Use groupSearch.userAttributeForFilter during ActiveDirectory group searches
- Load the setting in the controller. - The LDAP auth code is shared between AD and LDAP, so no new changes there in this commit.
This commit is contained in:
Ryan Richard
parent
0a1f966886
commit
600d002a35
@ -204,7 +204,7 @@ func (g *activeDirectoryUpstreamGenericLDAPGroupSearch) Filter() string {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (g *activeDirectoryUpstreamGenericLDAPGroupSearch) UserAttributeForFilter() string {
|
func (g *activeDirectoryUpstreamGenericLDAPGroupSearch) UserAttributeForFilter() string {
|
||||||
return ""
|
return g.groupSearch.UserAttributeForFilter
|
||||||
}
|
}
|
||||||
|
|
||||||
func (g *activeDirectoryUpstreamGenericLDAPGroupSearch) GroupNameAttribute() string {
|
func (g *activeDirectoryUpstreamGenericLDAPGroupSearch) GroupNameAttribute() string {
|
||||||
@ -333,10 +333,11 @@ func (c *activeDirectoryWatcherController) validateUpstream(ctx context.Context,
|
|||||||
UIDAttribute: adUpstreamImpl.Spec().UserSearch().UIDAttribute(),
|
UIDAttribute: adUpstreamImpl.Spec().UserSearch().UIDAttribute(),
|
||||||
},
|
},
|
||||||
GroupSearch: upstreamldap.GroupSearchConfig{
|
GroupSearch: upstreamldap.GroupSearchConfig{
|
||||||
Base: spec.GroupSearch.Base,
|
Base: spec.GroupSearch.Base,
|
||||||
Filter: adUpstreamImpl.Spec().GroupSearch().Filter(),
|
Filter: adUpstreamImpl.Spec().GroupSearch().Filter(),
|
||||||
GroupNameAttribute: adUpstreamImpl.Spec().GroupSearch().GroupNameAttribute(),
|
UserAttributeForFilter: adUpstreamImpl.Spec().GroupSearch().UserAttributeForFilter(),
|
||||||
SkipGroupRefresh: spec.GroupSearch.SkipGroupRefresh,
|
GroupNameAttribute: adUpstreamImpl.Spec().GroupSearch().GroupNameAttribute(),
|
||||||
|
SkipGroupRefresh: spec.GroupSearch.SkipGroupRefresh,
|
||||||
},
|
},
|
||||||
Dialer: c.ldapDialer,
|
Dialer: c.ldapDialer,
|
||||||
UIDAttributeParsingOverrides: map[string]func(*ldap.Entry) (string, error){
|
UIDAttributeParsingOverrides: map[string]func(*ldap.Entry) (string, error){
|
||||||
|
|||||||
@ -1,4 +1,4 @@
|
|||||||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
// SPDX-License-Identifier: Apache-2.0
|
||||||
|
|
||||||
package activedirectoryupstreamwatcher
|
package activedirectoryupstreamwatcher
|
||||||
@ -149,20 +149,25 @@ func TestActiveDirectoryUpstreamWatcherControllerSync(t *testing.T) {
|
|||||||
now := metav1.NewTime(time.Now().UTC())
|
now := metav1.NewTime(time.Now().UTC())
|
||||||
|
|
||||||
const (
|
const (
|
||||||
testNamespace = "test-namespace"
|
testNamespace = "test-namespace"
|
||||||
testName = "test-name"
|
testName = "test-name"
|
||||||
testResourceUID = "test-uid"
|
testResourceUID = "test-uid"
|
||||||
testSecretName = "test-bind-secret"
|
|
||||||
testBindUsername = "test-bind-username"
|
testHost = "ldap.example.com:123"
|
||||||
testBindPassword = "test-bind-password"
|
|
||||||
testHost = "ldap.example.com:123"
|
testBindSecretName = "test-bind-secret"
|
||||||
testUserSearchBase = "test-user-search-base"
|
testBindUsername = "test-bind-username"
|
||||||
testUserSearchFilter = "test-user-search-filter"
|
testBindPassword = "test-bind-password"
|
||||||
testGroupSearchBase = "test-group-search-base"
|
|
||||||
testGroupSearchFilter = "test-group-search-filter"
|
testUserSearchBase = "test-user-search-base"
|
||||||
testUsernameAttrName = "test-username-attr"
|
testUserSearchFilter = "test-user-search-filter"
|
||||||
testGroupNameAttrName = "test-group-name-attr"
|
testUserSearchUsernameAttrName = "test-username-attr"
|
||||||
testUIDAttrName = "test-uid-attr"
|
testUserSearchUIDAttrName = "test-uid-attr"
|
||||||
|
|
||||||
|
testGroupSearchBase = "test-group-search-base"
|
||||||
|
testGroupSearchFilter = "test-group-search-filter"
|
||||||
|
testGroupSearchUserAttributeForFilter = "test-group-search-filter-user-attr-for-filter"
|
||||||
|
testGroupSearchNameAttrName = "test-group-name-attr"
|
||||||
)
|
)
|
||||||
|
|
||||||
testValidSecretData := map[string][]byte{"username": []byte(testBindUsername), "password": []byte(testBindPassword)}
