diff --git a/.drone.star b/.drone.star index 27536aaf2b..489fa21d9e 100644 --- a/.drone.star +++ b/.drone.star @@ -58,7 +58,7 @@ def apiTests(ctx, coreBranch = 'master', coreCommit = ''): 'REVA_LDAP_BIND_DN': 'cn=admin,dc=owncloud,dc=com', 'REVA_LDAP_BIND_PASSWORD': 'admin', 'REVA_LDAP_BASE_DN': 'dc=owncloud,dc=com', - 'REVA_LDAP_SCHEMA_DISPLAYNAME': 'displayName', + 'REVA_LDAP_SCHEMA_UID': 'uid', 'REVA_STORAGE_HOME_DATA_TEMP_FOLDER': '/srv/app/tmp/', 'REVA_STORAGE_OWNCLOUD_DATADIR': '/srv/app/tmp/reva/data', 'REVA_STORAGE_OC_DATA_TEMP_FOLDER': '/srv/app/tmp/', @@ -272,7 +272,7 @@ def testing(ctx): 'REVA_LDAP_BIND_DN': 'cn=admin,dc=owncloud,dc=com', 'REVA_LDAP_BIND_PASSWORD': 'admin', 'REVA_LDAP_BASE_DN': 'dc=owncloud,dc=com', - 'REVA_LDAP_SCHEMA_DISPLAYNAME': 'displayName', + 'REVA_LDAP_SCHEMA_UID': 'uid', 'REVA_STORAGE_HOME_DATA_TEMP_FOLDER': '/srv/app/tmp/', 'REVA_STORAGE_OWNCLOUD_DATADIR': '/srv/app/tmp/reva/data', 'REVA_STORAGE_OC_DATA_TEMP_FOLDER': '/srv/app/tmp/', diff --git a/changelog/unreleased/update-ldap-config.md b/changelog/unreleased/update-ldap-config.md new file mode 100644 index 0000000000..201a2a1efb --- /dev/null +++ b/changelog/unreleased/update-ldap-config.md @@ -0,0 +1,12 @@ +Bugfix: Update LDAP filters + +With the separation of use and find filters we can now use a filter that taken into account a users uuid as well as his username. This is necessary to make sharing work with the new account service which assigns accounts an immutable account id that is different from the username. Furthermore, the separate find filters now allows searching users by their displayname or email as well. + + +``` +userfilter = "(&(objectclass=posixAccount)(|(ownclouduuid={{.OpaqueId}})(cn={{.OpaqueId}})))" +findfilter = "(&(objectclass=posixAccount)(|(cn={{query}}*)(displayname={{query}}*)(mail={{query}}*)))" +``` + +https://github.com/owncloud/ocis-reva/pull/399 +https://github.com/cs3org/reva/pull/996 \ No newline at end of file diff --git a/changelog/unreleased/update-reva-to-20200724.md b/changelog/unreleased/update-reva-to-20200724.md new file mode 100644 index 0000000000..9f21964d58 --- /dev/null +++ b/changelog/unreleased/update-reva-to-20200724.md @@ -0,0 +1,13 @@ +Enhancement: update reva to v0.1.1-0.20200724135750-b46288b375d6 + +- Update reva to v0.1.1-0.20200724135750-b46288b375d6 +- Split LDAP user filters (reva/#996) +- meshdirectory: Add invite forward API to provider links (reva/#1000) +- OCM: Pass the link to the meshdirectory service in token mail (reva/#1002) +- Update github.com/go-ldap/ldap to v3 (reva/#1004) + +https://github.com/owncloud/ocis-reva/pull/399 +https://github.com/cs3org/reva/pull/996 +https://github.com/cs3org/reva/pull/1000 +https://github.com/cs3org/reva/pull/1002 +https://github.com/cs3org/reva/pull/1004 \ No newline at end of file diff --git a/go.mod b/go.mod index 49f4b65488..080c7e7d51 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module github.com/owncloud/ocis-reva go 1.13 require ( - github.com/cs3org/reva v0.1.1-0.20200722125752-6dea7936f9d1 + github.com/cs3org/reva v0.1.1-0.20200724135750-b46288b375d6 github.com/gofrs/uuid v3.3.0+incompatible github.com/gopherjs/gopherjs v0.0.0-20181103185306-d547d1d9531e // indirect github.com/haya14busa/goverage v0.0.0-20180129164344-eec3514a20b5 // indirect @@ -19,5 +19,7 @@ require ( github.com/restic/calens v0.2.0 github.com/spf13/viper