From cc3fccb27ea7873d7e0073f46aa30442d19e8aa3 Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@beryju.org>
Date: Thu, 4 Feb 2021 12:10:57 +0100
Subject: [PATCH] sources/ldap: use dn attribute for distinguishedName, ignore
 users with no distinguishedName

closes #527
---
 authentik/sources/ldap/sync.py        | 9 ++++++---
 authentik/sources/ldap/tests/utils.py | 4 ++++
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/authentik/sources/ldap/sync.py b/authentik/sources/ldap/sync.py
index e2be44d84..2f1956789 100644
--- a/authentik/sources/ldap/sync.py
+++ b/authentik/sources/ldap/sync.py
@@ -185,7 +185,10 @@ class LDAPSynchronizer:
             properties["attributes"]["ldap_uniq"] = attributes.get(
                 self._source.object_uniqueness_field
             )
-        properties["attributes"]["distinguishedName"] = attributes.get(
-            "distinguishedName"
-        )
+        distinguished_name = attributes.get("distinguishedName", attributes.get("dn"))
+        if not distinguished_name:
+            raise IntegrityError(
+                "Object does not have a distinguishedName or dn field."
+            )
+        properties["attributes"]["distinguishedName"] = distinguished_name
         return properties
diff --git a/authentik/sources/ldap/tests/utils.py b/authentik/sources/ldap/tests/utils.py
index 8cd129645..6eb423ccb 100644
--- a/authentik/sources/ldap/tests/utils.py
+++ b/authentik/sources/ldap/tests/utils.py
@@ -53,6 +53,7 @@ def _build_mock_connection(password: str) -> Connection:
             "objectSid": "user0",
             "objectCategory": "Person",
             "memberOf": "cn=group1,ou=groups,DC=AD2012,DC=LAB",
+            "distinguishedName": "cn=user0,ou=users,DC=AD2012,DC=LAB",
         },
     )
     # User without SID
@@ -64,6 +65,7 @@ def _build_mock_connection(password: str) -> Connection:
             "name": "user1_sn",
             "revision": 0,
             "objectCategory": "Person",
+            "distinguishedName": "cn=user1,ou=users,DC=AD2012,DC=LAB",
         },
     )
     # Duplicate users
@@ -76,6 +78,7 @@ def _build_mock_connection(password: str) -> Connection:
             "revision": 0,
             "objectSid": "unique-test2222",
             "objectCategory": "Person",
+            "distinguishedName": "cn=user2,ou=users,DC=AD2012,DC=LAB",
         },
     )
     connection.strategy.add_entry(
@@ -87,6 +90,7 @@ def _build_mock_connection(password: str) -> Connection:
             "revision": 0,
             "objectSid": "unique-test2222",
             "objectCategory": "Person",
+            "distinguishedName": "cn=user3,ou=users,DC=AD2012,DC=LAB",
         },
     )
     connection.bind()