|
testValidSecretData := map[string][]byte{"username": []byte(testBindUsername), "password": []byte(testBindPassword)}
|
||||||
@ -177,20 +182,21 @@ func TestActiveDirectoryUpstreamWatcherControllerSync(t *testing.T) {
|
|||||||
Spec: v1alpha1.ActiveDirectoryIdentityProviderSpec{
|
Spec: v1alpha1.ActiveDirectoryIdentityProviderSpec{
|
||||||
Host: testHost,
|
Host: testHost,
|
||||||
TLS: &v1alpha1.TLSSpec{CertificateAuthorityData: testCABundleBase64Encoded},
|
TLS: &v1alpha1.TLSSpec{CertificateAuthorityData: testCABundleBase64Encoded},
|
||||||
Bind: v1alpha1.ActiveDirectoryIdentityProviderBind{SecretName: testSecretName},
|
Bind: v1alpha1.ActiveDirectoryIdentityProviderBind{SecretName: testBindSecretName},
|
||||||
UserSearch: v1alpha1.ActiveDirectoryIdentityProviderUserSearch{
|
UserSearch: v1alpha1.ActiveDirectoryIdentityProviderUserSearch{
|
||||||
Base: testUserSearchBase,
|
Base: testUserSearchBase,
|
||||||
Filter: testUserSearchFilter,
|
Filter: testUserSearchFilter,
|
||||||
Attributes: v1alpha1.ActiveDirectoryIdentityProviderUserSearchAttributes{
|
Attributes: v1alpha1.ActiveDirectoryIdentityProviderUserSearchAttributes{
|
||||||
Username: testUsernameAttrName,
|
Username: testUserSearchUsernameAttrName,
|
||||||
UID: testUIDAttrName,
|
UID: testUserSearchUIDAttrName,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
GroupSearch: v1alpha1.ActiveDirectoryIdentityProviderGroupSearch{
|
GroupSearch: v1alpha1.ActiveDirectoryIdentityProviderGroupSearch{
|
||||||
Base: testGroupSearchBase,
|
Base: testGroupSearchBase,
|
||||||
Filter: testGroupSearchFilter,
|
Filter: testGroupSearchFilter,
|
||||||
|
UserAttributeForFilter: testGroupSearchUserAttributeForFilter,
|
||||||
Attributes: v1alpha1.ActiveDirectoryIdentityProviderGroupSearchAttributes{
|
Attributes: v1alpha1.ActiveDirectoryIdentityProviderGroupSearchAttributes{
|
||||||
GroupName: testGroupNameAttrName,
|
GroupName: testGroupSearchNameAttrName,
|
||||||
},
|
},
|
||||||
SkipGroupRefresh: false,
|
SkipGroupRefresh: false,
|
||||||
},
|
},
|
||||||
@ -213,13 +219,14 @@ func TestActiveDirectoryUpstreamWatcherControllerSync(t *testing.T) {
|
|||||||
UserSearch: upstreamldap.UserSearchConfig{
|
UserSearch: upstreamldap.UserSearchConfig{
|
||||||
Base: testUserSearchBase,
|
Base: testUserSearchBase,
|
||||||
Filter: testUserSearchFilter,
|
Filter: testUserSearchFilter,
|
||||||
UsernameAttribute: testUsernameAttrName,
|
UsernameAttribute: testUserSearchUsernameAttrName,
|
||||||
UIDAttribute: testUIDAttrName,
|
UIDAttribute: testUserSearchUIDAttrName,
|
||||||
},
|
},
|
||||||
GroupSearch: upstreamldap.GroupSearchConfig{
|
GroupSearch: upstreamldap.GroupSearchConfig{
|
||||||
Base: testGroupSearchBase,
|
Base: testGroupSearchBase,
|
||||||
Filter: testGroupSearchFilter,
|
Filter: testGroupSearchFilter,
|
||||||
GroupNameAttribute: testGroupNameAttrName,
|
UserAttributeForFilter: testGroupSearchUserAttributeForFilter,
|
||||||
|
GroupNameAttribute: testGroupSearchNameAttrName,
|
||||||
},
|
},
|
||||||
UIDAttributeParsingOverrides: map[string]func(*ldap.Entry) (string, error){"objectGUID": microsoftUUIDFromBinaryAttr("objectGUID")},
|
UIDAttributeParsingOverrides: map[string]func(*ldap.Entry) (string, error){"objectGUID": microsoftUUIDFromBinaryAttr("objectGUID")},
|
||||||
RefreshAttributeChecks: map[string]func(*ldap.Entry, provider.RefreshAttributes) error{
|
RefreshAttributeChecks: map[string]func(*ldap.Entry, provider.RefreshAttributes) error{
|
||||||
@ -252,7 +259,7 @@ func TestActiveDirectoryUpstreamWatcherControllerSync(t *testing.T) {
|
|||||||
Reason: "Success",
|
Reason: "Success",
|
||||||
Message: fmt.Sprintf(
|
Message: fmt.Sprintf(
|
||||||
`successfully able to connect to "%s" and bind as user "%s" [validated with Secret "%s" at version "%s"]`,
|
`successfully able to connect to "%s" and bind as user "%s" [validated with Secret "%s" at version "%s"]`,
|
||||||
testHost, testBindUsername, testSecretName, secretVersion),
|
testHost, testBindUsername, testBindSecretName, secretVersion),
|
||||||
ObservedGeneration: gen,
