From 844d348c07d3b8ce110248dcb7afe68daf9b21c4 Mon Sep 17 00:00:00 2001 From: Geoff Greer Date: Tue, 1 Oct 2024 17:33:37 -0700 Subject: [PATCH] Search for more object classes when listing groups and users. This fixes some issues with LDAP servers that have less common object classes for users & groups. --- pkg/connector/group.go | 8 +++++--- pkg/connector/user.go | 14 ++++++++++++-- 2 files changed, 17 insertions(+), 5 deletions(-) diff --git a/pkg/connector/group.go b/pkg/connector/group.go index baaea9b..c102ce4 100644 --- a/pkg/connector/group.go +++ b/pkg/connector/group.go @@ -19,9 +19,10 @@ import ( ) const ( - groupFilter = "(|(objectClass=groupOfUniqueNames)(objectClass=posixGroup))" - groupIdFilter = "(&(gidNumber=%s)(|(objectClass=groupOfUniqueNames)(objectClass=posixGroup)))" - groupMemberFilter = "(&(objectClass=posixAccount)(uid=%s))" + groupObjectClasses = "(objectClass=groupOfUniqueNames)(objectClass=posixGroup)(objectClass=group)" + groupFilter = "(|" + groupObjectClasses + ")" + groupIdFilter = "(&(gidNumber=%s)(|" + groupObjectClasses + "))" + groupMemberFilter = "(&(objectClass=posixAccount)(uid=%s))" attrGroupCommonName = "cn" attrGroupIdPosix = "gidNumber" @@ -29,6 +30,7 @@ const ( attrGroupMemberPosix = "memberUid" attrGroupDescription = "description" + // TODO: use user "memberOf" attribute to get group membership? groupMemberEntitlement = "member" ) diff --git a/pkg/connector/user.go b/pkg/connector/user.go index dad3ead..733edce 100644 --- a/pkg/connector/user.go +++ b/pkg/connector/user.go @@ -12,6 +12,7 @@ import ( rs "github.com/conductorone/baton-sdk/pkg/types/resource" "github.com/grpc-ecosystem/go-grpc-middleware/logging/zap/ctxzap" "go.uber.org/zap" + "golang.org/x/exp/slices" "github.com/conductorone/baton-ldap/pkg/ldap" ) @@ -19,8 +20,7 @@ import ( // InetOrgPerson resource structure // https://datatracker.ietf.org/doc/html/rfc2798 const ( - userFilter = "(objectClass=inetOrgPerson)" - + userFilter = "(|(objectClass=inetOrgPerson)(objectClass=person)(objectClass=user)(objectClass=organizationalPerson))" attrUserUID = "uid" attrUserCommonName = "cn" attrFirstName = "givenName" @@ -170,6 +170,16 @@ func userResource(ctx context.Context, user *ldap.Entry) (*v2.Resource, error) { rs.WithStatus(userStatus), } + objectClasses := user.GetAttributeValues("objectClass") + switch { + case slices.Contains(objectClasses, "computer"): + userTraitOptions = append(userTraitOptions, rs.WithAccountType(v2.UserTrait_ACCOUNT_TYPE_SERVICE)) + case slices.Contains(objectClasses, "person"): + userTraitOptions = append(userTraitOptions, rs.WithAccountType(v2.UserTrait_ACCOUNT_TYPE_HUMAN)) + default: + userTraitOptions = append(userTraitOptions, rs.WithAccountType(v2.UserTrait_ACCOUNT_TYPE_UNSPECIFIED)) + } + login, aliases := parseUserLogin(user) if login != "" { userTraitOptions = append(userTraitOptions, rs.WithUserLogin(login, aliases...))