From f11d8a27189583a91718a2c29a96e220c84bf724 Mon Sep 17 00:00:00 2001 From: Ishank Arora Date: Thu, 18 Feb 2021 12:46:30 +0100 Subject: [PATCH] Separate LDAP schemas for users and groups --- storage/pkg/command/authbasic.go | 8 +-- storage/pkg/command/groups.go | 10 ++-- storage/pkg/command/users.go | 12 ++-- storage/pkg/config/config.go | 17 ++++-- storage/pkg/flagset/ldap.go | 96 +++++++++++++++++++++----------- 5 files changed, 93 insertions(+), 50 deletions(-) diff --git a/storage/pkg/command/authbasic.go b/storage/pkg/command/authbasic.go index 9fb13d9f03..45ffaab213 100644 --- a/storage/pkg/command/authbasic.go +++ b/storage/pkg/command/authbasic.go @@ -103,10 +103,10 @@ func AuthBasic(cfg *config.Config) *cli.Command { "idp": cfg.Reva.LDAP.IDP, "schema": map[string]interface{}{ "dn": "dn", - "uid": cfg.Reva.LDAP.Schema.UID, - "mail": cfg.Reva.LDAP.Schema.Mail, - "displayName": cfg.Reva.LDAP.Schema.DisplayName, - "cn": cfg.Reva.LDAP.Schema.CN, + "uid": cfg.Reva.LDAP.UserSchema.UID, + "mail": cfg.Reva.LDAP.UserSchema.Mail, + "displayName": cfg.Reva.LDAP.UserSchema.DisplayName, + "cn": cfg.Reva.LDAP.UserSchema.CN, }, }, }, diff --git a/storage/pkg/command/groups.go b/storage/pkg/command/groups.go index 3c30bc3dac..89d4c7fc87 100644 --- a/storage/pkg/command/groups.go +++ b/storage/pkg/command/groups.go @@ -105,11 +105,11 @@ func Groups(cfg *config.Config) *cli.Command { "idp": cfg.Reva.LDAP.IDP, "schema": map[string]interface{}{ "dn": "dn", - "gid": cfg.Reva.LDAP.Schema.GID, - "mail": cfg.Reva.LDAP.Schema.Mail, - "displayName": cfg.Reva.LDAP.Schema.DisplayName, - "cn": cfg.Reva.LDAP.Schema.CN, - "gidNumber": cfg.Reva.LDAP.Schema.GIDNumber, + "gid": cfg.Reva.LDAP.GroupSchema.GID, + "mail": cfg.Reva.LDAP.GroupSchema.Mail, + "displayName": cfg.Reva.LDAP.GroupSchema.DisplayName, + "cn": cfg.Reva.LDAP.GroupSchema.CN, + "gidNumber": cfg.Reva.LDAP.GroupSchema.GIDNumber, }, }, "rest": map[string]interface{}{ diff --git a/storage/pkg/command/users.go b/storage/pkg/command/users.go index f41ae8e4e0..c1771aa6fe 100644 --- a/storage/pkg/command/users.go +++ b/storage/pkg/command/users.go @@ -105,12 +105,12 @@ func Users(cfg *config.Config) *cli.Command { "idp": cfg.Reva.LDAP.IDP, "schema": map[string]interface{}{ "dn": "dn", - "uid": cfg.Reva.LDAP.Schema.UID, - "mail": cfg.Reva.LDAP.Schema.Mail, - "displayName": cfg.Reva.LDAP.Schema.DisplayName, - "cn": cfg.Reva.LDAP.Schema.CN, - "uidNumber": cfg.Reva.LDAP.Schema.UIDNumber, - "gidNumber": cfg.Reva.LDAP.Schema.GIDNumber, + "uid": cfg.Reva.LDAP.UserSchema.UID, + "mail": cfg.Reva.LDAP.UserSchema.Mail, + "displayName": cfg.Reva.LDAP.UserSchema.DisplayName, + "cn": cfg.Reva.LDAP.UserSchema.CN, + "uidNumber": cfg.Reva.LDAP.UserSchema.UIDNumber, + "gidNumber": cfg.Reva.LDAP.UserSchema.GIDNumber, }, }, "rest": map[string]interface{}{ diff --git a/storage/pkg/config/config.go b/storage/pkg/config/config.go index edc17e0aca..1b7c07a11c 100644 --- a/storage/pkg/config/config.go +++ b/storage/pkg/config/config.go @@ -274,7 +274,8 @@ type LDAP struct { BindDN string BindPassword string IDP string - Schema LDAPSchema + UserSchema LDAPUserSchema + GroupSchema LDAPGroupSchema } // UserGroupRest defines the REST driver specification for user and group resolution. @@ -290,10 +291,9 @@ type UserGroupRest struct { TargetAPI string } -// LDAPSchema defines the available ldap schema configuration. -type LDAPSchema struct { +// LDAPUserSchema defines the available ldap user schema configuration. +type LDAPUserSchema struct { UID string - GID string Mail string DisplayName string CN string @@ -301,6 +301,15 @@ type LDAPSchema struct { GIDNumber string } +// LDAPGroupSchema defines the available ldap group schema configuration. +type LDAPGroupSchema struct { + GID string + Mail string + DisplayName string + CN string + GIDNumber string +} + // OCDav defines the available ocdav configuration. type OCDav struct { WebdavNamespace