mirror of
https://github.com/nitnelave/lldap.git
synced 2023-04-12 14:25:13 +00:00
server: Add support for DN filters
This commit is contained in:
parent
f979e16b95
commit
807fd10d13
@ -12,7 +12,8 @@ use crate::domain::{
|
|||||||
use super::{
|
use super::{
|
||||||
error::LdapResult,
|
error::LdapResult,
|
||||||
utils::{
|
utils::{
|
||||||
expand_attribute_wildcards, get_user_id_from_distinguished_name, map_group_field, LdapInfo,
|
expand_attribute_wildcards, get_group_id_from_distinguished_name,
|
||||||
|
get_user_id_from_distinguished_name, map_group_field, LdapInfo,
|
||||||
},
|
},
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -126,6 +127,19 @@ fn convert_group_filter(
|
|||||||
vec![],
|
vec![],
|
||||||
)))),
|
)))),
|
||||||
},
|
},
|
||||||
|
"dn" => Ok(
|
||||||
|
match get_group_id_from_distinguished_name(
|
||||||
|
value.to_ascii_lowercase().as_str(),
|
||||||
|
&ldap_info.base_dn,
|
||||||
|
&ldap_info.base_dn_str,
|
||||||
|
) {
|
||||||
|
Ok(value) => GroupRequestFilter::DisplayName(value),
|
||||||
|
Err(_) => {
|
||||||
|
warn!("Invalid dn filter on group: {}", value);
|
||||||
|
GroupRequestFilter::Not(Box::new(GroupRequestFilter::And(vec![])))
|
||||||
|
}
|
||||||
|
},
|
||||||
|
),
|
||||||
_ => match map_group_field(field) {
|
_ => match map_group_field(field) {
|
||||||
Some(GroupColumn::DisplayName) => {
|
Some(GroupColumn::DisplayName) => {
|
||||||
Ok(GroupRequestFilter::DisplayName(value.to_string()))
|
Ok(GroupRequestFilter::DisplayName(value.to_string()))
|
||||||
|
@ -6,7 +6,10 @@ use tracing::{debug, info, instrument, warn};
|
|||||||
|
|
||||||
use crate::domain::{
|
use crate::domain::{
|
||||||
handler::{BackendHandler, UserRequestFilter},
|
handler::{BackendHandler, UserRequestFilter},
|
||||||
ldap::{error::LdapError, utils::expand_attribute_wildcards},
|
ldap::{
|
||||||
|
error::LdapError,
|
||||||
|
utils::{expand_attribute_wildcards, get_user_id_from_distinguished_name},
|
||||||
|
},
|
||||||
types::{GroupDetails, User, UserColumn, UserId},
|
types::{GroupDetails, User, UserColumn, UserId},
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -147,6 +150,19 @@ fn convert_user_filter(ldap_info: &LdapInfo, filter: &LdapFilter) -> LdapResult<
|
|||||||
vec![],
|
vec![],
|
||||||
)))),
|
)))),
|
||||||
},
|
},
|
||||||
|
"dn" => Ok(
|
||||||
|
match get_user_id_from_distinguished_name(
|
||||||
|
value.to_ascii_lowercase().as_str(),
|
||||||
|
&ldap_info.base_dn,
|
||||||
|
&ldap_info.base_dn_str,
|
||||||
|
) {
|
||||||
|
Ok(value) => UserRequestFilter::UserId(value),
|
||||||
|
Err(_) => {
|
||||||
|
warn!("Invalid dn filter on user: {}", value);
|
||||||
|
UserRequestFilter::Not(Box::new(UserRequestFilter::And(vec![])))
|
||||||
|
}
|
||||||
|
},
|
||||||
|
),
|
||||||
_ => match map_user_field(field) {
|
_ => match map_user_field(field) {
|
||||||
Some(UserColumn::UserId) => Ok(UserRequestFilter::UserId(UserId::new(value))),
|
Some(UserColumn::UserId) => Ok(UserRequestFilter::UserId(UserId::new(value))),
|
||||||