|
ObservedGeneration: gen,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -324,7 +331,7 @@ func TestActiveDirectoryUpstreamWatcherControllerSync(t *testing.T) {
|
|||||||
|
|
||||||
validBindUserSecret := func(secretVersion string) *corev1.Secret {
|
validBindUserSecret := func(secretVersion string) *corev1.Secret {
|
||||||
return &corev1.Secret{
|
return &corev1.Secret{
|
||||||
ObjectMeta: metav1.ObjectMeta{Name: testSecretName, Namespace: testNamespace, ResourceVersion: secretVersion},
|
ObjectMeta: metav1.ObjectMeta{Name: testBindSecretName, Namespace: testNamespace, ResourceVersion: secretVersion},
|
||||||
Type: corev1.SecretTypeBasicAuth,
|
Type: corev1.SecretTypeBasicAuth,
|
||||||
Data: testValidSecretData,
|
Data: testValidSecretData,
|
||||||
}
|
}
|
||||||
@ -417,7 +424,7 @@ func TestActiveDirectoryUpstreamWatcherControllerSync(t *testing.T) {
|
|||||||
Status: "False",
|
Status: "False",
|
||||||
LastTransitionTime: now,
|
LastTransitionTime: now,
|
||||||
Reason: "SecretNotFound",
|
Reason: "SecretNotFound",
|
||||||
Message: fmt.Sprintf(`secret "%s" not found`, testSecretName),
|
Message: fmt.Sprintf(`secret "%s" not found`, testBindSecretName),
|
||||||
ObservedGeneration: 1234,
|
ObservedGeneration: 1234,
|
||||||
},
|
},
|
||||||
tlsConfigurationValidLoadedTrueCondition(1234),
|
tlsConfigurationValidLoadedTrueCondition(1234),
|
||||||
@ -429,7 +436,7 @@ func TestActiveDirectoryUpstreamWatcherControllerSync(t *testing.T) {
|
|||||||
name: "secret has wrong type",
|
name: "secret has wrong type",
|
||||||
inputUpstreams: []runtime.Object{validUpstream},
|
inputUpstreams: []runtime.Object{validUpstream},
|
||||||
inputSecrets: []runtime.Object{&corev1.Secret{
|
inputSecrets: []runtime.Object{&corev1.Secret{
|
||||||
ObjectMeta: metav1.ObjectMeta{Name: testSecretName, Namespace: testNamespace},
|
ObjectMeta: metav1.ObjectMeta{Name: testBindSecretName, Namespace: testNamespace},
|
||||||
Type: "some-other-type",
|
Type: "some-other-type",
|
||||||
Data: testValidSecretData,
|
Data: testValidSecretData,
|
||||||
}},
|
}},
|
||||||
@ -445,7 +452,7 @@ func TestActiveDirectoryUpstreamWatcherControllerSync(t *testing.T) {
|
|||||||
Status: "False",
|
Status: "False",
|
||||||
LastTransitionTime: now,
|
LastTransitionTime: now,
|
||||||
Reason: "SecretWrongType",
|
Reason: "SecretWrongType",
|
||||||
Message: fmt.Sprintf(`referenced Secret "%s" has wrong type "some-other-type" (should be "kubernetes.io/basic-auth")`, testSecretName),
|
Message: fmt.Sprintf(`referenced Secret "%s" has wrong type "some-other-type" (should be "kubernetes.io/basic-auth")`, testBindSecretName),
|
||||||
ObservedGeneration: 1234,
|
ObservedGeneration: 1234,
|
||||||
},
|
},
|
||||||
tlsConfigurationValidLoadedTrueCondition(1234),
|
tlsConfigurationValidLoadedTrueCondition(1234),
|
||||||
@ -457,7 +464,7 @@ func TestActiveDirectoryUpstreamWatcherControllerSync(t *testing.T) {
|
|||||||
name: "secret is missing key",
|
name: "secret is missing key",
|
||||||
inputUpstreams: []runtime.Object{validUpstream},
|
inputUpstreams: []runtime.Object{validUpstream},
|
||||||
inputSecrets: []runtime.Object{&corev1.Secret{
|
inputSecrets: []runtime.Object{&corev1.Secret{
|
||||||
ObjectMeta: metav1.ObjectMeta{Name: testSecretName, Namespace: testNamespace},
|
ObjectMeta: metav1.ObjectMeta{Name: testBindSecretName, Namespace: testNamespace},
|
||||||
Type: corev1.SecretTypeBasicAuth,
|
Type: corev1.SecretTypeBasicAuth,
|
||||||
}},
|
}},
|
||||||
wantErr: controllerlib.ErrSyntheticRequeue.Error(),
|
wantErr: controllerlib.ErrSyntheticRequeue.Error(),
|
||||||
@ -472,7 +479,7 @@ func TestActiveDirectoryUpstreamWatcherControllerSync(t *testing.T) {
|
|||||||
Status: "False",
|
Status: "False",
|
||||||
LastTransitionTime: now,
|
LastTransitionTime: now,
|
||||||
Reason: "SecretMissingKeys",
|
Reason: "SecretMissingKeys",
|
||||||
Message: fmt.Sprintf(`referenced Secret "%s" is missing required keys ["username" "password"]`, testSecretName),
|
Message: fmt.Sprintf(`referenced Secret "%s" is missing required keys ["username" "password"]`, testBindSecretName),
