core/oc-auth
6
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

test

Browse Source
This commit is contained in:
mr
2026-01-23 11:09:31 +01:00
parent f93371e449
commit 1f4b25c594
4 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
conf/config.go
+1
View File
@@ -12,6 +12,7 @@ type Config struct {
LDAPBindDN string
LDAPBindPW string
LDAPBaseDN string
LDAPUserBaseDN string
LDAPRoleBaseDN string
ClientSecret string
docker-compose.yml
+1
View File
@@ -20,6 +20,7 @@ services:
LDAP_BINDDN: cn=admin,dc=example,dc=com
LDAP_BINDPW: password
LDAP_BASEDN: "dc=example,dc=com"
LDAP_USER_BASEDN: "ou=users,dc=example,dc=com"
LDAP_ROLE_BASEDN: "ou=AppRoles,dc=example,dc=com"
networks:
- oc
infrastructure/auth_connector/ldap.go
+7 -2
View File
@@ -49,6 +49,7 @@ type Config struct {
BindPass string `envconfig:"bindpw" json:"-" desc:"a LDAP bind password"`
BaseDN string `envconfig:"basedn" required:"true" desc:"a LDAP base DN for searching users"`
AttrClaims map[string]string `envconfig:"attr_claims" default:"name:name,sn:family_name,givenName:given_name,mail:email" desc:"a mapping of LDAP attributes to OpenID connect claims"`
UserBaseDN string `envconfig:"user_basedn" required:"true" desc:"a LDAP base DN for searching users"`
RoleBaseDN string `envconfig:"role_basedn" required:"true" desc:"a LDAP base DN for searching roles"`
RoleAttr string `envconfig:"role_attr" default:"description" desc:"a LDAP group's attribute that contains a role's name"`
RoleClaim string `envconfig:"role_claim" default:"https://github.com/i-core/werther/claims/roles" desc:"a name of an OpenID Connect claim that contains user roles"`
@@ -66,6 +67,7 @@ func New() *Client {
BindPass: conf.GetConfig().LDAPBindPW,
BaseDN: conf.GetConfig().LDAPBaseDN,
RoleBaseDN: conf.GetConfig().LDAPRoleBaseDN,
UserBaseDN: conf.GetConfig().LDAPUserBaseDN,
}
return &Client{
Config: cnf,
@@ -299,6 +301,7 @@ func (cli *Client) connect(ctx context.Context) <-chan conn {
}
func (cli *Client) findRoles(cn conn, attrs ...string) (map[string]LDAPRoles, error) {
fmt.Println("cli", cli.BindDN, cli.BindPass)
if cli.BindDN != "" {
// We need to login to a LDAP server with a service account for retrieving user data.
if err := cn.Bind(cli.BindDN, cli.BindPass); err != nil {
@@ -402,6 +405,7 @@ func (cli *Client) findBasicUserDetails(cn conn, username string, attrs []string
type ldapConnector struct {
BaseDN string
RoleBaseDN string
UserBaseDN string
IsTLS bool
}
@@ -423,12 +427,13 @@ func (c *ldapConnector) Connect(ctx context.Context, addr string) (conn, error)
ldapcn := ldap.NewConn(tcpcn, c.IsTLS)
ldapcn.Start()
return &ldapConn{Conn: ldapcn, BaseDN: c.BaseDN, RoleBaseDN: c.RoleBaseDN}, nil
return &ldapConn{Conn: ldapcn, BaseDN: c.BaseDN, UserBaseDN: c.UserBaseDN, RoleBaseDN: c.RoleBaseDN}, nil
}
type ldapConn struct {
*ldap.Conn
BaseDN string
UserBaseDN string
RoleBaseDN string
}
@@ -444,7 +449,7 @@ func (c *ldapConn) SearchUser(user string, attrs ...string) ([]map[string][]stri
query := fmt.Sprintf(
"(&(|(objectClass=organizationalPerson)(objectClass=inetOrgPerson))"+
"(|(uid=%[1]s)(mail=%[1]s)(userPrincipalName=%[1]s)(sAMAccountName=%[1]s)))", user)
return c.searchEntries(c.BaseDN, query, attrs)
return c.searchEntries(c.RoleBaseDN, query, attrs)
}
func (c *ldapConn) SearchUserRoles(user string, attrs ...string) ([]map[string][]string, error) {
main.go
+1
View File
@@ -58,6 +58,7 @@ func main() {
conf.GetConfig().LDAPBindDN = o.GetStringDefault("LDAP_BINDDN", "cn=admin,dc=example,dc=com")
conf.GetConfig().LDAPBindPW = o.GetStringDefault("LDAP_BINDPW", "password")
conf.GetConfig().LDAPBaseDN = o.GetStringDefault("LDAP_BASEDN", "dc=example,dc=com")
conf.GetConfig().LDAPUserBaseDN = o.GetStringDefault("LDAP_USER_BASEDN", "ou=users,dc=example,dc=com")
conf.GetConfig().LDAPRoleBaseDN = o.GetStringDefault("LDAP_ROLE_BASEDN", "ou=AppRoles,dc=example,dc=com")
go generateSelfPeer()
go generateRole()