Some(field) => Ok(UserRequestFilter::Equality(field, value.clone())),
|
Some(field) => Ok(UserRequestFilter::Equality(field, value.clone())),
|
||||||
|
@ -1217,6 +1217,7 @@ mod tests {
|
|||||||
.with(eq(Some(GroupRequestFilter::And(vec![
|
.with(eq(Some(GroupRequestFilter::And(vec![
|
||||||
GroupRequestFilter::DisplayName("group_1".to_string()),
|
GroupRequestFilter::DisplayName("group_1".to_string()),
|
||||||
GroupRequestFilter::Member(UserId::new("bob")),
|
GroupRequestFilter::Member(UserId::new("bob")),
|
||||||
|
GroupRequestFilter::DisplayName("rockstars".to_string()),
|
||||||
GroupRequestFilter::And(vec![]),
|
GroupRequestFilter::And(vec![]),
|
||||||
GroupRequestFilter::And(vec![]),
|
GroupRequestFilter::And(vec![]),
|
||||||
GroupRequestFilter::And(vec![]),
|
GroupRequestFilter::And(vec![]),
|
||||||
@ -1245,6 +1246,10 @@ mod tests {
|
|||||||
"uniqueMember".to_string(),
|
"uniqueMember".to_string(),
|
||||||
"uid=bob,ou=peopLe,Dc=eXample,dc=com".to_string(),
|
"uid=bob,ou=peopLe,Dc=eXample,dc=com".to_string(),
|
||||||
),
|
),
|
||||||
|
LdapFilter::Equality(
|
||||||
|
"dn".to_string(),
|
||||||
|
"uid=rockstars,ou=groups,dc=example,dc=com".to_string(),
|
||||||
|
),
|
||||||
LdapFilter::Equality("obJEctclass".to_string(), "groupofUniqueNames".to_string()),
|
LdapFilter::Equality("obJEctclass".to_string(), "groupofUniqueNames".to_string()),
|
||||||
LdapFilter::Equality("objectclass".to_string(), "groupOfNames".to_string()),
|
LdapFilter::Equality("objectclass".to_string(), "groupOfNames".to_string()),
|
||||||
LdapFilter::Present("objectclass".to_string()),
|
LdapFilter::Present("objectclass".to_string()),
|
||||||
@ -1403,6 +1408,7 @@ mod tests {
|
|||||||
UserRequestFilter::Not(Box::new(UserRequestFilter::UserId(UserId::new(
|
UserRequestFilter::Not(Box::new(UserRequestFilter::UserId(UserId::new(
|
||||||
"bob",
|
"bob",
|
||||||
)))),
|
)))),
|
||||||
|
UserRequestFilter::UserId("bob_1".to_string().into()),
|
||||||
UserRequestFilter::And(vec![]),
|
UserRequestFilter::And(vec![]),
|
||||||
UserRequestFilter::Not(Box::new(UserRequestFilter::And(vec![]))),
|
UserRequestFilter::Not(Box::new(UserRequestFilter::And(vec![]))),
|
||||||
UserRequestFilter::And(vec![]),
|
UserRequestFilter::And(vec![]),
|
||||||
@ -1422,6 +1428,10 @@ mod tests {
|
|||||||
"uid".to_string(),
|
"uid".to_string(),
|
||||||
"bob".to_string(),
|
"bob".to_string(),
|
||||||
))),
|
))),
|
||||||
|
LdapFilter::Equality(
|
||||||
|
"dn".to_string(),
|
||||||
|
"uid=bob_1,ou=people,dc=example,dc=com".to_string(),
|
||||||
|
),
|
||||||
LdapFilter::Equality("objectclass".to_string(), "persOn".to_string()),
|
LdapFilter::Equality("objectclass".to_string(), "persOn".to_string()),
|
||||||
LdapFilter::Equality("objectclass".to_string(), "other".to_string()),
|
LdapFilter::Equality("objectclass".to_string(), "other".to_string()),
|
||||||
LdapFilter::Present("objectClass".to_string()),
|
LdapFilter::Present("objectClass".to_string()),
|
||||||
|
Loading…
Reference in New Issue
Block a user