mirror/lldap
1
0
Fork 0
mirror of https://github.com/nitnelave/lldap.git synced 2023-04-12 14:25:13 +00:00
Code Issues Projects Releases Wiki Activity

server: stop returning "dn" as an attribute

Browse Source 
It's already part of the base response

Fixes #254.
This commit is contained in:
Valentin Tolmer 2022-08-01 17:55:42 +02:00 committed by nitnelave
parent 134a9366f5
commit 64556fc744
1 changed files with 16 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
server/src/infra/ldap_handler.rs
View File

@ -151,7 +151,6 @@ fn get_user_id_from_distinguished_name(
fn get_user_attribute( fn get_user_attribute(
user: &User, user: &User,
attribute: &str, attribute: &str,
dn: &str,
base_dn_str: &str, base_dn_str: &str,
groups: Option<&[GroupDetails]>, groups: Option<&[GroupDetails]>,
ignored_user_attributes: &[String], ignored_user_attributes: &[String],
@ -164,7 +163,8 @@ fn get_user_attribute(
"mailAccount".to_string(), "mailAccount".to_string(),
"person".to_string(), "person".to_string(),
], ],
"dn" | "distinguishedname" => vec![dn.to_string()], // dn is always returned as part of the base response.
"dn" | "distinguishedname" => return Ok(None),
"uid" => vec![user.user_id.to_string()], "uid" => vec![user.user_id.to_string()],
"entryuuid" => vec![user.uuid.to_string()], "entryuuid" => vec![user.uuid.to_string()],
"mail" => vec![user.email.clone()], "mail" => vec![user.email.clone()],
@ -232,7 +232,6 @@ fn expand_attribute_wildcards<'a>(
const ALL_USER_ATTRIBUTE_KEYS: &[&str] = &[ const ALL_USER_ATTRIBUTE_KEYS: &[&str] = &[
"objectclass", "objectclass",
"dn",
"uid", "uid",
"mail", "mail",
"givenname", "givenname",
@ -251,14 +250,13 @@ fn make_ldap_search_user_result_entry(
let dn = format!("uid={},ou=people,{}", user.user_id.as_str(), base_dn_str); let dn = format!("uid={},ou=people,{}", user.user_id.as_str(), base_dn_str);
Ok(LdapSearchResultEntry { Ok(LdapSearchResultEntry {
dn: dn.clone(), dn,
attributes: attributes attributes: attributes
.iter() .iter()
.filter_map(|a| { .filter_map(|a| {
let values = match get_user_attribute( let values = match get_user_attribute(
&user, &user,
a, a,
&dn,
base_dn_str, base_dn_str,
groups, groups,
ignored_user_attributes, ignored_user_attributes,
@ -285,10 +283,8 @@ fn get_group_attribute(
let attribute = attribute.to_ascii_lowercase(); let attribute = attribute.to_ascii_lowercase();
Ok(Some(match attribute.as_str() { Ok(Some(match attribute.as_str() {
"objectclass" => vec!["groupOfUniqueNames".to_string()], "objectclass" => vec!["groupOfUniqueNames".to_string()],
"dn" | "distinguishedname" => vec![format!( // Always returned as part of the base response.
"cn={},ou=groups,{}", "dn" | "distinguishedname" => return Ok(None),
group.display_name, base_dn_str
)],
"cn" | "uid" => vec![group.display_name.clone()], "cn" | "uid" => vec![group.display_name.clone()],
"entryuuid" => vec![group.uuid.to_string()], "entryuuid" => vec![group.uuid.to_string()],
"member" | "uniquemember" => group "member" | "uniquemember" => group
@ -319,8 +315,7 @@ fn get_group_attribute(
})) }))
} }
const ALL_GROUP_ATTRIBUTE_KEYS: &[&str] = const ALL_GROUP_ATTRIBUTE_KEYS: &[&str] = &["objectclass", "uid", "cn", "member", "uniquemember"];
&["objectclass", "dn", "uid", "cn", "member", "uniquemember"];
fn make_ldap_search_group_result_entry( fn make_ldap_search_group_result_entry(
group: Group, group: Group,
@ -930,7 +925,11 @@ impl<Backend: BackendHandler + LoginHandler + OpaqueHandler> LdapHandler<Backend
self.convert_group_filter(filter)?, self.convert_group_filter(filter)?,
))), ))),
LdapFilter::Present(field) => { LdapFilter::Present(field) => {
if ALL_GROUP_ATTRIBUTE_KEYS.contains(&field.to_ascii_lowercase().as_str()) { let field = &field.to_ascii_lowercase();
if field == "dn"
|| field == "distinguishedname"
|| ALL_GROUP_ATTRIBUTE_KEYS.contains(&field.as_str())
{
Ok(GroupRequestFilter::And(vec![])) Ok(GroupRequestFilter::And(vec![]))
} else { } else {
Ok(GroupRequestFilter::Not(Box::new(GroupRequestFilter::And( Ok(GroupRequestFilter::Not(Box::new(GroupRequestFilter::And(
