forked from mystiq/dex
chore: warning about deprecated LDAP groupSearch fields
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
This commit is contained in:
parent
4a874cce89
commit
13a83d9bba
1 changed files with 7 additions and 3 deletions
|
@ -187,11 +187,12 @@ func parseScope(s string) (int, bool) {
|
||||||
// Function exists here to allow backward compatibility between old and new
|
// Function exists here to allow backward compatibility between old and new
|
||||||
// group to user matching implementations.
|
// group to user matching implementations.
|
||||||
// See "Config.GroupSearch.UserMatchers" comments for the details
|
// See "Config.GroupSearch.UserMatchers" comments for the details
|
||||||
func (c *ldapConnector) userMatchers() []UserMatcher {
|
func userMatchers(c *Config, logger log.Logger) []UserMatcher {
|
||||||
if len(c.GroupSearch.UserMatchers) > 0 && c.GroupSearch.UserMatchers[0].UserAttr != "" {
|
if len(c.GroupSearch.UserMatchers) > 0 && c.GroupSearch.UserMatchers[0].UserAttr != "" {
|
||||||
return c.GroupSearch.UserMatchers
|
return c.GroupSearch.UserMatchers
|
||||||
}
|
}
|
||||||
|
|
||||||
|
logger.Warn(`ldap: fields groupSearch userAttr/groupAttr are deprecated, use groupSearch.userMatchers instead.`)
|
||||||
return []UserMatcher{
|
return []UserMatcher{
|
||||||
{
|
{
|
||||||
UserAttr: c.GroupSearch.UserAttr,
|
UserAttr: c.GroupSearch.UserAttr,
|
||||||
|
@ -283,6 +284,9 @@ func (c *Config) openConnector(logger log.Logger) (*ldapConnector, error) {
|
||||||
if !ok {
|
if !ok {
|
||||||
return nil, fmt.Errorf("groupSearch.Scope unknown value %q", c.GroupSearch.Scope)
|
return nil, fmt.Errorf("groupSearch.Scope unknown value %q", c.GroupSearch.Scope)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// TODO(nabokihms): remove it after deleting deprecated groupSearch options
|
||||||
|
c.GroupSearch.UserMatchers = userMatchers(c, logger)
|
||||||
return &ldapConnector{*c, userSearchScope, groupSearchScope, tlsConfig, logger}, nil
|
return &ldapConnector{*c, userSearchScope, groupSearchScope, tlsConfig, logger}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -417,7 +421,7 @@ func (c *ldapConnector) userEntry(conn *ldap.Conn, username string) (user ldap.E
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, matcher := range c.userMatchers() {
|
for _, matcher := range c.GroupSearch.UserMatchers {
|
||||||
req.Attributes = append(req.Attributes, matcher.UserAttr)
|
req.Attributes = append(req.Attributes, matcher.UserAttr)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -574,7 +578,7 @@ func (c *ldapConnector) groups(ctx context.Context, user ldap.Entry) ([]string,
|
||||||
}
|
}
|
||||||
|
|
||||||
var groups []*ldap.Entry
|
var groups []*ldap.Entry
|
||||||
for _, matcher := range c.userMatchers() {
|
for _, matcher := range c.GroupSearch.UserMatchers {
|
||||||
for _, attr := range getAttrs(user, matcher.UserAttr) {
|
for _, attr := range getAttrs(user, matcher.UserAttr) {
|
||||||
filter := fmt.Sprintf("(%s=%s)", matcher.GroupAttr, ldap.EscapeFilter(attr))
|
filter := fmt.Sprintf("(%s=%s)", matcher.GroupAttr, ldap.EscapeFilter(attr))
|
||||||
if c.GroupSearch.Filter != "" {
|
if c.GroupSearch.Filter != "" {
|
||||||
|
|
Loading…
Reference in a new issue