|
||||||
ObservedGeneration: 1234,
|
ObservedGeneration: 1234,
|
||||||
},
|
},
|
||||||
tlsConfigurationValidLoadedTrueCondition(1234),
|
tlsConfigurationValidLoadedTrueCondition(1234),
|
||||||
@ -555,13 +562,14 @@ func TestActiveDirectoryUpstreamWatcherControllerSync(t *testing.T) {
|
|||||||
UserSearch: upstreamldap.UserSearchConfig{
|
UserSearch: upstreamldap.UserSearchConfig{
|
||||||
Base: testUserSearchBase,
|
Base: testUserSearchBase,
|
||||||
Filter: testUserSearchFilter,
|
Filter: testUserSearchFilter,
|
||||||
UsernameAttribute: testUsernameAttrName,
|
UsernameAttribute: testUserSearchUsernameAttrName,
|
||||||
UIDAttribute: testUIDAttrName,
|
UIDAttribute: testUserSearchUIDAttrName,
|
||||||
},
|
},
|
||||||
GroupSearch: upstreamldap.GroupSearchConfig{
|
GroupSearch: upstreamldap.GroupSearchConfig{
|
||||||
Base: testGroupSearchBase,
|
Base: testGroupSearchBase,
|
||||||
Filter: testGroupSearchFilter,
|
Filter: testGroupSearchFilter,
|
||||||
GroupNameAttribute: testGroupNameAttrName,
|
UserAttributeForFilter: testGroupSearchUserAttributeForFilter,
|
||||||
|
GroupNameAttribute: testGroupSearchNameAttrName,
|
||||||
},
|
},
|
||||||
UIDAttributeParsingOverrides: map[string]func(*ldap.Entry) (string, error){"objectGUID": microsoftUUIDFromBinaryAttr("objectGUID")},
|
UIDAttributeParsingOverrides: map[string]func(*ldap.Entry) (string, error){"objectGUID": microsoftUUIDFromBinaryAttr("objectGUID")},
|
||||||
RefreshAttributeChecks: map[string]func(*ldap.Entry, provider.RefreshAttributes) error{
|
RefreshAttributeChecks: map[string]func(*ldap.Entry, provider.RefreshAttributes) error{
|
||||||
@ -624,13 +632,14 @@ func TestActiveDirectoryUpstreamWatcherControllerSync(t *testing.T) {
|
|||||||
UserSearch: upstreamldap.UserSearchConfig{
|
UserSearch: upstreamldap.UserSearchConfig{
|
||||||
Base: testUserSearchBase,
|
Base: testUserSearchBase,
|
||||||
Filter: testUserSearchFilter,
|
Filter: testUserSearchFilter,
|
||||||
UsernameAttribute: testUsernameAttrName,
|
UsernameAttribute: testUserSearchUsernameAttrName,
|
||||||
UIDAttribute: testUIDAttrName,
|
UIDAttribute: testUserSearchUIDAttrName,
|
||||||
},
|
},
|
||||||
GroupSearch: upstreamldap.GroupSearchConfig{
|
GroupSearch: upstreamldap.GroupSearchConfig{
|
||||||
Base: testGroupSearchBase,
|
Base: testGroupSearchBase,
|
||||||
Filter: testGroupSearchFilter,
|
Filter: testGroupSearchFilter,
|
||||||
GroupNameAttribute: "sAMAccountName",
|
UserAttributeForFilter: testGroupSearchUserAttributeForFilter,
|
||||||
|
GroupNameAttribute: "sAMAccountName",
|
||||||
},
|
},
|
||||||
UIDAttributeParsingOverrides: map[string]func(*ldap.Entry) (string, error){"objectGUID": microsoftUUIDFromBinaryAttr("objectGUID")},
|
UIDAttributeParsingOverrides: map[string]func(*ldap.Entry) (string, error){"objectGUID": microsoftUUIDFromBinaryAttr("objectGUID")},
|
||||||
RefreshAttributeChecks: map[string]func(*ldap.Entry, provider.RefreshAttributes) error{
|
RefreshAttributeChecks: map[string]func(*ldap.Entry, provider.RefreshAttributes) error{
|
||||||
@ -696,13 +705,14 @@ func TestActiveDirectoryUpstreamWatcherControllerSync(t *testing.T) {
|
|||||||
UserSearch: upstreamldap.UserSearchConfig{
|
UserSearch: upstreamldap.UserSearchConfig{
|
||||||
Base: testUserSearchBase,
|
Base: testUserSearchBase,
|
||||||
Filter: testUserSearchFilter,
|
Filter: testUserSearchFilter,
|
||||||
UsernameAttribute: testUsernameAttrName,
|
UsernameAttribute: testUserSearchUsernameAttrName,
|
||||||
UIDAttribute: testUIDAttrName,
|
UIDAttribute: testUserSearchUIDAttrName,
|
||||||
},
|
},
|
||||||
GroupSearch: upstreamldap.GroupSearchConfig{
|
GroupSearch: upstreamldap.GroupSearchConfig{
|
||||||
Base: testGroupSearchBase,
|
Base: testGroupSearchBase,
|
||||||
Filter: testGroupSearchFilter,
|
Filter: testGroupSearchFilter,
|
||||||
GroupNameAttribute: testGroupNameAttrName,
|
UserAttributeForFilter: testGroupSearchUserAttributeForFilter,
|
||||||
|
GroupNameAttribute: testGroupSearchNameAttrName,
|
||||||
},
|
},
|
||||||
