mirror of
https://github.com/nitnelave/lldap.git
synced 2023-04-12 14:25:13 +00:00
ldap: return uids instead of cns for users
This commit is contained in:
parent
4f89b73fe5
commit
f1b86a16ee
@ -125,11 +125,7 @@ fn make_ldap_search_user_result_entry(
|
|||||||
base_dn_str: &str,
|
base_dn_str: &str,
|
||||||
attributes: &[String],
|
attributes: &[String],
|
||||||
) -> Result<LdapSearchResultEntry> {
|
) -> Result<LdapSearchResultEntry> {
|
||||||
let dn = format!(
|
let dn = format!("uid={},ou=people,{}", user.user_id.as_str(), base_dn_str);
|
||||||
"cn={},ou=people,{}",
|
|
||||||
user.display_name.as_str(),
|
|
||||||
base_dn_str
|
|
||||||
);
|
|
||||||
Ok(LdapSearchResultEntry {
|
Ok(LdapSearchResultEntry {
|
||||||
dn: dn.clone(),
|
dn: dn.clone(),
|
||||||
attributes: attributes
|
attributes: attributes
|
||||||
@ -165,7 +161,7 @@ fn get_group_attribute(
|
|||||||
.users
|
.users
|
||||||
.iter()
|
.iter()
|
||||||
.filter(|u| user_filter.map(|f| *u == f).unwrap_or(true))
|
.filter(|u| user_filter.map(|f| *u == f).unwrap_or(true))
|
||||||
.map(|u| format!("cn={},ou=people,{}", u, base_dn_str))
|
.map(|u| format!("uid={},ou=people,{}", u, base_dn_str))
|
||||||
.collect(),
|
.collect(),
|
||||||
"1.1" => return Ok(None),
|
"1.1" => return Ok(None),
|
||||||
_ => bail!("Unsupported group attribute: {}", attribute),
|
_ => bail!("Unsupported group attribute: {}", attribute),
|
||||||
@ -311,7 +307,7 @@ impl<Backend: BackendHandler + LoginHandler + OpaqueHandler> LdapHandler<Backend
|
|||||||
ldap_base_dn
|
ldap_base_dn
|
||||||
)
|
)
|
||||||
}),
|
}),
|
||||||
ldap_user_dn: LdapDn(format!("cn={},ou=people,{}", ldap_user_dn, &ldap_base_dn)),
|
ldap_user_dn: LdapDn(format!("uid={},ou=people,{}", ldap_user_dn, &ldap_base_dn)),
|
||||||
base_dn_str: ldap_base_dn,
|
base_dn_str: ldap_base_dn,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -786,7 +782,7 @@ mod tests {
|
|||||||
let mut ldap_handler =
|
let mut ldap_handler =
|
||||||
LdapHandler::new(mock, "dc=example,dc=com".to_string(), UserId::new("test"));
|
LdapHandler::new(mock, "dc=example,dc=com".to_string(), UserId::new("test"));
|
||||||
let request = LdapBindRequest {
|
let request = LdapBindRequest {
|
||||||
dn: "cn=test,ou=people,dc=example,dc=com".to_string(),
|
dn: "uid=test,ou=people,dc=example,dc=com".to_string(),
|
||||||
cred: LdapBindCred::Simple("pass".to_string()),
|
cred: LdapBindCred::Simple("pass".to_string()),
|
||||||
};
|
};
|
||||||
assert_eq!(
|
assert_eq!(
|
||||||
@ -841,7 +837,7 @@ mod tests {
|
|||||||
LdapHandler::new(mock, "dc=example,dc=com".to_string(), UserId::new("test"));
|
LdapHandler::new(mock, "dc=example,dc=com".to_string(), UserId::new("test"));
|
||||||
|
|
||||||
let request = LdapBindRequest {
|
let request = LdapBindRequest {
|
||||||
