Add UID and GID in ldap auth driver

cs3org · Aug 18, 2020 · 68264fb · 68264fb
1 parent 8bf3c70
commit 68264fb
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 1 deletion.
diff --git a/changelog/unreleased/auth-ldap-uid.md b/changelog/unreleased/auth-ldap-uid.md
@@ -0,0 +1,7 @@
+Enhancement: Add UID and GID in ldap auth driver
+
+The PR https://github.com/cs3org/reva/pull/1088/ added the functionality to
+lookup UID and GID from the ldap user provider. This PR adds the same to the
+ldap auth manager.
+
+https://github.com/cs3org/reva/pull/1101
diff --git a/pkg/auth/manager/ldap/ldap.go b/pkg/auth/manager/ldap/ldap.go
@@ -25,6 +25,7 @@ import (
 	"strings"
 
 	user "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1"
+	types "github.com/cs3org/go-cs3apis/cs3/types/v1beta1"
 	"github.com/cs3org/reva/pkg/appctx"
 	"github.com/cs3org/reva/pkg/auth"
 	"github.com/cs3org/reva/pkg/auth/manager/registry"
@@ -66,6 +67,10 @@ type attributes struct {
 	Mail string `mapstructure:"mail"`
 	// Displayname is the Human readable name, e.g. `Albert Einstein`
 	DisplayName string `mapstructure:"displayName"`
+	// UIDNumber is a numeric id that maps to a filesystem uid, eg. 123546
+	UIDNumber string `mapstructure:"uidNumber"`
+	// GIDNumber is a numeric id that maps to a filesystem gid, eg. 654321
+	GIDNumber string `mapstructure:"gidNumber"`
 }
 
 // Default attributes (Active Directory)
@@ -75,6 +80,8 @@ var ldapDefaults = attributes{
 	CN:          "cn",
 	Mail:        "mail",
 	DisplayName: "displayName",
+	UIDNumber:   "uidNumber",
+	GIDNumber:   "gidNumber",
 }
 
 func parseConfig(m map[string]interface{}) (*config, error) {
@@ -130,7 +137,7 @@ func (am *mgr) Authenticate(ctx context.Context, clientID, clientSecret string)
 		am.c.BaseDN,
 		ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
 		am.getLoginFilter(clientID),
-		[]string{am.c.Schema.DN, am.c.Schema.UID, am.c.Schema.CN, am.c.Schema.Mail, am.c.Schema.DisplayName},
+		[]string{am.c.Schema.DN, am.c.Schema.UID, am.c.Schema.CN, am.c.Schema.Mail, am.c.Schema.DisplayName, am.c.Schema.UIDNumber, am.c.Schema.GIDNumber},
 		nil,
 	)
 
@@ -163,6 +170,18 @@ func (am *mgr) Authenticate(ctx context.Context, clientID, clientSecret string)
 		Groups:      []string{},
 		Mail:        sr.Entries[0].GetEqualFoldAttributeValue(am.c.Schema.Mail),
 		DisplayName: sr.Entries[0].GetEqualFoldAttributeValue(am.c.Schema.DisplayName),
+		Opaque: &types.Opaque{
+			Map: map[string]*types.OpaqueEntry{
+				"uid": {
+					Decoder: "plain",
+					Value:   []byte(sr.Entries[0].GetEqualFoldAttributeValue(am.c.Schema.UIDNumber)),
+				},
+				"gid": {
+					Decoder: "plain",
+					Value:   []byte(sr.Entries[0].GetEqualFoldAttributeValue(am.c.Schema.GIDNumber)),
+				},
+			},
+		},
 	}
 	log.Debug().Interface("entry", sr.Entries[0]).Interface("user", u).Msg("authenticated user")
 

diff --git a/pkg/storage/utils/eosfs/eosfs.go b/pkg/storage/utils/eosfs/eosfs.go
@@ -1409,6 +1409,9 @@ func (fs *eosfs) extractUIDAndGID(u *userpb.User) (string, string, error) {
 			}
 		}
 	}
+	if uid == "" || gid == "" {
+		return "", "", errors.New("eos: uid or gid missing for user")
+	}
 	return uid, gid, nil
 }