UIDAttributeParsingOverrides: map[string]func(*ldap.Entry) (string, error){"objectGUID": microsoftUUIDFromBinaryAttr("objectGUID")},
|
UIDAttributeParsingOverrides: map[string]func(*ldap.Entry) (string, error){"objectGUID": microsoftUUIDFromBinaryAttr("objectGUID")},
|
||||||
RefreshAttributeChecks: map[string]func(*ldap.Entry, provider.RefreshAttributes) error{
|
RefreshAttributeChecks: map[string]func(*ldap.Entry, provider.RefreshAttributes) error{
|
||||||
@ -725,7 +735,7 @@ func TestActiveDirectoryUpstreamWatcherControllerSync(t *testing.T) {
|
|||||||
Reason: "Success",
|
Reason: "Success",
|
||||||
Message: fmt.Sprintf(
|
Message: fmt.Sprintf(
|
||||||
`successfully able to connect to "%s" and bind as user "%s" [validated with Secret "%s" at version "%s"]`,
|
`successfully able to connect to "%s" and bind as user "%s" [validated with Secret "%s" at version "%s"]`,
|
||||||
"ldap.example.com", testBindUsername, testSecretName, "4242"),
|
"ldap.example.com", testBindUsername, testBindSecretName, "4242"),
|
||||||
ObservedGeneration: 1234,
|
ObservedGeneration: 1234,
|
||||||
},
|
},
|
||||||
searchBaseFoundInConfigCondition(1234),
|
searchBaseFoundInConfigCondition(1234),
|
||||||
@ -745,7 +755,7 @@ func TestActiveDirectoryUpstreamWatcherControllerSync(t *testing.T) {
|
|||||||
Reason: "Success",
|
Reason: "Success",
|
||||||
Message: fmt.Sprintf(
|
Message: fmt.Sprintf(
|
||||||
`successfully able to connect to "%s" and bind as user "%s" [validated with Secret "%s" at version "%s"]`,
|
`successfully able to connect to "%s" and bind as user "%s" [validated with Secret "%s" at version "%s"]`,
|
||||||
"ldap.example.com", testBindUsername, testSecretName, "4242"),
|
"ldap.example.com", testBindUsername, testBindSecretName, "4242"),
|
||||||
},
|
},
|
||||||
SearchBaseFoundCondition: condPtr(withoutTime(searchBaseFoundInConfigCondition(0))),
|
SearchBaseFoundCondition: condPtr(withoutTime(searchBaseFoundInConfigCondition(0))),
|
||||||
}},
|
}},
|
||||||
@ -775,13 +785,14 @@ func TestActiveDirectoryUpstreamWatcherControllerSync(t *testing.T) {
|
|||||||
UserSearch: upstreamldap.UserSearchConfig{
|
UserSearch: upstreamldap.UserSearchConfig{
|
||||||
Base: testUserSearchBase,
|
Base: testUserSearchBase,
|
||||||
Filter: testUserSearchFilter,
|
Filter: testUserSearchFilter,
|
||||||
UsernameAttribute: testUsernameAttrName,
|
UsernameAttribute: testUserSearchUsernameAttrName,
|
||||||
UIDAttribute: testUIDAttrName,
|
UIDAttribute: testUserSearchUIDAttrName,
|
||||||
},
|
},
|
||||||
GroupSearch: upstreamldap.GroupSearchConfig{
|
GroupSearch: upstreamldap.GroupSearchConfig{
|
||||||
Base: testGroupSearchBase,
|
Base: testGroupSearchBase,
|
||||||
Filter: testGroupSearchFilter,
|
Filter: testGroupSearchFilter,
|
||||||
GroupNameAttribute: testGroupNameAttrName,
|
UserAttributeForFilter: testGroupSearchUserAttributeForFilter,
|
||||||
|
GroupNameAttribute: testGroupSearchNameAttrName,
|
||||||
},
|
},
|
||||||
UIDAttributeParsingOverrides: map[string]func(*ldap.Entry) (string, error){"objectGUID": microsoftUUIDFromBinaryAttr("objectGUID")},
|
UIDAttributeParsingOverrides: map[string]func(*ldap.Entry) (string, error){"objectGUID": microsoftUUIDFromBinaryAttr("objectGUID")},
|
||||||
RefreshAttributeChecks: map[string]func(*ldap.Entry, provider.RefreshAttributes) error{
|
RefreshAttributeChecks: map[string]func(*ldap.Entry, provider.RefreshAttributes) error{
|
||||||
@ -838,13 +849,14 @@ func TestActiveDirectoryUpstreamWatcherControllerSync(t *testing.T) {
|
|||||||
UserSearch: upstreamldap.UserSearchConfig{
|
UserSearch: upstreamldap.UserSearchConfig{
|
||||||
Base: testUserSearchBase,
|
Base: testUserSearchBase,
|
||||||
Filter: testUserSearchFilter,
|
Filter: testUserSearchFilter,
|
||||||
UsernameAttribute: testUsernameAttrName,
|
UsernameAttribute: testUserSearchUsernameAttrName,
|
||||||
UIDAttribute: testUIDAttrName,
|
UIDAttribute: testUserSearchUIDAttrName,
|
||||||
},
|
},
|
||||||
GroupSearch: upstreamldap.GroupSearchConfig{
|
GroupSearch: upstreamldap.GroupSearchConfig{
|
||||||
Base: testGroupSearchBase,
|
Base: testGroupSearchBase,
|