dn: "cn=test,ou=people,dc=example,dc=com".to_string(),
|
dn: "uid=test,ou=people,dc=example,dc=com".to_string(),
|
||||||
cred: LdapBindCred::Simple("pass".to_string()),
|
cred: LdapBindCred::Simple("pass".to_string()),
|
||||||
};
|
};
|
||||||
assert_eq!(
|
assert_eq!(
|
||||||
@ -868,7 +864,7 @@ mod tests {
|
|||||||
.times(1)
|
.times(1)
|
||||||
.return_once(|_| {
|
.return_once(|_| {
|
||||||
Ok(vec![User {
|
Ok(vec![User {
|
||||||
display_name: "test".to_string(),
|
user_id: UserId::new("test"),
|
||||||
..Default::default()
|
..Default::default()
|
||||||
}])
|
}])
|
||||||
});
|
});
|
||||||
@ -876,7 +872,7 @@ mod tests {
|
|||||||
LdapHandler::new(mock, "dc=example,dc=com".to_string(), UserId::new("admin"));
|
LdapHandler::new(mock, "dc=example,dc=com".to_string(), UserId::new("admin"));
|
||||||
|
|
||||||
let request = LdapBindRequest {
|
let request = LdapBindRequest {
|
||||||
dn: "cn=test,ou=people,dc=example,dc=com".to_string(),
|
dn: "uid=test,ou=people,dc=example,dc=com".to_string(),
|
||||||
cred: LdapBindCred::Simple("pass".to_string()),
|
cred: LdapBindCred::Simple("pass".to_string()),
|
||||||
};
|
};
|
||||||
assert_eq!(
|
assert_eq!(
|
||||||
@ -890,7 +886,7 @@ mod tests {
|
|||||||
ldap_handler.do_search(&request).await,
|
ldap_handler.do_search(&request).await,
|
||||||
vec![
|
vec![
|
||||||
LdapOp::SearchResultEntry(LdapSearchResultEntry {
|
LdapOp::SearchResultEntry(LdapSearchResultEntry {
|
||||||
dn: "cn=test,ou=people,dc=example,dc=com".to_string(),
|
dn: "uid=test,ou=people,dc=example,dc=com".to_string(),
|
||||||
attributes: vec![],
|
attributes: vec![],
|
||||||
}),
|
}),
|
||||||
make_search_success()
|
make_search_success()
|
||||||
@ -913,7 +909,7 @@ mod tests {
|
|||||||
LdapResultCode::NamingViolation,
|
LdapResultCode::NamingViolation,
|
||||||
);
|
);
|
||||||
let request = LdapBindRequest {
|
let request = LdapBindRequest {
|
||||||
dn: "cn=bob,ou=groups,dc=example,dc=com".to_string(),
|
dn: "uid=bob,dc=example,dc=com".to_string(),
|
||||||
cred: LdapBindCred::Simple("pass".to_string()),
|
cred: LdapBindCred::Simple("pass".to_string()),
|
||||||
};
|
};
|
||||||
assert_eq!(
|
assert_eq!(
|
||||||
@ -921,7 +917,7 @@ mod tests {
|
|||||||
LdapResultCode::NamingViolation,
|
LdapResultCode::NamingViolation,
|
||||||
);
|
);
|
||||||
let request = LdapBindRequest {
|
let request = LdapBindRequest {
|
||||||
dn: "cn=bob,ou=people,dc=example,dc=fr".to_string(),
|
dn: "uid=bob,ou=groups,dc=example,dc=com".to_string(),
|
||||||
cred: LdapBindCred::Simple("pass".to_string()),
|
cred: LdapBindCred::Simple("pass".to_string()),
|
||||||
};
|
};
|
||||||
assert_eq!(
|
assert_eq!(
|
||||||
@ -929,7 +925,15 @@ mod tests {
|
|||||||
LdapResultCode::NamingViolation,
|
LdapResultCode::NamingViolation,
|
||||||
);
|
);
|
||||||
