Skip to content

Commit

Permalink
Add UserTypeProperty to get user type from ldap user entry
Browse files Browse the repository at this point in the history
  • Loading branch information
Daniel Swärd committed Mar 23, 2023
1 parent 390932a commit d55045a
Show file tree
Hide file tree
Showing 4 changed files with 27 additions and 2 deletions.
5 changes: 5 additions & 0 deletions changelog/unreleased/add-ldap-usertype-attribute.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
Enhancement: Add LDAP user type attribute

Adding an LDAP attribute so that we can distinguish between member and guest users.

#3744
2 changes: 1 addition & 1 deletion pkg/auth/manager/ldap/ldap.go
Original file line number Diff line number Diff line change
Expand Up @@ -144,7 +144,7 @@ func (am *mgr) Authenticate(ctx context.Context, clientID, clientSecret string)
userID := &user.UserId{
Idp: am.c.Idp,
OpaqueId: uid,
Type: user.UserType_USER_TYPE_PRIMARY, // TODO: assign the appropriate user type
Type: am.c.LDAPIdentity.GetUserType(userEntry),
}
gwc, err := pool.GetGatewayServiceClient(am.c.GatewaySvc)
if err != nil {
Expand Down
2 changes: 1 addition & 1 deletion pkg/user/manager/ldap/ldap.go
Original file line number Diff line number Diff line change
Expand Up @@ -261,6 +261,6 @@ func (m *manager) ldapEntryToUserID(entry *ldap.Entry) (*userpb.UserId, error) {
return &userpb.UserId{
Idp: m.c.Idp,
OpaqueId: uid,
Type: userpb.UserType_USER_TYPE_PRIMARY,
Type: m.c.LDAPIdentity.GetUserType(entry),
}, nil
}
20 changes: 20 additions & 0 deletions pkg/utils/ldap/identity.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ import (
"fmt"
"strings"

identityUser "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1"
"github.com/cs3org/reva/v2/pkg/errtypes"
"github.com/go-ldap/ldap/v3"
"github.com/google/uuid"
Expand All @@ -43,6 +44,7 @@ type userConfig struct {
Objectclass string `mapstructure:"user_objectclass"`
DisableMechanism string `mapstructure:"user_disable_mechanism"`
EnabledProperty string `mapstructure:"user_enabled_property"`
UserTypeProperty string `mapstructure:"user_type_property"`
Schema userSchema `mapstructure:"user_schema"`
SubstringFilterType string `mapstructure:"user_substring_filter_type"`
substringFilterVal int
Expand Down Expand Up @@ -207,6 +209,8 @@ func (i *Identity) GetLDAPUserByFilter(log *zerolog.Logger, lc ldap.Client, filt
i.User.Schema.Username,
i.User.Schema.UIDNumber,
i.User.Schema.GIDNumber,
i.User.EnabledProperty,
i.User.UserTypeProperty,
},
nil,
)
Expand Down Expand Up @@ -246,6 +250,7 @@ func (i *Identity) GetLDAPUserByDN(log *zerolog.Logger, lc ldap.Client, dn strin
i.User.Schema.Username,
i.User.Schema.UIDNumber,
i.User.Schema.GIDNumber,
i.User.EnabledProperty,
},
nil,
)
Expand Down Expand Up @@ -277,6 +282,8 @@ func (i *Identity) GetLDAPUsers(log *zerolog.Logger, lc ldap.Client, query strin
i.User.Schema.DisplayName,
i.User.Schema.UIDNumber,
i.User.Schema.GIDNumber,
i.User.EnabledProperty,
i.User.UserTypeProperty,
},
nil,
)
Expand Down Expand Up @@ -685,3 +692,16 @@ func (i *Identity) getGroupAttributeFilter(attribute, value string) (string, err
value,
), nil
}

// GetUserType is used to set the proper UserType from ldap entry string
func (i *Identity) GetUserType(userEntry *ldap.Entry) identityUser.UserType {
userTypeString := userEntry.GetEqualFoldAttributeValue(i.User.UserTypeProperty)
switch strings.ToLower(userTypeString) {
case "member":
return identityUser.UserType_USER_TYPE_PRIMARY
case "guest":
return identityUser.UserType_USER_TYPE_GUEST
default:
return identityUser.UserType_USER_TYPE_PRIMARY
}
}

0 comments on commit d55045a

Please sign in to comment.