This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.
authentik/internal/outpost/ldap/group/group.go
Jens L 345fa1bed6
providers/ldap: fix duplicate attributes (#4972)
closes #4971

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-16 12:14:17 +01:00

95 lines
2.5 KiB
Go

package group
import (
"strconv"
"strings"
"github.com/nmcclain/ldap"
"goauthentik.io/api/v3"
"goauthentik.io/internal/outpost/ldap/constants"
"goauthentik.io/internal/outpost/ldap/server"
"goauthentik.io/internal/outpost/ldap/utils"
)
type LDAPGroup struct {
DN string
CN string
Uid string
GidNumber string
Member []string
IsSuperuser bool
IsVirtualGroup bool
Attributes map[string]interface{}
}
func (lg *LDAPGroup) Entry() *ldap.Entry {
attrs := utils.AttributesToLDAP(lg.Attributes, func(key string) string {
return utils.AttributeKeySanitize(key)
}, func(value []string) []string {
return value
})
rawAttrs := utils.AttributesToLDAP(lg.Attributes, func(key string) string {
return key
}, func(value []string) []string {
return value
})
// Only append attributes that don't already exist
// TODO: Remove in 2023.3
for _, rawAttr := range rawAttrs {
exists := false
for _, attr := range attrs {
if strings.EqualFold(attr.Name, rawAttr.Name) {
exists = true
}
}
if !exists {
attrs = append(attrs, rawAttr)
}
}
objectClass := []string{constants.OCGroup, constants.OCGroupOfUniqueNames, constants.OCGroupOfNames, constants.OCAKGroup, constants.OCPosixGroup}
if lg.IsVirtualGroup {
objectClass = append(objectClass, constants.OCAKVirtualGroup)
}
attrs = utils.EnsureAttributes(attrs, map[string][]string{
// Old fields for backwards compatibility
"goauthentik.io/ldap/superuser": {strconv.FormatBool(lg.IsSuperuser)},
// End old fields
"ak-superuser": {strconv.FormatBool(lg.IsSuperuser)},
"objectClass": objectClass,
"member": lg.Member,
"cn": {lg.CN},
"uid": {lg.Uid},
"sAMAccountName": {lg.CN},
"gidNumber": {lg.GidNumber},
})
return &ldap.Entry{DN: lg.DN, Attributes: attrs}
}
func FromAPIGroup(g api.Group, si server.LDAPServerInstance) *LDAPGroup {
return &LDAPGroup{
DN: si.GetGroupDN(g.Name),
CN: g.Name,
Uid: string(g.Pk),
GidNumber: si.GetGidNumber(g),
Member: si.UsersForGroup(g),
IsVirtualGroup: false,
IsSuperuser: *g.IsSuperuser,
Attributes: g.Attributes,
}
}
func FromAPIUser(u api.User, si server.LDAPServerInstance) *LDAPGroup {
return &LDAPGroup{
DN: si.GetVirtualGroupDN(u.Username),
CN: u.Username,
Uid: u.Uid,
GidNumber: si.GetUidNumber(u),
Member: []string{si.GetUserDN(u.Username)},
IsVirtualGroup: true,
IsSuperuser: false,
Attributes: nil,
}
}