string diff --git a/storage/pkg/flagset/ldap.go b/storage/pkg/flagset/ldap.go index a7059aeebc..73bd0c8863 100644 --- a/storage/pkg/flagset/ldap.go +++ b/storage/pkg/flagset/ldap.go @@ -124,54 +124,88 @@ func LDAPWithConfig(cfg *config.Config) []cli.Flag { Destination: &cfg.Reva.LDAP.IDP, }, // ldap dn is always the dn + + // user schema + &cli.StringFlag{ - Name: "ldap-schema-uid", + Name: "ldap-user-schema-uid", Value: "ownclouduuid", - Usage: "LDAP schema uid", - EnvVars: []string{"STORAGE_LDAP_SCHEMA_UID"}, - Destination: &cfg.Reva.LDAP.Schema.UID, + Usage: "LDAP user schema uid", + EnvVars: []string{"STORAGE_LDAP_USER_SCHEMA_UID"}, + Destination: &cfg.Reva.LDAP.UserSchema.UID, }, &cli.StringFlag{ - Name: "ldap-schema-gid", - Value: "ownclouduuid", - Usage: "LDAP schema gid", - EnvVars: []string{"STORAGE_LDAP_SCHEMA_GID"}, - Destination: &cfg.Reva.LDAP.Schema.GID, - }, - &cli.StringFlag{ - Name: "ldap-schema-mail", + Name: "ldap-user-schema-mail", Value: "mail", - Usage: "LDAP schema mail", - EnvVars: []string{"STORAGE_LDAP_SCHEMA_MAIL"}, - Destination: &cfg.Reva.LDAP.Schema.Mail, + Usage: "LDAP user schema mail", + EnvVars: []string{"STORAGE_LDAP_USER_SCHEMA_MAIL"}, + Destination: &cfg.Reva.LDAP.UserSchema.Mail, }, &cli.StringFlag{ - Name: "ldap-schema-displayName", + Name: "ldap-user-schema-displayName", Value: "displayname", - Usage: "LDAP schema displayName", - EnvVars: []string{"STORAGE_LDAP_SCHEMA_DISPLAYNAME"}, - Destination: &cfg.Reva.LDAP.Schema.DisplayName, + Usage: "LDAP user schema displayName", + EnvVars: []string{"STORAGE_LDAP_USER_SCHEMA_DISPLAYNAME"}, + Destination: &cfg.Reva.LDAP.UserSchema.DisplayName, }, &cli.StringFlag{ - Name: "ldap-schema-cn", + Name: "ldap-user-schema-cn", Value: "cn", - Usage: "LDAP schema cn", - EnvVars: []string{"STORAGE_LDAP_SCHEMA_CN"}, - Destination: &cfg.Reva.LDAP.Schema.CN, + Usage: "LDAP user schema cn", + EnvVars: []string{"STORAGE_LDAP_USER_SCHEMA_CN"}, + Destination: &cfg.Reva.LDAP.UserSchema.CN, }, &cli.StringFlag{ - Name: "ldap-schema-uidnumber", + Name: "ldap-user-schema-uidnumber", Value: "uidnumber", - Usage: "LDAP schema uidnumber", - EnvVars: []string{"STORAGE_LDAP_SCHEMA_UID_NUMBER"}, - Destination: &cfg.Reva.LDAP.Schema.UIDNumber, + Usage: "LDAP user schema uidnumber", + EnvVars: []string{"STORAGE_LDAP_USER_SCHEMA_UID_NUMBER"}, + Destination: &cfg.Reva.LDAP.UserSchema.UIDNumber, }, &cli.StringFlag{ - Name: "ldap-schema-gidnumber", + Name: "ldap-user-schema-gidnumber", Value: "gidnumber", - Usage: "LDAP schema gidnumber", - EnvVars: []string{"STORAGE_LDAP_SCHEMA_GIDNUMBER"}, - Destination: &cfg.Reva.LDAP.Schema.GIDNumber, + Usage: "LDAP user schema gidnumber", + EnvVars: []string{"STORAGE_LDAP_USER_SCHEMA_GID_NUMBER"}, + Destination: &cfg.Reva.LDAP.UserSchema.GIDNumber, + }, + + // group schema + + &cli.StringFlag{ + Name: "ldap-group-schema-gid", + Value: "cn", + Usage: "LDAP group schema gid", + EnvVars: []string{"STORAGE_LDAP_GROUP_SCHEMA_GID"}, + Destination: &cfg.Reva.LDAP.GroupSchema.GID, + }, + &cli.StringFlag{ + Name: "ldap-group-schema-mail", + Value: "mail", + Usage: "LDAP group schema mail", + EnvVars: []string{"STORAGE_LDAP_GROUP_SCHEMA_MAIL"}, + Destination: &cfg.Reva.LDAP.GroupSchema.Mail, + }, + &cli.StringFlag{ + Name: "ldap-group-schema-displayName", + Value: "cn", + Usage: "LDAP group schema displayName", + EnvVars: []string{"STORAGE_LDAP_GROUP_SCHEMA_DISPLAYNAME"}, + Destination: &cfg.Reva.LDAP.GroupSchema.DisplayName, + }, + &cli.StringFlag{ + Name: "ldap-group-schema-cn", + Value: "cn", + Usage: "LDAP group schema cn", + EnvVars: []string{"STORAGE_LDAP_GROUP_SCHEMA_CN"}, + Destination: &cfg.Reva.LDAP.GroupSchema.CN, + }, + &cli.StringFlag{ + Name: "ldap-group-schema-gidnumber", + Value: "gidnumber", + Usage: "LDAP group schema gidnumber", + EnvVars: []string{"STORAGE_LDAP_GROUP_SCHEMA_GID_NUMBER"}, + Destination: &cfg.Reva.LDAP.GroupSchema.GIDNumber, }, } }