let request = LdapBindRequest {
|
let request = LdapBindRequest {
|
||||||
dn: "cn=bob=test,ou=people,dc=example,dc=com".to_string(),
|
dn: "uid=bob,ou=people,dc=example,dc=fr".to_string(),
|
||||||
|
cred: LdapBindCred::Simple("pass".to_string()),
|
||||||
|
};
|
||||||
|
assert_eq!(
|
||||||
|
ldap_handler.do_bind(&request).await.0,
|
||||||
|
LdapResultCode::NamingViolation,
|
||||||
|
);
|
||||||
|
let request = LdapBindRequest {
|
||||||
|
dn: "uid=bob=test,ou=people,dc=example,dc=com".to_string(),
|
||||||
cred: LdapBindCred::Simple("pass".to_string()),
|
cred: LdapBindCred::Simple("pass".to_string()),
|
||||||
};
|
};
|
||||||
assert_eq!(
|
assert_eq!(
|
||||||
@ -1013,7 +1017,7 @@ mod tests {
|
|||||||
ldap_handler.do_search(&request).await,
|
ldap_handler.do_search(&request).await,
|
||||||
vec![
|
vec![
|
||||||
LdapOp::SearchResultEntry(LdapSearchResultEntry {
|
LdapOp::SearchResultEntry(LdapSearchResultEntry {
|
||||||
dn: "cn=Bôb Böbberson,ou=people,dc=example,dc=com".to_string(),
|
dn: "uid=bob_1,ou=people,dc=example,dc=com".to_string(),
|
||||||
attributes: vec![
|
attributes: vec![
|
||||||
LdapPartialAttribute {
|
LdapPartialAttribute {
|
||||||
atype: "objectClass".to_string(),
|
atype: "objectClass".to_string(),
|
||||||
@ -1026,7 +1030,7 @@ mod tests {
|
|||||||
},
|
},
|
||||||
LdapPartialAttribute {
|
LdapPartialAttribute {
|
||||||
atype: "dn".to_string(),
|
atype: "dn".to_string(),
|
||||||
vals: vec!["cn=Bôb Böbberson,ou=people,dc=example,dc=com".to_string()]
|
vals: vec!["uid=bob_1,ou=people,dc=example,dc=com".to_string()]
|
||||||
},
|
},
|
||||||
LdapPartialAttribute {
|
LdapPartialAttribute {
|
||||||
atype: "uid".to_string(),
|
atype: "uid".to_string(),
|
||||||
@ -1055,7 +1059,7 @@ mod tests {
|
|||||||
],
|
],
|
||||||
}),
|
}),
|
||||||
LdapOp::SearchResultEntry(LdapSearchResultEntry {
|
LdapOp::SearchResultEntry(LdapSearchResultEntry {
|
||||||
dn: "cn=Jimminy Cricket,ou=people,dc=example,dc=com".to_string(),
|
dn: "uid=jim,ou=people,dc=example,dc=com".to_string(),
|
||||||
attributes: vec![
|
attributes: vec![
|
||||||
LdapPartialAttribute {
|
LdapPartialAttribute {
|
||||||
atype: "objectClass".to_string(),
|
atype: "objectClass".to_string(),
|
||||||
@ -1068,7 +1072,7 @@ mod tests {
|
|||||||
},
|
},
|
||||||
LdapPartialAttribute {
|
LdapPartialAttribute {
|
||||||
atype: "dn".to_string(),
|
atype: "dn".to_string(),
|
||||||
vals: vec!["cn=Jimminy Cricket,ou=people,dc=example,dc=com".to_string()]
|
vals: vec!["uid=jim,ou=people,dc=example,dc=com".to_string()]
|
||||||
},
|
},
|
||||||
LdapPartialAttribute {
|
LdapPartialAttribute {
|
||||||
atype: "uid".to_string(),
|
atype: "uid".to_string(),
|
||||||
@ -1148,8 +1152,8 @@ mod tests {
|
|||||||
LdapPartialAttribute {
|
LdapPartialAttribute {
|
||||||
