mirror of
https://github.com/goharbor/harbor.git
synced 2024-12-24 09:38:09 +01:00
Merge pull request #11060 from stonezdj/20200311_ldap_group_name
Set LDAP groupname when PopulateGroup
This commit is contained in:
commit
8fae685708
@ -388,7 +388,7 @@ func (session *Session) searchGroup(baseDN, filter, groupName, groupNameAttribut
|
|||||||
var group models.LdapGroup
|
var group models.LdapGroup
|
||||||
group.GroupDN = ldapEntry.DN
|
group.GroupDN = ldapEntry.DN
|
||||||
for _, attr := range ldapEntry.Attributes {
|
for _, attr := range ldapEntry.Attributes {
|
||||||
// OpenLdap sometimes contain leading space in useranme
|
// OpenLdap sometimes contain leading space in username
|
||||||
val := strings.TrimSpace(attr.Values[0])
|
val := strings.TrimSpace(attr.Values[0])
|
||||||
log.Debugf("Current ldap entry attr name: %s\n", attr.Name)
|
log.Debugf("Current ldap entry attr name: %s\n", attr.Name)
|
||||||
switch strings.ToLower(attr.Name) {
|
switch strings.ToLower(attr.Name) {
|
||||||
|
@ -318,6 +318,12 @@ func TestSession_SearchGroupByDN(t *testing.T) {
|
|||||||
LdapGroupNameAttribute: "cn",
|
LdapGroupNameAttribute: "cn",
|
||||||
LdapGroupSearchScope: 2,
|
LdapGroupSearchScope: 2,
|
||||||
}
|
}
|
||||||
|
ldapGroupConfig2 := models.LdapGroupConf{
|
||||||
|
LdapGroupBaseDN: "ou=group,dc=example,dc=com",
|
||||||
|
LdapGroupFilter: "objectclass=groupOfNames",
|
||||||
|
LdapGroupNameAttribute: "o",
|
||||||
|
LdapGroupSearchScope: 2,
|
||||||
|
}
|
||||||
type fields struct {
|
type fields struct {
|
||||||
ldapConfig models.LdapConf
|
ldapConfig models.LdapConf
|
||||||
ldapGroupConfig models.LdapGroupConf
|
ldapGroupConfig models.LdapGroupConf
|
||||||
@ -345,6 +351,14 @@ func TestSession_SearchGroupByDN(t *testing.T) {
|
|||||||
fields{ldapConfig: ldapConfig, ldapGroupConfig: ldapGroupConfig},
|
fields{ldapConfig: ldapConfig, ldapGroupConfig: ldapGroupConfig},
|
||||||
args{groupDN: "random string"},
|
args{groupDN: "random string"},
|
||||||
nil, true},
|
nil, true},
|
||||||
|
{"search with gid = cn",
|
||||||
|
fields{ldapConfig: ldapConfig, ldapGroupConfig: ldapGroupConfig},
|
||||||
|
args{groupDN: "cn=harbor_group,ou=groups,dc=example,dc=com"},
|
||||||
|
[]models.LdapGroup{{GroupName: "harbor_group", GroupDN: "cn=harbor_group,ou=groups,dc=example,dc=com"}}, false},
|
||||||
|
{"search with gid = o",
|
||||||
|
fields{ldapConfig: ldapConfig, ldapGroupConfig: ldapGroupConfig2},
|
||||||
|
args{groupDN: "cn=harbor_group,ou=groups,dc=example,dc=com"},
|
||||||
|
[]models.LdapGroup{{GroupName: "hgroup", GroupDN: "cn=harbor_group,ou=groups,dc=example,dc=com"}}, false},
|
||||||
}
|
}
|
||||||
for _, tt := range tests {
|
for _, tt := range tests {
|
||||||
t.Run(tt.name, func(t *testing.T) {
|
t.Run(tt.name, func(t *testing.T) {
|
||||||
|
@ -86,12 +86,12 @@ func (l *Auth) Authenticate(m models.AuthModel) (*models.User, error) {
|
|||||||
u.Email = strings.TrimSpace(ldapUsers[0].Email)
|
u.Email = strings.TrimSpace(ldapUsers[0].Email)
|
||||||
|
|
||||||
l.syncUserInfoFromDB(&u)
|
l.syncUserInfoFromDB(&u)
|
||||||
l.attachLDAPGroup(ldapUsers, &u)
|
l.attachLDAPGroup(ldapUsers, &u, ldapSession)
|
||||||
|
|
||||||
return &u, nil
|
return &u, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (l *Auth) attachLDAPGroup(ldapUsers []models.LdapUser, u *models.User) {
|
func (l *Auth) attachLDAPGroup(ldapUsers []models.LdapUser, u *models.User, sess *ldapUtils.Session) {
|
||||||
// Retrieve ldap related info in login to avoid too many traffic with LDAP server.
|
// Retrieve ldap related info in login to avoid too many traffic with LDAP server.
|
||||||
// Get group admin dn
|
// Get group admin dn
|
||||||
groupCfg, err := config.LDAPGroupConf()
|
groupCfg, err := config.LDAPGroupConf()
|
||||||
@ -112,7 +112,16 @@ func (l *Auth) attachLDAPGroup(ldapUsers []models.LdapUser, u *models.User) {
|
|||||||
}
|
}
|
||||||
userGroups := make([]models.UserGroup, 0)
|
userGroups := make([]models.UserGroup, 0)
|
||||||
for _, dn := range ldapUsers[0].GroupDNList {
|
for _, dn := range ldapUsers[0].GroupDNList {
|
||||||
userGroups = append(userGroups, models.UserGroup{GroupName: dn, LdapGroupDN: dn, GroupType: common.LDAPGroupType})
|
lGroups, err := sess.SearchGroupByDN(dn)
|
||||||
|
if err != nil {
|
||||||
|
log.Warningf("Can not get the ldap group name with DN %v, error %v", dn, err)
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
if len(lGroups) == 0 {
|
||||||
|
log.Warningf("Can not get the ldap group name with DN %v", dn)
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
userGroups = append(userGroups, models.UserGroup{GroupName: lGroups[0].GroupName, LdapGroupDN: dn, GroupType: common.LDAPGroupType})
|
||||||
}
|
}
|
||||||
u.GroupIDs, err = group.PopulateGroup(userGroups)
|
u.GroupIDs, err = group.PopulateGroup(userGroups)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -40,6 +40,7 @@ objectclass: top
|
|||||||
dn: cn=harbor_group,ou=groups,dc=example,dc=com
|
dn: cn=harbor_group,ou=groups,dc=example,dc=com
|
||||||
cn: harbor_group
|
cn: harbor_group
|
||||||
description: harbor group
|
description: harbor group
|
||||||
|
o: hgroup
|
||||||
member: cn=mike,ou=people,dc=example,dc=com
|
member: cn=mike,ou=people,dc=example,dc=com
|
||||||
member: cn=mike02,ou=people,dc=example,dc=com
|
member: cn=mike02,ou=people,dc=example,dc=com
|
||||||
objectclass: groupOfNames
|
objectclass: groupOfNames
|
||||||
|
Loading…
Reference in New Issue
Block a user