providers/ldap: remove deprecated fields (#5154)
* providers/ldap: remove deprecated fields Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update changelog Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
parent
b40caf12df
commit
bb92c4a967
|
@ -13,33 +13,16 @@ import (
|
||||||
|
|
||||||
func (pi *ProviderInstance) UserEntry(u api.User) *ldap.Entry {
|
func (pi *ProviderInstance) UserEntry(u api.User) *ldap.Entry {
|
||||||
dn := pi.GetUserDN(u.Username)
|
dn := pi.GetUserDN(u.Username)
|
||||||
userValueMap := func(value []string) []string {
|
attrs := utils.AttributesToLDAP(u.Attributes, func(key string) string {
|
||||||
|
return utils.AttributeKeySanitize(key)
|
||||||
|
}, func(value []string) []string {
|
||||||
for i, v := range value {
|
for i, v := range value {
|
||||||
if strings.Contains(v, "%s") {
|
if strings.Contains(v, "%s") {
|
||||||
value[i] = fmt.Sprintf(v, u.Username)
|
value[i] = fmt.Sprintf(v, u.Username)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return value
|
return value
|
||||||
}
|
})
|
||||||
attrs := utils.AttributesToLDAP(u.Attributes, func(key string) string {
|
|
||||||
return utils.AttributeKeySanitize(key)
|
|
||||||
}, userValueMap)
|
|
||||||
rawAttrs := utils.AttributesToLDAP(u.Attributes, func(key string) string {
|
|
||||||
return key
|
|
||||||
}, userValueMap)
|
|
||||||
// Only append attributes that don't already exist
|
|
||||||
// TODO: Remove in 2023.3
|
|
||||||
for _, rawAttr := range rawAttrs {
|
|
||||||
exists := false
|
|
||||||
for _, attr := range attrs {
|
|
||||||
if strings.EqualFold(attr.Name, rawAttr.Name) {
|
|
||||||
exists = true
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if !exists {
|
|
||||||
attrs = append(attrs, rawAttr)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if u.IsActive == nil {
|
if u.IsActive == nil {
|
||||||
u.IsActive = api.PtrBool(false)
|
u.IsActive = api.PtrBool(false)
|
||||||
|
@ -48,10 +31,6 @@ func (pi *ProviderInstance) UserEntry(u api.User) *ldap.Entry {
|
||||||
u.Email = api.PtrString("")
|
u.Email = api.PtrString("")
|
||||||
}
|
}
|
||||||
attrs = utils.EnsureAttributes(attrs, map[string][]string{
|
attrs = utils.EnsureAttributes(attrs, map[string][]string{
|
||||||
// Old fields for backwards compatibility
|
|
||||||
"goauthentik.io/ldap/active": {strconv.FormatBool(*u.IsActive)},
|
|
||||||
"goauthentik.io/ldap/superuser": {strconv.FormatBool(u.IsSuperuser)},
|
|
||||||
// End old fields
|
|
||||||
"ak-active": {strconv.FormatBool(*u.IsActive)},
|
"ak-active": {strconv.FormatBool(*u.IsActive)},
|
||||||
"ak-superuser": {strconv.FormatBool(u.IsSuperuser)},
|
"ak-superuser": {strconv.FormatBool(u.IsSuperuser)},
|
||||||
"memberOf": pi.GroupsForUser(u),
|
"memberOf": pi.GroupsForUser(u),
|
||||||
|
|
|
@ -2,7 +2,6 @@ package group
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"strconv"
|
"strconv"
|
||||||
"strings"
|
|
||||||
|
|
||||||
"github.com/nmcclain/ldap"
|
"github.com/nmcclain/ldap"
|
||||||
"goauthentik.io/api/v3"
|
"goauthentik.io/api/v3"
|
||||||
|
@ -28,24 +27,6 @@ func (lg *LDAPGroup) Entry() *ldap.Entry {
|
||||||
