From b2ec51399926fc48aed9df8c03bccd5f77e819f5 Mon Sep 17 00:00:00 2001 From: dzikoysk Date: Fri, 11 Aug 2023 20:07:18 +0200 Subject: [PATCH] GH-1879 Make LDAP objectClass configurable through "typeAttribute" property (Resolve #1879) --- .../com/reposilite/auth/LdapAuthenticator.kt | 4 ++-- .../auth/application/AuthenticationSettings.kt | 4 +++- .../data/guides/authentication/ldap.md | 17 +++++++++-------- .../data/guides/installation/settings.md | 1 + 4 files changed, 15 insertions(+), 11 deletions(-) diff --git a/reposilite-backend/src/main/kotlin/com/reposilite/auth/LdapAuthenticator.kt b/reposilite-backend/src/main/kotlin/com/reposilite/auth/LdapAuthenticator.kt index 061d5654f..197305bb5 100644 --- a/reposilite-backend/src/main/kotlin/com/reposilite/auth/LdapAuthenticator.kt +++ b/reposilite-backend/src/main/kotlin/com/reposilite/auth/LdapAuthenticator.kt @@ -71,7 +71,7 @@ internal class LdapAuthenticator( createSearchContext() .flatMap { it.search( - ldapFilterQuery = "(&(objectClass=person)($userAttribute={0}))", // find user entry with search user, + ldapFilterQuery = "(&(objectClass=$typeAttribute)($userAttribute={0}))", // find user entry with search user, ldapFilterQueryArguments = arrayOf(credentials.name), requestedAttributes = arrayOf(userAttribute) ) @@ -93,7 +93,7 @@ internal class LdapAuthenticator( } .flatMap { it.search( - ldapFilterQuery = "(&(objectClass=person)($userAttribute={0})$userFilter)", // filter result with user-filter from configuration + ldapFilterQuery = "(&(objectClass=$typeAttribute)($userAttribute={0})$userFilter)", // filter result with user-filter from configuration ldapFilterQueryArguments = arrayOf(credentials.name), requestedAttributes = arrayOf(userAttribute) ) diff --git a/reposilite-backend/src/main/kotlin/com/reposilite/auth/application/AuthenticationSettings.kt b/reposilite-backend/src/main/kotlin/com/reposilite/auth/application/AuthenticationSettings.kt index 9b1b024bf..3df3f1416 100644 --- a/reposilite-backend/src/main/kotlin/com/reposilite/auth/application/AuthenticationSettings.kt +++ b/reposilite-backend/src/main/kotlin/com/reposilite/auth/application/AuthenticationSettings.kt @@ -44,10 +44,12 @@ data class LdapSettings( val searchUserDn: String = "cn=reposilite,ou=admins,dc=domain,dc=com", @get:Doc(title = "Search-User Password", description = "Search user's password") val searchUserPassword: String = "reposilite-admin-secret", + @get:Doc(title = "Type Attribute", description = "Attribute in LDAP that represents given type/group (objectClass)") + val typeAttribute: String = "person", @get:Doc(title = "User Attribute", description = "Attribute in LDAP that represents unique username used to create access token") val userAttribute: String = "cn", @get:Doc(title = "User Filter", description = "LDAP user filter") - val userFilter: String = "(&(objectClass=person)(ou=Maven Users))", + val userFilter: String = "(&(objectClass=$typeAttribute)(ou=Maven Users))", @get:Doc(title = "User Type", description = "Should the created through LDAP access token be TEMPORARY or PERSISTENT") val userType: AccessTokenType = PERSISTENT ) : SharedSettings diff --git a/reposilite-site/data/guides/authentication/ldap.md b/reposilite-site/data/guides/authentication/ldap.md index 584308651..3744d5e7c 100644 --- a/reposilite-site/data/guides/authentication/ldap.md +++ b/reposilite-site/data/guides/authentication/ldap.md @@ -10,14 +10,15 @@ If you feel that current implementation could be improved or slightly changed, l First of all, you have to enable LDAP authenticator in [shared settings](). Then, you can configure configuration to your LDAP server. -| Property | Example value | Description | -| :--: | :---: | :---: | -| baseDn | dc=company,dc=com | Base DN with users | -| searchUserDn | cn=reposilite,ou=admins,dc=domain,dc=com | User used to perform searches in LDAP server (requires permissions to read all LDAP entries) | -| searchUserPassword | reposilite-admin-secret | Search user's password | -| userAttribute | cn | Attribute in LDAP that represents unique username used to create access token | -| userFilter | (&(objectClass=person)(ou=Maven Users)) | LDAP user filter | -| userType | TEMPORARY or PERSISTENT | Type of mapped token | +| Property | Example value | Description | +|:------------------:|:----------------------------------------:|:--------------------------------------------------------------------------------------------:| +| baseDn | dc=company,dc=com | Base DN with users | +| searchUserDn | cn=reposilite,ou=admins,dc=domain,dc=com | User used to perform searches in LDAP server (requires permissions to read all LDAP entries) | +| searchUserPassword | reposilite-admin-secret | Search user's password | +| typeAttribute | person | Attribute in LDAP that object type (objectClass) | +| userAttribute | cn | Attribute in LDAP that represents unique username used to create access token | +| userFilter | (&(objectClass=person)(ou=Maven Users)) | LDAP user filter | +| userType | TEMPORARY or PERSISTENT | Type of mapped token | `Tip` If you're not familiar with LDAP, you may also try to find some detailed docs about LDAP integration in other open source tools such as e.g. [GitLab Docs / LDAP](https://docs.gitlab.com/ee/administration/auth/ldap/). diff --git a/reposilite-site/data/guides/installation/settings.md b/reposilite-site/data/guides/installation/settings.md index 158a22364..df626c5c1 100644 --- a/reposilite-site/data/guides/installation/settings.md +++ b/reposilite-site/data/guides/installation/settings.md @@ -193,6 +193,7 @@ Example output: "baseDn": "dc=company,dc=com", "searchUserDn": "cn=reposilite,ou=admins,dc=domain,dc=com", "searchUserPassword": "reposilite-admin-secret", + "typeAttribute": "person", "userAttribute": "cn", "userFilter": "(&(objectClass=person)(ou=Maven Users))", "userType": "PERSISTENT"