||||||
Filter: testGroupSearchFilter,
|
Filter: testGroupSearchFilter,
|
||||||
GroupNameAttribute: testGroupNameAttrName,
|
UserAttributeForFilter: testGroupSearchUserAttributeForFilter,
|
||||||
|
GroupNameAttribute: testGroupSearchNameAttrName,
|
||||||
},
|
},
|
||||||
UIDAttributeParsingOverrides: map[string]func(*ldap.Entry) (string, error){"objectGUID": microsoftUUIDFromBinaryAttr("objectGUID")},
|
UIDAttributeParsingOverrides: map[string]func(*ldap.Entry) (string, error){"objectGUID": microsoftUUIDFromBinaryAttr("objectGUID")},
|
||||||
RefreshAttributeChecks: map[string]func(*ldap.Entry, provider.RefreshAttributes) error{
|
RefreshAttributeChecks: map[string]func(*ldap.Entry, provider.RefreshAttributes) error{
|
||||||
@ -988,13 +1000,14 @@ func TestActiveDirectoryUpstreamWatcherControllerSync(t *testing.T) {
|
|||||||
UserSearch: upstreamldap.UserSearchConfig{
|
UserSearch: upstreamldap.UserSearchConfig{
|
||||||
Base: exampleDefaultNamingContext,
|
Base: exampleDefaultNamingContext,
|
||||||
Filter: testUserSearchFilter,
|
Filter: testUserSearchFilter,
|
||||||
UsernameAttribute: testUsernameAttrName,
|
UsernameAttribute: testUserSearchUsernameAttrName,
|
||||||
UIDAttribute: testUIDAttrName,
|
UIDAttribute: testUserSearchUIDAttrName,
|
||||||
},
|
},
|
||||||
GroupSearch: upstreamldap.GroupSearchConfig{
|
GroupSearch: upstreamldap.GroupSearchConfig{
|
||||||
Base: testGroupSearchBase,
|
Base: testGroupSearchBase,
|
||||||
Filter: testGroupSearchFilter,
|
Filter: testGroupSearchFilter,
|
||||||
GroupNameAttribute: testGroupNameAttrName,
|
UserAttributeForFilter: testGroupSearchUserAttributeForFilter,
|
||||||
|
GroupNameAttribute: testGroupSearchNameAttrName,
|
||||||
},
|
},
|
||||||
UIDAttributeParsingOverrides: map[string]func(*ldap.Entry) (string, error){"objectGUID": microsoftUUIDFromBinaryAttr("objectGUID")},
|
UIDAttributeParsingOverrides: map[string]func(*ldap.Entry) (string, error){"objectGUID": microsoftUUIDFromBinaryAttr("objectGUID")},
|
||||||
RefreshAttributeChecks: map[string]func(*ldap.Entry, provider.RefreshAttributes) error{
|
RefreshAttributeChecks: map[string]func(*ldap.Entry, provider.RefreshAttributes) error{
|
||||||
@ -1137,13 +1150,14 @@ func TestActiveDirectoryUpstreamWatcherControllerSync(t *testing.T) {
|
|||||||
UserSearch: upstreamldap.UserSearchConfig{
|
UserSearch: upstreamldap.UserSearchConfig{
|
||||||
Base: exampleDefaultNamingContext,
|
Base: exampleDefaultNamingContext,
|
||||||
Filter: testUserSearchFilter,
|
Filter: testUserSearchFilter,
|
||||||
UsernameAttribute: testUsernameAttrName,
|
UsernameAttribute: testUserSearchUsernameAttrName,
|
||||||
UIDAttribute: testUIDAttrName,
|
UIDAttribute: testUserSearchUIDAttrName,
|
||||||
},
|
},
|
||||||
GroupSearch: upstreamldap.GroupSearchConfig{
|
GroupSearch: upstreamldap.GroupSearchConfig{
|
||||||
Base: testGroupSearchBase,
|
Base: testGroupSearchBase,
|
||||||
Filter: testGroupSearchFilter,
|
Filter: testGroupSearchFilter,
|
||||||
GroupNameAttribute: testGroupNameAttrName,
|
UserAttributeForFilter: testGroupSearchUserAttributeForFilter,
|
||||||
|
GroupNameAttribute: testGroupSearchNameAttrName,
|
||||||
},
|
},
|
||||||
UIDAttributeParsingOverrides: map[string]func(*ldap.Entry) (string, error){"objectGUID": microsoftUUIDFromBinaryAttr("objectGUID")},
|
UIDAttributeParsingOverrides: map[string]func(*ldap.Entry) (string, error){"objectGUID": microsoftUUIDFromBinaryAttr("objectGUID")},
|
||||||
RefreshAttributeChecks: map[string]func(*ldap.Entry, provider.RefreshAttributes) error{
|
RefreshAttributeChecks: map[string]func(*ldap.Entry, provider.RefreshAttributes) error{
|
||||||
@ -1208,13 +1222,14 @@ func TestActiveDirectoryUpstreamWatcherControllerSync(t *testing.T) {
|
|||||||
UserSearch: upstreamldap.UserSearchConfig{
|
UserSearch: upstreamldap.UserSearchConfig{
|
||||||
Base: exampleDefaultNamingContext,
|
Base: exampleDefaultNamingContext,
|
||||||
Filter: testUserSearchFilter,
|
Filter: testUserSearchFilter,
|
||||||
UsernameAttribute: testUsernameAttrName,
|
UsernameAttribute: testUserSearchUsernameAttrName,