atype: "uniqueMember".to_string(),
|
atype: "uniqueMember".to_string(),
|
||||||
vals: vec![
|
vals: vec![
|
||||||
"cn=bob,ou=people,dc=example,dc=com".to_string(),
|
"uid=bob,ou=people,dc=example,dc=com".to_string(),
|
||||||
"cn=john,ou=people,dc=example,dc=com".to_string(),
|
"uid=john,ou=people,dc=example,dc=com".to_string(),
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
],
|
],
|
||||||
@ -1171,7 +1175,7 @@ mod tests {
|
|||||||
},
|
},
|
||||||
LdapPartialAttribute {
|
LdapPartialAttribute {
|
||||||
atype: "uniqueMember".to_string(),
|
atype: "uniqueMember".to_string(),
|
||||||
vals: vec!["cn=john,ou=people,dc=example,dc=com".to_string()]
|
vals: vec!["uid=john,ou=people,dc=example,dc=com".to_string()]
|
||||||
},
|
},
|
||||||
],
|
],
|
||||||
}),
|
}),
|
||||||
@ -1205,7 +1209,7 @@ mod tests {
|
|||||||
LdapFilter::Equality("cn".to_string(), "group_1".to_string()),
|
LdapFilter::Equality("cn".to_string(), "group_1".to_string()),
|
||||||
LdapFilter::Equality(
|
LdapFilter::Equality(
|
||||||
"uniqueMember".to_string(),
|
"uniqueMember".to_string(),
|
||||||
"cn=bob,ou=people,dc=example,dc=com".to_string(),
|
"uid=bob,ou=people,dc=example,dc=com".to_string(),
|
||||||
),
|
),
|
||||||
LdapFilter::Equality("objectclass".to_string(), "groupOfUniqueNames".to_string()),
|
LdapFilter::Equality("objectclass".to_string(), "groupOfUniqueNames".to_string()),
|
||||||
LdapFilter::Equality("objectclass".to_string(), "groupOfNames".to_string()),
|
LdapFilter::Equality("objectclass".to_string(), "groupOfNames".to_string()),
|
||||||
@ -1413,7 +1417,7 @@ mod tests {
|
|||||||
.times(1)
|
.times(1)
|
||||||
.return_once(|_| {
|
.return_once(|_| {
|
||||||
Ok(vec![User {
|
Ok(vec![User {
|
||||||
display_name: "bob_1".to_string(),
|
user_id: UserId::new("bob_1"),
|
||||||
..Default::default()
|
..Default::default()
|
||||||
}])
|
}])
|
||||||
});
|
});
|
||||||
@ -1428,7 +1432,7 @@ mod tests {
|
|||||||
ldap_handler.do_search(&request).await,
|
ldap_handler.do_search(&request).await,
|
||||||
vec![
|
vec![
|
||||||
LdapOp::SearchResultEntry(LdapSearchResultEntry {
|
LdapOp::SearchResultEntry(LdapSearchResultEntry {
|
||||||
dn: "cn=bob_1,ou=people,dc=example,dc=com".to_string(),
|
dn: "uid=bob_1,ou=people,dc=example,dc=com".to_string(),
|
||||||
attributes: vec![LdapPartialAttribute {
|
attributes: vec![LdapPartialAttribute {
|
||||||
atype: "objectclass".to_string(),
|
atype: "objectclass".to_string(),
|
||||||
vals: vec![
|
vals: vec![
|
||||||
@ -1477,7 +1481,7 @@ mod tests {
|
|||||||
ldap_handler.do_search(&request).await,
|
ldap_handler.do_search(&request).await,
|
||||||
vec![
|
vec![
|
||||||
LdapOp::SearchResultEntry(LdapSearchResultEntry {
|
LdapOp::SearchResultEntry(LdapSearchResultEntry {
|
||||||
dn: "cn=Bôb Böbberson,ou=people,dc=example,dc=com".to_string(),
