GH-1879 Make LDAP objectClass configurable through "typeAttribute" pr…

…operty (Resolve #1879)
dzikoysk · Aug 11, 2023 · b2ec513 · b2ec513
1 parent 62deca6
commit b2ec513
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 11 deletions.
diff --git a/reposilite-backend/src/main/kotlin/com/reposilite/auth/LdapAuthenticator.kt b/reposilite-backend/src/main/kotlin/com/reposilite/auth/LdapAuthenticator.kt
@@ -71,7 +71,7 @@ internal class LdapAuthenticator(
             createSearchContext()
                 .flatMap {
                     it.search(
-                        ldapFilterQuery = "(&(objectClass=person)($userAttribute={0}))", // find user entry with search user,
+                        ldapFilterQuery = "(&(objectClass=$typeAttribute)($userAttribute={0}))", // find user entry with search user,
                         ldapFilterQueryArguments = arrayOf(credentials.name),
                         requestedAttributes = arrayOf(userAttribute)
                     )
@@ -93,7 +93,7 @@ internal class LdapAuthenticator(
                 }
                 .flatMap {
                     it.search(
-                        ldapFilterQuery = "(&(objectClass=person)($userAttribute={0})$userFilter)", // filter result with user-filter from configuration
+                        ldapFilterQuery = "(&(objectClass=$typeAttribute)($userAttribute={0})$userFilter)", // filter result with user-filter from configuration
                         ldapFilterQueryArguments = arrayOf(credentials.name),
                         requestedAttributes = arrayOf(userAttribute)
                     )

diff --git a/reposilite-backend/src/main/kotlin/com/reposilite/auth/application/AuthenticationSettings.kt b/reposilite-backend/src/main/kotlin/com/reposilite/auth/application/AuthenticationSettings.kt
@@ -44,10 +44,12 @@ data class LdapSettings(
     val searchUserDn: String = "cn=reposilite,ou=admins,dc=domain,dc=com",
     @get:Doc(title = "Search-User Password", description = "Search user's password")
     val searchUserPassword: String = "reposilite-admin-secret",
+    @get:Doc(title = "Type Attribute", description = "Attribute in LDAP that represents given type/group (objectClass)")
+    val typeAttribute: String = "person",
     @get:Doc(title = "User Attribute", description = "Attribute in LDAP that represents unique username used to create access token")
     val userAttribute: String = "cn",
     @get:Doc(title = "User Filter", description = "LDAP user filter")
-    val userFilter: String = "(&(objectClass=person)(ou=Maven Users))",
+    val userFilter: String = "(&(objectClass=$typeAttribute)(ou=Maven Users))",
     @get:Doc(title = "User Type", description = "Should the created through LDAP access token be TEMPORARY or PERSISTENT")
     val userType: AccessTokenType = PERSISTENT
 ) : SharedSettings
diff --git a/reposilite-site/data/guides/authentication/ldap.md b/reposilite-site/data/guides/authentication/ldap.md
@@ -10,14 +10,15 @@ If you feel that current implementation could be improved or slightly changed, l
 First of all, you have to enable LDAP authenticator in [shared settings](). 
 Then, you can configure configuration to your LDAP server.
 
-| Property | Example value | Description |
-| :--: | :---: | :---: |
-| baseDn | dc=company,dc=com | Base DN with users | 
-| searchUserDn | cn=reposilite,ou=admins,dc=domain,dc=com | User used to perform searches in LDAP server (requires permissions to read all LDAP entries) |
-| searchUserPassword | reposilite-admin-secret | Search user's password |
-| userAttribute | cn | Attribute in LDAP that represents unique username used to create access token |
-| userFilter | (&(objectClass=person)(ou=Maven Users)) | LDAP user filter |
-| userType | TEMPORARY or PERSISTENT | Type of mapped token |
+|      Property      |              Example value               |                                         Description                                          |
+|:------------------:|:----------------------------------------:|:--------------------------------------------------------------------------------------------:|
+|       baseDn       |            dc=company,dc=com             |                                      Base DN with users                                      | 
+|    searchUserDn    | cn=reposilite,ou=admins,dc=domain,dc=com | User used to perform searches in LDAP server (requires permissions to read all LDAP entries) |
+| searchUserPassword |         reposilite-admin-secret          |                                    Search user's password                                    |
+|   typeAttribute    |                  person                  |                       Attribute in LDAP that object type (objectClass)                       |
+|   userAttribute    |                    cn                    |        Attribute in LDAP that represents unique username used to create access token         |
+|     userFilter     | (&(objectClass=person)(ou=Maven Users))  |                                       LDAP user filter                                       |
+|      userType      |         TEMPORARY or PERSISTENT          |                                     Type of mapped token                                     |
 
 `Tip` If you're not familiar with LDAP, 
 you may also try to find some detailed docs about LDAP integration in other open source tools such as e.g. [GitLab Docs / LDAP](https://docs.gitlab.com/ee/administration/auth/ldap/). 

diff --git a/reposilite-site/data/guides/installation/settings.md b/reposilite-site/data/guides/installation/settings.md
@@ -193,6 +193,7 @@ Example output:
       "baseDn": "dc=company,dc=com",
       "searchUserDn": "cn=reposilite,ou=admins,dc=domain,dc=com",
       "searchUserPassword": "reposilite-admin-secret",
+      "typeAttribute": "person",
       "userAttribute": "cn",
       "userFilter": "(&(objectClass=person)(ou=Maven Users))",
       "userType": "PERSISTENT"