io/api/v3"
|
||||
|
@ -28,24 +27,6 @@ func (lg *LDAPGroup) Entry() *ldap.Entry {
|
|||
}, func(value []string) []string {
|
||||
return value
|
||||
})
|
||||
rawAttrs := utils.AttributesToLDAP(lg.Attributes, func(key string) string {
|
||||
return key
|
||||
}, func(value []string) []string {
|
||||
return value
|
||||
})
|
||||
// Only append attributes that don't already exist
|
||||
// TODO: Remove in 2023.3
|
||||
for _, rawAttr := range rawAttrs {
|
||||
exists := false
|
||||
for _, attr := range attrs {
|
||||
if strings.EqualFold(attr.Name, rawAttr.Name) {
|
||||
exists = true
|
||||
}
|
||||
}
|
||||
if !exists {
|
||||
attrs = append(attrs, rawAttr)
|
||||
}
|
||||
}
|
||||
|
||||
objectClass := []string{constants.OCGroup, constants.OCGroupOfUniqueNames, constants.OCGroupOfNames, constants.OCAKGroup, constants.OCPosixGroup}
|
||||
if lg.IsVirtualGroup {
|
||||
|
@ -53,9 +34,6 @@ func (lg *LDAPGroup) Entry() *ldap.Entry {
|
|||
}
|
||||
|
||||
attrs = utils.EnsureAttributes(attrs, map[string][]string{
|
||||
// Old fields for backwards compatibility
|
||||
"goauthentik.io/ldap/superuser": {strconv.FormatBool(lg.IsSuperuser)},
|
||||
// End old fields
|
||||
"ak-superuser": {strconv.FormatBool(lg.IsSuperuser)},
|
||||
"objectClass": objectClass,
|
||||
"member": lg.Member,
|
||||
|
|
|
@ -229,12 +229,6 @@ class TestProviderLDAP(SeleniumTestCase):
|
|||
"homeDirectory": [
|
||||
f"/home/{o_user.username}",
|
||||
],
|
||||
# Old fields for backwards compatibility
|
||||
"goauthentik.io/ldap/active": ["true"],
|
||||
"goauthentik.io/ldap/superuser": ["false"],
|
||||
"goauthentik.io/user/override-ips": ["true"],
|
||||
"goauthentik.io/user/service-account": ["true"],
|
||||
# End old fields
|
||||
"ak-active": ["true"],
|
||||
"ak-superuser": ["false"],
|
||||
"goauthentikio-user-override-ips": ["true"],
|
||||
|
@ -264,12 +258,6 @@ class TestProviderLDAP(SeleniumTestCase):
|
|||
"homeDirectory": [
|
||||
f"/home/{embedded_account.username}",
|
||||
],
|
||||
# Old fields for backwards compatibility
|
||||
"goauthentik.io/ldap/active": ["true"],
|
||||
"goauthentik.io/ldap/superuser": ["false"],
|
||||
"goauthentik.io/user/override-ips": ["true"],
|
||||
"goauthentik.io/user/service-account": ["true"],
|
||||
# End old fields
|
||||
"ak-active": ["true"],
|
||||
"ak-superuser": ["false"],
|
||||
"goauthentikio-user-override-ips": ["true"],
|
||||
|
@ -302,10 +290,6 @@ class TestProviderLDAP(SeleniumTestCase):
|
|||
"homeDirectory": [
|
||||
f"/home/{self.user.username}",
|
||||
],
|
||||
# Old fields for backwards compatibility
|
||||
"goauthentik.io/ldap/active": ["true"],
|
||||
"goauthentik.io/ldap/superuser": ["true"],
|
||||
# End old fields
|
||||
"ak-active": ["true"],
|
||||
"ak-superuser": ["true"],
|
||||
"extraAttribute": ["bar"],
|
||||
|
|
|
@ -33,11 +33,6 @@ The following fields are currently sent for users:
|
|||
- `ak-active`: "true" if the account is active, otherwise "false"
|
||||
- `ak-superuser`: "true" if the account is part of a group with superuser permissions, otherwise "false"
|
||||
|
||||
:::warning
|
||||
The use of the `goauthentik.io/ldap/active` and `goauthentik.io/ldap/superuser` attributes is deprecated as of authentik 2023.3. They will be removed completely in a future release.
|
||||
Use the replacements fields above instead.
|
||||
:::
|
||||
|
||||
The following fields are current set for groups:
|
||||
|
||||
- `cn`: The group's name
|
||||
|
|
40
website/docs/releases/2023/v2023.5.md
Normal file
40
website/docs/releases/2023/v2023.5.md
Normal file
|
@ -0,0 +1,40 @@
|
|||
---
|
||||
title: Release 2023.5
|
||||
slug: "/releases/2023.5"
|
||||
---
|
||||
|
||||
## Breaking changes
|
||||
|
||||
- Removal of deprecated LDAP fields
|
||||
|
||||
This version removes the deprecated LDAP fields `goauthentik.io/ldap/active` and `goauthentik.io/ldap/superuser`.
|
||||
|
||||
Additionally, any custom fields based on user attributes will only be represented with their sanitized key, removing any slashes with dashes, and removing periods.
|
||||
|
||||
## New features
|
||||
|
||||
## Upgrading
|
||||
|
||||
This release does not introduce any new requirements.
|
||||
|
||||
### docker-compose
|
||||
|
||||
Download the docker-compose file for 2023.5 from [here](https://goauthentik.io/version/2023.5/docker-compose.yml). Afterwards, simply run `docker-compose up -d`.
|
||||
|
||||
### Kubernetes
|
||||
|
||||
Update your values to use the new images:
|
||||
|
||||
```yaml
|
||||
image:
|
||||
repository: ghcr.io/goauthentik/server
|
||||
tag: 2023.5.0
|
||||
```
|
||||
|
||||
## Minor changes/fixes
|
||||
|
||||
_Insert the output of `make gen-changelog` here_
|
||||
|
||||
## API Changes
|
||||
|
||||
_Insert output of `make gen-diff` here_
|
Reference in a new issue