|
||||||
UIDAttribute: testUIDAttrName,
|
UIDAttribute: testUserSearchUIDAttrName,
|
||||||
},
|
},
|
||||||
GroupSearch: upstreamldap.GroupSearchConfig{
|
GroupSearch: upstreamldap.GroupSearchConfig{
|
||||||
Base: testGroupSearchBase,
|
Base: testGroupSearchBase,
|
||||||
Filter: testGroupSearchFilter,
|
Filter: testGroupSearchFilter,
|
||||||
GroupNameAttribute: testGroupNameAttrName,
|
UserAttributeForFilter: testGroupSearchUserAttributeForFilter,
|
||||||
|
GroupNameAttribute: testGroupSearchNameAttrName,
|
||||||
},
|
},
|
||||||
UIDAttributeParsingOverrides: map[string]func(*ldap.Entry) (string, error){"objectGUID": microsoftUUIDFromBinaryAttr("objectGUID")},
|
UIDAttributeParsingOverrides: map[string]func(*ldap.Entry) (string, error){"objectGUID": microsoftUUIDFromBinaryAttr("objectGUID")},
|
||||||
RefreshAttributeChecks: map[string]func(*ldap.Entry, provider.RefreshAttributes) error{
|
RefreshAttributeChecks: map[string]func(*ldap.Entry, provider.RefreshAttributes) error{
|
||||||
@ -1477,9 +1492,10 @@ func TestActiveDirectoryUpstreamWatcherControllerSync(t *testing.T) {
|
|||||||
UIDAttribute: "objectGUID",
|
UIDAttribute: "objectGUID",
|
||||||
},
|
},
|
||||||
GroupSearch: upstreamldap.GroupSearchConfig{
|
GroupSearch: upstreamldap.GroupSearchConfig{
|
||||||
Base: testGroupSearchBase,
|
Base: testGroupSearchBase,
|
||||||
Filter: "(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={}))",
|
Filter: "(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={}))",
|
||||||
GroupNameAttribute: "sAMAccountName",
|
UserAttributeForFilter: testGroupSearchUserAttributeForFilter,
|
||||||
|
GroupNameAttribute: "sAMAccountName",
|
||||||
},
|
},
|
||||||
UIDAttributeParsingOverrides: map[string]func(*ldap.Entry) (string, error){"objectGUID": microsoftUUIDFromBinaryAttr("objectGUID")},
|
UIDAttributeParsingOverrides: map[string]func(*ldap.Entry) (string, error){"objectGUID": microsoftUUIDFromBinaryAttr("objectGUID")},
|
||||||
GroupAttributeParsingOverrides: map[string]func(*ldap.Entry) (string, error){"sAMAccountName": groupSAMAccountNameWithDomainSuffix},
|
GroupAttributeParsingOverrides: map[string]func(*ldap.Entry) (string, error){"sAMAccountName": groupSAMAccountNameWithDomainSuffix},
|
||||||
@ -1537,9 +1553,10 @@ func TestActiveDirectoryUpstreamWatcherControllerSync(t *testing.T) {
|
|||||||
UIDAttribute: "objectGUID",
|
UIDAttribute: "objectGUID",
|
||||||
},
|
},
|
||||||
GroupSearch: upstreamldap.GroupSearchConfig{
|
GroupSearch: upstreamldap.GroupSearchConfig{
|
||||||
Base: exampleDefaultNamingContext,
|
Base: exampleDefaultNamingContext,
|
||||||
Filter: testGroupSearchFilter,
|
Filter: testGroupSearchFilter,
|
||||||
GroupNameAttribute: testGroupNameAttrName,
|
UserAttributeForFilter: testGroupSearchUserAttributeForFilter,
|
||||||
|
GroupNameAttribute: testGroupSearchNameAttrName,
|
||||||
},
|
},
|
||||||
UIDAttributeParsingOverrides: map[string]func(*ldap.Entry) (string, error){"objectGUID": microsoftUUIDFromBinaryAttr("objectGUID")},
|
UIDAttributeParsingOverrides: map[string]func(*ldap.Entry) (string, error){"objectGUID": microsoftUUIDFromBinaryAttr("objectGUID")},
|
||||||
RefreshAttributeChecks: map[string]func(*ldap.Entry, provider.RefreshAttributes) error{
|
RefreshAttributeChecks: map[string]func(*ldap.Entry, provider.RefreshAttributes) error{
|
||||||
@ -1600,9 +1617,10 @@ func TestActiveDirectoryUpstreamWatcherControllerSync(t *testing.T) {
|
|||||||
UIDAttribute: "objectGUID",
|
UIDAttribute: "objectGUID",
|
||||||
},
|
},
|
||||||
GroupSearch: upstreamldap.GroupSearchConfig{
|
GroupSearch: upstreamldap.GroupSearchConfig{
|
||||||
Base: testGroupSearchBase,
|
Base: testGroupSearchBase,
|
||||||
Filter: testGroupSearchFilter,
|
Filter: testGroupSearchFilter,
|
||||||
GroupNameAttribute: testGroupNameAttrName,
|
UserAttributeForFilter: testGroupSearchUserAttributeForFilter,
|
||||||
|
GroupNameAttribute: testGroupSearchNameAttrName,
|
||||||
},
|
},
|
||||||
UIDAttributeParsingOverrides: map[string]func(*ldap.Entry) (string, error){"objectGUID": microsoftUUIDFromBinaryAttr("objectGUID")},