@ -1007,7 +1006,11 @@ impl<Backend: BackendHandler + LoginHandler + OpaqueHandler> LdapHandler<Backend
LdapFilter::Present(field) => { LdapFilter::Present(field) => {
let field = &field.to_ascii_lowercase(); let field = &field.to_ascii_lowercase();
// Check that it's a field we support. // Check that it's a field we support.
if field == "objectclass" || map_field(field).is_ok() { if field == "objectclass"
|| field == "dn"
|| field == "distinguishedname"
|| map_field(field).is_ok()
{
Ok(UserRequestFilter::And(vec![])) Ok(UserRequestFilter::And(vec![]))
} else { } else {
Ok(UserRequestFilter::Not(Box::new(UserRequestFilter::And( Ok(UserRequestFilter::Not(Box::new(UserRequestFilter::And(
@ -1493,10 +1496,6 @@ mod tests {
"person".to_string() "person".to_string()
] ]
}, },
LdapPartialAttribute {
atype: "dn".to_string(),
vals: vec!["uid=bob_1,ou=people,dc=example,dc=com".to_string()]
},
LdapPartialAttribute { LdapPartialAttribute {
atype: "uid".to_string(), atype: "uid".to_string(),
vals: vec!["bob_1".to_string()] vals: vec!["bob_1".to_string()]
@ -1539,10 +1538,6 @@ mod tests {
"person".to_string() "person".to_string()
] ]
}, },
LdapPartialAttribute {
atype: "dn".to_string(),
vals: vec!["uid=jim,ou=people,dc=example,dc=com".to_string()]
},
LdapPartialAttribute { LdapPartialAttribute {
atype: "uid".to_string(), atype: "uid".to_string(),
vals: vec!["jim".to_string()] vals: vec!["jim".to_string()]
@ -1618,10 +1613,6 @@ mod tests {
atype: "objectClass".to_string(), atype: "objectClass".to_string(),
vals: vec!["groupOfUniqueNames".to_string(),] vals: vec!["groupOfUniqueNames".to_string(),]
}, },
LdapPartialAttribute {
atype: "dn".to_string(),
vals: vec!["cn=group_1,ou=groups,dc=example,dc=com".to_string()]
},
LdapPartialAttribute { LdapPartialAttribute {
atype: "cn".to_string(), atype: "cn".to_string(),
vals: vec!["group_1".to_string()] vals: vec!["group_1".to_string()]
@ -1646,10 +1637,6 @@ mod tests {
atype: "objectClass".to_string(), atype: "objectClass".to_string(),
vals: vec!["groupOfUniqueNames".to_string(),] vals: vec!["groupOfUniqueNames".to_string(),]
}, },
LdapPartialAttribute {
atype: "dn".to_string(),
vals: vec!["cn=BestGroup,ou=groups,dc=example,dc=com".to_string()]
},
LdapPartialAttribute { LdapPartialAttribute {
atype: "cn".to_string(), atype: "cn".to_string(),
vals: vec!["BestGroup".to_string()] vals: vec!["BestGroup".to_string()]
@ -2043,10 +2030,6 @@ mod tests {
"person".to_string() "person".to_string()
] ]
}, },
LdapPartialAttribute {
atype: "dn".to_string(),
vals: vec!["uid=bob_1,ou=people,dc=example,dc=com".to_string()]
},
LdapPartialAttribute { LdapPartialAttribute {
atype: "cn".to_string(), atype: "cn".to_string(),
vals: vec!["Bôb Böbberson".to_string()] vals: vec!["Bôb Böbberson".to_string()]
@ -2060,10 +2043,6 @@ mod tests {
atype: "objectClass".to_string(), atype: "objectClass".to_string(),
vals: vec!["groupOfUniqueNames".to_string(),] vals: vec!["groupOfUniqueNames".to_string(),]
}, },
LdapPartialAttribute {
atype: "dn".to_string(),
vals: vec!["cn=group_1,ou=groups,dc=example,dc=com".to_string()]
},
LdapPartialAttribute { LdapPartialAttribute {
atype: "cn".to_string(), atype: "cn".to_string(),
vals: vec!["group_1".to_string()] vals: vec!["group_1".to_string()]
@ -2124,10 +2103,6 @@ mod tests {
"person".to_string(), "person".to_string(),
], ],
}, },
LdapPartialAttribute {
atype: "dn".to_string(),
vals: vec!["uid=bob_1,ou=people,dc=example,dc=com".to_string()],
},
LdapPartialAttribute { LdapPartialAttribute {
atype: "uid".to_string(), atype: "uid".to_string(),
vals: vec!["bob_1".to_string()], vals: vec!["bob_1".to_string()],
@ -2162,10 +2137,6 @@ mod tests {
atype: "objectclass".to_string(), atype: "objectclass".to_string(),
vals: vec!["groupOfUniqueNames".to_string()], vals: vec!["groupOfUniqueNames".to_string()],
}, },
LdapPartialAttribute {
atype: "dn".to_string(),
vals: vec!["cn=group_1,ou=groups,dc=example,dc=com".to_string()],
},
// UID // UID
LdapPartialAttribute { LdapPartialAttribute {
atype: "uid".to_string(), atype: "uid".to_string(),