v1.6.1 github.com/uber/jaeger-client-go v2.20.1+incompatible // indirect + gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d // indirect gopkg.in/ini.v1 v1.51.1 // indirect + gopkg.in/ldap.v2 v2.5.1 // indirect ) diff --git a/go.sum b/go.sum index 749d7d9ee3..5890726701 100644 --- a/go.sum +++ b/go.sum @@ -34,6 +34,7 @@ github.com/Azure/go-autorest/autorest/to v0.2.0/go.mod h1:GunWKJp1AEqgMaGLV+iocm github.com/Azure/go-autorest/autorest/validation v0.1.0/go.mod h1:Ha3z/SqBeaalWQvokg3NZAlQTalVMtOIAs1aGK7G6u8= github.com/Azure/go-autorest/logger v0.1.0/go.mod h1:oExouG+K6PryycPJfVSxi/koC6LSNgds39diKLz7Vrc= github.com/Azure/go-autorest/tracing v0.1.0/go.mod h1:ROEEAFwXycQw7Sn3DXNtEedEvdeRAgDr0izn4z5Ij88= +github.com/Azure/go-ntlmssp v0.0.0-20200615164410-66371956d46c/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU= github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= @@ -100,6 +101,7 @@ github.com/aws/aws-sdk-go v1.32.11/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZve github.com/aws/aws-sdk-go v1.32.13/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= github.com/aws/aws-sdk-go v1.33.1/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= github.com/aws/aws-sdk-go v1.33.7/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= +github.com/aws/aws-sdk-go v1.33.11/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= github.com/aws/aws-xray-sdk-go v0.9.4/go.mod h1:XtMKdBQfpVut+tJEwI7+dJFRxxRdxHDyVNp2tHXRq04= github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f/go.mod h1:AuiFmCCPBSrqvVMvuqFuk0qogytodnVFVSN5CeJB8Gc= github.com/beevik/ntp v0.2.0/go.mod h1:hIHWr+l3+/clUnF44zdK+CWW7fO8dR5cIylAQ76NRpg= @@ -182,6 +184,8 @@ github.com/cs3org/reva v0.1.1-0.20200722082002-1e57c4994e26 h1:F4Rq8kRwXvaQHDlSb github.com/cs3org/reva v0.1.1-0.20200722082002-1e57c4994e26/go.mod h1:yPtGZIud+QVWLN7lxPwZLNj2/BCx3xu2DNUcTJE1Mkk= github.com/cs3org/reva v0.1.1-0.20200722125752-6dea7936f9d1 h1:f/XZNSkCpS0ndLzMq/IRA0k2P1B/04Qvgf7s4qtQoGQ= github.com/cs3org/reva v0.1.1-0.20200722125752-6dea7936f9d1/go.mod h1:yPtGZIud+QVWLN7lxPwZLNj2/BCx3xu2DNUcTJE1Mkk= +github.com/cs3org/reva v0.1.1-0.20200724135750-b46288b375d6 h1:xTJzgtusJvbz08fYVnxlxNu4BhyGCS46uwiD4QrYnOI= +github.com/cs3org/reva v0.1.1-0.20200724135750-b46288b375d6/go.mod h1:qwW0YfYf6JaAcTxBXsPpa8JIn2wHxqt5j/bjH7myI1k= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/decker502/dnspod-go v0.2.0/go.mod h1:qsurYu1FgxcDwfSwXJdLt4kRsBLZeosEb9uq4Sy+08g= @@ -222,6 +226,7 @@ github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeME github.com/gliderlabs/ssh v0.2.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0= github.com/go-acme/lego/v3 v3.1.0/go.mod h1:074uqt+JS6plx+c9Xaiz6+L+GBb+7itGtzfcDM2AhEE= github.com/go-acme/lego/v3 v3.3.0/go.mod h1:iGSY2vQrvQs3WezicSB/oVbO2eCrD88dpWPwb1qLqu0= +github.com/go-asn1-ber/asn1-ber v1.5.1/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0= github.com/go-bindata/go-bindata v3.1.1+incompatible/go.mod h1:xK8Dsgwmeed+BBsSy2XTopBn/8uK2HWuGSnA11C3Joo= github.com/go-chi/chi v4.0.2+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ= github.com/go-cmd/cmd v1.0.5/go.mod h1:y8q8qlK5wQibcw63djSl/ntiHUHXHGdCkPk0j4QeW4s= @@ -230,6 +235,7 @@ github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2 github.com/go-ini/ini v1.44.0/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= +github.com/go-ldap/ldap/v3 