mirror/opencloud
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud.git synced 2026-05-04 01:39:16 -05:00
Code Issues Packages Projects Releases Wiki Activity

Add a more explict filter to DN based lookups

Browse Source 
To make sure to read the right type of object
This commit is contained in:
Ralf Haferkamp
2022-12-14 12:07:21 +01:00
committed by Ralf Haferkamp
parent e1123576f3
commit 795bc70546
2 changed files with 24 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
services/graph/pkg/identity/ldap.go
+20 -4
View File
@@ -303,7 +303,14 @@ func (i *LDAP) getUserByDN(dn string) (*ldap.Entry, error) {
i.userAttributeMap.mail,
i.userAttributeMap.userName,
}
return i.getEntryByDN(dn, attrs)
filter := fmt.Sprintf("(objectClass=%s)", i.userObjectClass)
if i.userFilter != "" {
filter = fmt.Sprintf("(&%s(%s))", filter, i.userFilter)
}
return i.getEntryByDN(dn, attrs, filter)
}
func (i *LDAP) getGroupByDN(dn string) (*ldap.Entry, error) {
@@ -311,13 +318,22 @@ func (i *LDAP) getGroupByDN(dn string) (*ldap.Entry, error) {
i.groupAttributeMap.id,
i.groupAttributeMap.name,
}
return i.getEntryByDN(dn, attrs)
filter := fmt.Sprintf("(objectClass=%s)", i.groupObjectClass)
if i.groupFilter != "" {
filter = fmt.Sprintf("(&%s(%s))", filter, i.groupFilter)
}
return i.getEntryByDN(dn, attrs, filter)
}
func (i *LDAP) getEntryByDN(dn string, attrs []string) (*ldap.Entry, error) {
func (i *LDAP) getEntryByDN(dn string, attrs []string, filter string) (*ldap.Entry, error) {
if filter == "" {
filter = "(objectclass=*)"
}
searchRequest := ldap.NewSearchRequest(
dn, ldap.ScopeBaseObject, ldap.NeverDerefAliases, 1, 0, false,
"(objectclass=*)",
filter,
attrs,
nil,
)
services/graph/pkg/identity/ldap_test.go
+4 -4
View File
@@ -318,14 +318,14 @@ func TestGetGroup(t *testing.T) {
sr2 := &ldap.SearchRequest{
BaseDN: "uid=user,ou=people,dc=test",
SizeLimit: 1,
Filter: "(objectclass=*)",
Filter: "(objectClass=inetOrgPerson)",
Attributes: []string{"displayname", "entryUUID", "mail", "uid"},
Controls: []ldap.Control(nil),
}
sr3 := &ldap.SearchRequest{
BaseDN: "uid=invalid,ou=people,dc=test",
SizeLimit: 1,
Filter: "(objectclass=*)",
Filter: "(objectClass=inetOrgPerson)",
Attributes: []string{"displayname", "entryUUID", "mail", "uid"},
Controls: []ldap.Control(nil),
}
@@ -413,14 +413,14 @@ func TestGetGroups(t *testing.T) {
sr2 := &ldap.SearchRequest{
BaseDN: "uid=user,ou=people,dc=test",
SizeLimit: 1,
Filter: "(objectclass=*)",
Filter: "(objectClass=inetOrgPerson)",
Attributes: []string{"displayname", "entryUUID", "mail", "uid"},
Controls: []ldap.Control(nil),
}
sr3 := &ldap.SearchRequest{
BaseDN: "uid=invalid,ou=people,dc=test",
SizeLimit: 1,
Filter: "(objectclass=*)",
Filter: "(objectClass=inetOrgPerson)",
Attributes: []string{"displayname", "entryUUID", "mail", "uid"},
Controls: []ldap.Control(nil),
}