}, func(value []string) []string {
|
}, func(value []string) []string {
|
||||||
return value
|
return value
|
||||||
})
|
})
|
||||||
rawAttrs := utils.AttributesToLDAP(lg.Attributes, func(key string) string {
|
|
||||||
return key
|
|
||||||
}, func(value []string) []string {
|
|
||||||
return value
|
|
||||||
})
|
|
||||||
// Only append attributes that don't already exist
|
|
||||||
// TODO: Remove in 2023.3
|
|
||||||
for _, rawAttr := range rawAttrs {
|
|
||||||
exists := false
|
|
||||||
for _, attr := range attrs {
|
|
||||||
if strings.EqualFold(attr.Name, rawAttr.Name) {
|
|
||||||
exists = true
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if !exists {
|
|
||||||
attrs = append(attrs, rawAttr)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
objectClass := []string{constants.OCGroup, constants.OCGroupOfUniqueNames, constants.OCGroupOfNames, constants.OCAKGroup, constants.OCPosixGroup}
|
objectClass := []string{constants.OCGroup, constants.OCGroupOfUniqueNames, constants.OCGroupOfNames, constants.OCAKGroup, constants.OCPosixGroup}
|
||||||
if lg.IsVirtualGroup {
|
if lg.IsVirtualGroup {
|
||||||
|
@ -53,9 +34,6 @@ func (lg *LDAPGroup) Entry() *ldap.Entry {
|
||||||
}
|
}
|
||||||
|
|
||||||
attrs = utils.EnsureAttributes(attrs, map[string][]string{
|
attrs = utils.EnsureAttributes(attrs, map[string][]string{
|
||||||
// Old fields for backwards compatibility
|
|
||||||
"goauthentik.io/ldap/superuser": {strconv.FormatBool(lg.IsSuperuser)},
|
|
||||||
// End old fields
|
|
||||||
"ak-superuser": {strconv.FormatBool(lg.IsSuperuser)},
|
"ak-superuser": {strconv.FormatBool(lg.IsSuperuser)},
|
||||||
"objectClass": objectClass,
|
"objectClass": objectClass,
|
||||||
"member": lg.Member,
|
"member": lg.Member,
|
||||||
|
|
|
@ -229,12 +229,6 @@ class TestProviderLDAP(SeleniumTestCase):
|
||||||
"homeDirectory": [
|
"homeDirectory": [
|
||||||
f"/home/{o_user.username}",
|
f"/home/{o_user.username}",
|
||||||
],
|
],
|
||||||
# Old fields for backwards compatibility
|
|
||||||
"goauthentik.io/ldap/active": ["true"],
|
|
||||||
"goauthentik.io/ldap/superuser": ["false"],
|
|
||||||
"goauthentik.io/user/override-ips": ["true"],
|
|
||||||
"goauthentik.io/user/service-account": ["true"],
|
|
||||||
# End old fields
|
|
||||||
"ak-active": ["true"],
|
"ak-active": ["true"],
|
||||||
"ak-superuser": ["false"],
|
"ak-superuser": ["false"],
|
||||||
"goauthentikio-user-override-ips": ["true"],
|
"goauthentikio-user-override-ips": ["true"],
|
||||||
|
@ -264,12 +258,6 @@ class TestProviderLDAP(SeleniumTestCase):
|
||||||
"homeDirectory": [
|
"homeDirectory": [
|
||||||
f"/home/{embedded_account.username}",
|
f"/home/{embedded_account.username}",
|
||||||
],
|
],
|
||||||
# Old fields for backwards compatibility
|
|
||||||
"goauthentik.io/ldap/active": ["true"],
|
|
||||||
"goauthentik.io/ldap/superuser": ["false"],
|
|
||||||
"goauthentik.io/user/override-ips": ["true"],
|
|
||||||
"goauthentik.io/user/service-account": ["true"],
|
|
||||||
# End old fields
|
|
||||||
"ak-active": ["true"],
|
"ak-active": ["true"],
|
||||||
"ak-superuser": ["false"],
|
"ak-superuser": ["false"],
|
||||||