|
UIDAttributeParsingOverrides: map[string]func(*ldap.Entry) (string, error){"objectGUID": microsoftUUIDFromBinaryAttr("objectGUID")},
|
||||||
RefreshAttributeChecks: map[string]func(*ldap.Entry, provider.RefreshAttributes) error{
|
RefreshAttributeChecks: map[string]func(*ldap.Entry, provider.RefreshAttributes) error{
|
||||||
@ -1663,9 +1681,10 @@ func TestActiveDirectoryUpstreamWatcherControllerSync(t *testing.T) {
|
|||||||
UIDAttribute: "objectGUID",
|
UIDAttribute: "objectGUID",
|
||||||
},
|
},
|
||||||
GroupSearch: upstreamldap.GroupSearchConfig{
|
GroupSearch: upstreamldap.GroupSearchConfig{
|
||||||
Base: exampleDefaultNamingContext,
|
Base: exampleDefaultNamingContext,
|
||||||
Filter: testGroupSearchFilter,
|
Filter: testGroupSearchFilter,
|
||||||
GroupNameAttribute: testGroupNameAttrName,
|
UserAttributeForFilter: testGroupSearchUserAttributeForFilter,
|
||||||
|
GroupNameAttribute: testGroupSearchNameAttrName,
|
||||||
},
|
},
|
||||||
UIDAttributeParsingOverrides: map[string]func(*ldap.Entry) (string, error){"objectGUID": microsoftUUIDFromBinaryAttr("objectGUID")},
|
UIDAttributeParsingOverrides: map[string]func(*ldap.Entry) (string, error){"objectGUID": microsoftUUIDFromBinaryAttr("objectGUID")},
|
||||||
RefreshAttributeChecks: map[string]func(*ldap.Entry, provider.RefreshAttributes) error{
|
RefreshAttributeChecks: map[string]func(*ldap.Entry, provider.RefreshAttributes) error{
|
||||||
@ -1874,9 +1893,10 @@ func TestActiveDirectoryUpstreamWatcherControllerSync(t *testing.T) {
|
|||||||
UIDAttribute: "objectGUID",
|
UIDAttribute: "objectGUID",
|
||||||
},
|
},
|
||||||
GroupSearch: upstreamldap.GroupSearchConfig{
|
GroupSearch: upstreamldap.GroupSearchConfig{
|
||||||
Base: exampleDefaultNamingContext,
|
Base: exampleDefaultNamingContext,
|
||||||
Filter: testGroupSearchFilter,
|
Filter: testGroupSearchFilter,
|
||||||
GroupNameAttribute: testGroupNameAttrName,
|
UserAttributeForFilter: testGroupSearchUserAttributeForFilter,
|
||||||
|
GroupNameAttribute: testGroupSearchNameAttrName,
|
||||||
},
|
},
|
||||||
UIDAttributeParsingOverrides: map[string]func(*ldap.Entry) (string, error){"objectGUID": microsoftUUIDFromBinaryAttr("objectGUID")},
|
UIDAttributeParsingOverrides: map[string]func(*ldap.Entry) (string, error){"objectGUID": microsoftUUIDFromBinaryAttr("objectGUID")},
|
||||||
RefreshAttributeChecks: map[string]func(*ldap.Entry, provider.RefreshAttributes) error{
|
RefreshAttributeChecks: map[string]func(*ldap.Entry, provider.RefreshAttributes) error{
|
||||||
@ -1931,14 +1951,15 @@ func TestActiveDirectoryUpstreamWatcherControllerSync(t *testing.T) {
|
|||||||
UserSearch: upstreamldap.UserSearchConfig{
|
UserSearch: upstreamldap.UserSearchConfig{
|
||||||
Base: testUserSearchBase,
|
Base: testUserSearchBase,
|
||||||
Filter: testUserSearchFilter,
|
Filter: testUserSearchFilter,
|
||||||
UsernameAttribute: testUsernameAttrName,
|
UsernameAttribute: testUserSearchUsernameAttrName,
|
||||||
UIDAttribute: testUIDAttrName,
|
UIDAttribute: testUserSearchUIDAttrName,
|
||||||
},
|
},
|
||||||
GroupSearch: upstreamldap.GroupSearchConfig{
|
GroupSearch: upstreamldap.GroupSearchConfig{
|
||||||
Base: testGroupSearchBase,
|
Base: testGroupSearchBase,
|
||||||
Filter: testGroupSearchFilter,
|
Filter: testGroupSearchFilter,
|
||||||
GroupNameAttribute: testGroupNameAttrName,
|
UserAttributeForFilter: testGroupSearchUserAttributeForFilter,
|
||||||
SkipGroupRefresh: true,
|
GroupNameAttribute: testGroupSearchNameAttrName,
|
||||||
|
SkipGroupRefresh: true,
|
||||||
},
|
},
|
||||||
UIDAttributeParsingOverrides: map[string]func(*ldap.Entry) (string, error){"objectGUID": microsoftUUIDFromBinaryAttr("objectGUID")},
|
UIDAttributeParsingOverrides: map[string]func(*ldap.Entry) (string, error){"objectGUID": microsoftUUIDFromBinaryAttr("objectGUID")},
|
||||||
RefreshAttributeChecks: map[string]func(*ldap.Entry, provider.RefreshAttributes) error{
|
RefreshAttributeChecks: map[string]func(*ldap.Entry, provider.RefreshAttributes) error{
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user