|
dn: "uid=bob_1,ou=people,dc=example,dc=com".to_string(),
|
||||||
attributes: vec![
|
attributes: vec![
|
||||||
LdapPartialAttribute {
|
LdapPartialAttribute {
|
||||||
atype: "objectClass".to_string(),
|
atype: "objectClass".to_string(),
|
||||||
@ -1490,7 +1494,7 @@ mod tests {
|
|||||||
},
|
},
|
||||||
LdapPartialAttribute {
|
LdapPartialAttribute {
|
||||||
atype: "dn".to_string(),
|
atype: "dn".to_string(),
|
||||||
vals: vec!["cn=Bôb Böbberson,ou=people,dc=example,dc=com".to_string()]
|
vals: vec!["uid=bob_1,ou=people,dc=example,dc=com".to_string()]
|
||||||
},
|
},
|
||||||
LdapPartialAttribute {
|
LdapPartialAttribute {
|
||||||
atype: "cn".to_string(),
|
atype: "cn".to_string(),
|
||||||
@ -1582,7 +1586,7 @@ mod tests {
|
|||||||
let mut ldap_handler = setup_bound_handler(mock).await;
|
let mut ldap_handler = setup_bound_handler(mock).await;
|
||||||
let request = LdapOp::ExtendedRequest(
|
let request = LdapOp::ExtendedRequest(
|
||||||
LdapPasswordModifyRequest {
|
LdapPasswordModifyRequest {
|
||||||
user_identity: Some("cn=bob,ou=people,dc=example,dc=com".to_string()),
|
user_identity: Some("uid=bob,ou=people,dc=example,dc=com".to_string()),
|
||||||
old_password: None,
|
old_password: None,
|
||||||
new_password: Some("password".to_string()),
|
new_password: Some("password".to_string()),
|
||||||
}
|
}
|
||||||
@ -1617,7 +1621,7 @@ mod tests {
|
|||||||
);
|
);
|
||||||
let request = LdapOp::ExtendedRequest(
|
let request = LdapOp::ExtendedRequest(
|
||||||
LdapPasswordModifyRequest {
|
LdapPasswordModifyRequest {
|
||||||
user_identity: Some("cn=bob,ou=groups,ou=people,dc=example,dc=com".to_string()),
|
user_identity: Some("uid=bob,ou=groups,ou=people,dc=example,dc=com".to_string()),
|
||||||
old_password: None,
|
old_password: None,
|
||||||
new_password: Some("password".to_string()),
|
new_password: Some("password".to_string()),
|
||||||
}
|
}
|
||||||
@ -1627,7 +1631,7 @@ mod tests {
|
|||||||
ldap_handler.handle_ldap_message(request).await,
|
ldap_handler.handle_ldap_message(request).await,
|
||||||
Some(vec![make_extended_response(
|
Some(vec![make_extended_response(
|
||||||
LdapResultCode::InvalidDNSyntax,
|
LdapResultCode::InvalidDNSyntax,
|
||||||
r#"Invalid username: "Unexpected user DN format. Got \"cn=bob,ou=groups,ou=people,dc=example,dc=com\", expected: \"uid=username,ou=people,dc=example,dc=com\"""#.to_string(),
|
r#"Invalid username: "Unexpected user DN format. Got \"uid=bob,ou=groups,ou=people,dc=example,dc=com\", expected: \"uid=username,ou=people,dc=example,dc=com\"""#.to_string(),
|
||||||
)])
|
)])
|
||||||
);
|
);
|
||||||
let request = LdapOp::ExtendedRequest(LdapExtendedRequest {
|
let request = LdapOp::ExtendedRequest(LdapExtendedRequest {
|
||||||
|
Loading…
Reference in New Issue
Block a user