"goauthentikio-user-override-ips": ["true"],
|
"goauthentikio-user-override-ips": ["true"],
|
||||||
|
@ -302,10 +290,6 @@ class TestProviderLDAP(SeleniumTestCase):
|
||||||
"homeDirectory": [
|
"homeDirectory": [
|
||||||
f"/home/{self.user.username}",
|
f"/home/{self.user.username}",
|
||||||
],
|
],
|
||||||
# Old fields for backwards compatibility
|
|
||||||
"goauthentik.io/ldap/active": ["true"],
|
|
||||||
"goauthentik.io/ldap/superuser": ["true"],
|
|
||||||
# End old fields
|
|
||||||
"ak-active": ["true"],
|
"ak-active": ["true"],
|
||||||
"ak-superuser": ["true"],
|
"ak-superuser": ["true"],
|
||||||
"extraAttribute": ["bar"],
|
"extraAttribute": ["bar"],
|
||||||
|
|
|
@ -33,11 +33,6 @@ The following fields are currently sent for users:
|
||||||
- `ak-active`: "true" if the account is active, otherwise "false"
|
- `ak-active`: "true" if the account is active, otherwise "false"
|
||||||
- `ak-superuser`: "true" if the account is part of a group with superuser permissions, otherwise "false"
|
- `ak-superuser`: "true" if the account is part of a group with superuser permissions, otherwise "false"
|
||||||
|
|
||||||
:::warning
|
|
||||||
The use of the `goauthentik.io/ldap/active` and `goauthentik.io/ldap/superuser` attributes is deprecated as of authentik 2023.3. They will be removed completely in a future release.
|
|
||||||
Use the replacements fields above instead.
|
|
||||||
:::
|
|
||||||
|
|
||||||
The following fields are current set for groups:
|
The following fields are current set for groups:
|
||||||
|
|
||||||
- `cn`: The group's name
|
- `cn`: The group's name
|
||||||
|
|
40
website/docs/releases/2023/v2023.5.md
Normal file
40
website/docs/releases/2023/v2023.5.md
Normal file
|
@ -0,0 +1,40 @@
|
||||||
|
---
|
||||||
|
title: Release 2023.5
|
||||||
|
slug: "/releases/2023.5"
|
||||||
|
---
|
||||||
|
|
||||||
|
## Breaking changes
|
||||||
|
|
||||||
|
- Removal of deprecated LDAP fields
|
||||||
|
|
||||||
|
This version removes the deprecated LDAP fields `goauthentik.io/ldap/active` and `goauthentik.io/ldap/superuser`.
|
||||||
|
|
||||||
|
Additionally, any custom fields based on user attributes will only be represented with their sanitized key, removing any slashes with dashes, and removing periods.
|
||||||
|
|
||||||
|
## New features
|
||||||
|
|
||||||
|
## Upgrading
|
||||||
|
|
||||||
|
This release does not introduce any new requirements.
|
||||||
|
|
||||||
|
### docker-compose
|
||||||
|
|
||||||
|
Download the docker-compose file for 2023.5 from [here](https://goauthentik.io/version/2023.5/docker-compose.yml). Afterwards, simply run `docker-compose up -d`.
|
||||||
|
|
||||||
|
### Kubernetes
|
||||||
|
|
||||||
|
Update your values to use the new images:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
image:
|
||||||
|
repository: ghcr.io/goauthentik/server
|
||||||
|
tag: 2023.5.0
|
||||||
|
```
|
||||||
|
|
||||||
|
## Minor changes/fixes
|
||||||
|
|
||||||
|
_Insert the output of `make gen-changelog` here_
|
||||||
|
|
||||||
|
## API Changes
|
||||||
|
|
||||||
|
_Insert output of `make gen-diff` here_
|
Reference in a new issue