v3.2.3/go.mod h1:iYS1MdmrmceOJ1QOTnRXrIs7i3kloqtmGQjRvjKpyMg= github.com/go-log/log v0.1.0/go.mod h1:4mBwpdRMFLiuXZDCwU2lKQFsoSCo72j3HqBK9d81N2M= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= @@ -459,6 +465,7 @@ github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMyw github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.4.0 h1:xsAVV57WRhGj6kEIi8ReJzQlHHqcBYCElAvkovg3B/4= github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+umXrS52loVEgC2AApnigrVQ= github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= @@ -638,6 +645,7 @@ github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh github.com/mitchellh/mapstructure v1.3.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/mapstructure v1.3.2 h1:mRS76wmkOn3KkKAyXDu42V+6ebnXWIztFSYGN7GeoRg= github.com/mitchellh/mapstructure v1.3.2/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= +github.com/mitchellh/mapstructure v1.3.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/reflectwalk v1.0.0 h1:9D+8oIskB4VJBN5SFlmc27fSlIBZaov1Wpk/IfikLNY= github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -927,6 +935,7 @@ golang.org/x/crypto v0.0.0-20191108234033-bd318be0434a/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20200117160349-530e935923ad/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200320181102-891825fb96df h1:lDWgvUvNnaTnNBc/dwOty86cFeKoKWbwy2wQj0gIxbU= golang.org/x/crypto v0.0.0-20200320181102-891825fb96df/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20200604202706-70a84ac30bf9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= diff --git a/pkg/command/authbasic.go b/pkg/command/authbasic.go index e01ded8633..96fda922de 100644 --- a/pkg/command/authbasic.go +++ b/pkg/command/authbasic.go @@ -97,8 +97,7 @@ func AuthBasic(cfg *config.Config) *cli.Command { "hostname": cfg.Reva.LDAP.Hostname, "port": cfg.Reva.LDAP.Port, "base_dn": cfg.Reva.LDAP.BaseDN, - "userfilter": cfg.Reva.LDAP.UserFilter, - "groupfilter": cfg.Reva.LDAP.GroupFilter, + "loginfilter": cfg.Reva.LDAP.LoginFilter, "bind_username": cfg.Reva.LDAP.BindDN, "bind_password": cfg.Reva.LDAP.BindPassword, "idp": cfg.Reva.LDAP.IDP, diff --git a/pkg/command/users.go b/pkg/command/users.go index 28b872a268..d215f59e87 100644 --- a/pkg/command/users.go +++ b/pkg/command/users.go @@ -97,6 +97,7 @@ func Users(cfg *config.Config) *cli.Command { "port": cfg.Reva.LDAP.Port, "base_dn": cfg.Reva.LDAP.BaseDN, "userfilter": cfg.Reva.LDAP.UserFilter, + "findfilter": cfg.Reva.LDAP.FindFilter, "groupfilter": cfg.Reva.LDAP.GroupFilter, "bind_username": cfg.Reva.LDAP.BindDN, "bind_password": cfg.Reva.LDAP.BindPassword, diff --git a/pkg/config/config.go b/pkg/config/config.go index 2c3f7beb26..c2b0654833 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -206,7 +206,9 @@ type LDAP struct { Hostname string Port int BaseDN string + LoginFilter string UserFilter string + FindFilter string GroupFilter string BindDN string BindPassword string diff --git a/pkg/flagset/authbasic.go b/pkg/flagset/authbasic.go index 7e0ee8f68b..021bba3ec1 100644 --- a/pkg/flagset/authbasic.go +++ b/pkg/flagset/authbasic.go @@ -123,18 +123,11 @@ func AuthBasicWithConfig(cfg *config.Config) []cli.Flag { Destination: &cfg.Reva.LDAP.BaseDN, }, &cli.StringFlag{ - Name: "ldap-userfilter", - Value: "(&(objectclass=posixAccount)(cn=%s))", - Usage: "LDAP userfilter", - EnvVars: []string{"REVA_LDAP_USERFILTER"}, - Destination: &cfg.Reva.LDAP.UserFilter, - }, - &cli.StringFlag{ - Name: "ldap-groupfilter", - Value: "(&(objectclass=posixGroup)(cn=%s))", - Usage: "LDAP groupfilter", - EnvVars: []string{"REVA_LDAP_GROUPFILTER"}, - Destination: &cfg.Reva.LDAP.GroupFilter, + Name: "ldap-loginfilter", + Value: "(&(objectclass=posixAccount)(|(cn={{login}})(mail={{login}})))", + Usage: "LDAP login filter", + EnvVars: []string{"REVA_LDAP_LOGINFILTER"}, + Destination: &cfg.Reva.LDAP.LoginFilter, }, &cli.StringFlag{ Name: "ldap-bind-dn", @@ -160,7 +153,7 @@ func AuthBasicWithConfig(cfg *config.Config) []cli.Flag { // ldap dn is always the dn &cli.StringFlag{ Name: "ldap-schema-uid", - Value: "uid", + Value: "ownclouduuid", Usage: "LDAP schema uid", EnvVars: []string{"REVA_LDAP_SCHEMA_UID"}, Destination: &cfg.Reva.LDAP.Schema.UID, @@ -174,7 +167,7 @@ func AuthBasicWithConfig(cfg *config.Config) []cli.Flag { }, &cli.StringFlag{ Name: "ldap-schema-displayName", - Value: "sn", + Value: "displayname", Usage: "LDAP schema displayName", EnvVars: []string{"REVA_LDAP_SCHEMA_DISPLAYNAME"}, Destination: &cfg.Reva.LDAP.Schema.DisplayName, diff --git a/pkg/flagset/users.go b/pkg/flagset/users.go index 179a93ba2d..24b9b6ea0e 100644 --- a/pkg/flagset/users.go +++ b/pkg/flagset/users.go @@ -107,15 +107,24 @@ func UsersWithConfig(cfg *config.Config) []cli.Flag { }, &cli.StringFlag{ Name: "ldap-userfilter", - Value: "(&(objectclass=posixAccount)(cn=%s*))", - Usage: "LDAP userfilter", + Value: "(&(objectclass=posixAccount)(|(ownclouduuid={{.OpaqueId}})(cn={{.OpaqueId}})))", + Usage: "LDAP filter used when getting a user. The CS3 userid properties {{.OpaqueId}} and {{.Idp}} are available.", EnvVars: []string{"REVA_LDAP_USERFILTER"}, Destination: &cfg.Reva.LDAP.UserFilter, }, &cli.StringFlag{ - Name: "ldap-groupfilter", - Value: "(&(objectclass=posixGroup)(cn=%s*))", - Usage: "LDAP groupfilter", + Name: "ldap-findfilter", + Value: "(&(objectclass=posixAccount)(|(cn={{query}}*)(displayname={{query}}*)(mail={{query}}*)))", + Usage: "LDAP filter used when searching for recipients. {{query}} will be replaced with the search query", + EnvVars: []string{"REVA_LDAP_FINDFILTER"}, + Destination: &cfg.Reva.LDAP.FindFilter, + }, + &cli.StringFlag{ + Name: "ldap-groupfilter", + // FIXME the reva implementation needs to use the memberof overlay to get the cn when it only has the uuid, + // because the ldap schema either uses the dn or the member(of) attributes to establish membership + Value: "(&(objectclass=posixGroup)(ownclouduuid={{.OpaqueId}}*))", // This filter will never work + Usage: "LDAP filter used when getting the groups of a user. The CS3 userid properties {{.OpaqueId}} and {{.Idp}} are available.", EnvVars: []string{"REVA_LDAP_GROUPFILTER"}, Destination: &cfg.Reva.LDAP.GroupFilter, }, @@ -143,7 +152,7 @@ func UsersWithConfig(cfg *config.Config) []cli.Flag { // ldap dn is always the dn &cli.StringFlag{ Name: "ldap-schema-uid", - Value: "uid", + Value: "ownclouduuid", Usage: "LDAP schema uid", EnvVars: []string{"REVA_LDAP_SCHEMA_UID"}, Destination: &cfg.Reva.LDAP.Schema.UID, @@ -157,7 +166,7 @@ func UsersWithConfig(cfg *config.Config) []cli.Flag { }, &cli.StringFlag{ Name: "ldap-schema-displayName", - Value: "sn", + Value: "displayname", Usage: "LDAP schema displayName", EnvVars: []string{"REVA_LDAP_SCHEMA_DISPLAYNAME"}, Destination: &cfg.Reva.LDAP.Schema.DisplayName,