starred/pocket-id-pocket-id-1
1
0
Fork 0
mirror of https://github.com/pocket-id/pocket-id.git synced 2025-12-16 10:13:01 +03:00
Code Issues 122 Packages Projects Releases 10 Wiki Activity

feat: add custom ldap search filters (#216)

Browse Source
This commit is contained in:
Kyle Mendell
2025-02-08 11:16:57 -06:00
committed by GitHub
parent 0751540d7d
commit 626f87d592
7 changed files with 38 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
backend/internal/dto/app_config_dto.go
View File

@@ -28,6 +28,8 @@ type AppConfigUpdateDto struct {
LdapBindDn string `json:"ldapBindDn"` LdapBindDn string `json:"ldapBindDn"`
LdapBindPassword string `json:"ldapBindPassword"` LdapBindPassword string `json:"ldapBindPassword"`
LdapBase string `json:"ldapBase"` LdapBase string `json:"ldapBase"`
LdapUserSearchFilter string `json:"ldapUserSearchFilter"`
LdapUserGroupSearchFilter string `json:"ldapUserGroupSearchFilter"`
LdapSkipCertVerify string `json:"ldapSkipCertVerify"` LdapSkipCertVerify string `json:"ldapSkipCertVerify"`
LdapAttributeUserUniqueIdentifier string `json:"ldapAttributeUserUniqueIdentifier"` LdapAttributeUserUniqueIdentifier string `json:"ldapAttributeUserUniqueIdentifier"`
LdapAttributeUserUsername string `json:"ldapAttributeUserUsername"` LdapAttributeUserUsername string `json:"ldapAttributeUserUsername"`

2
backend/internal/model/app_config.go
View File

@@ -35,6 +35,8 @@ type AppConfig struct {
LdapBindDn AppConfigVariable LdapBindDn AppConfigVariable
LdapBindPassword AppConfigVariable LdapBindPassword AppConfigVariable
LdapBase AppConfigVariable LdapBase AppConfigVariable
LdapUserSearchFilter AppConfigVariable
LdapUserGroupSearchFilter AppConfigVariable
LdapSkipCertVerify AppConfigVariable LdapSkipCertVerify AppConfigVariable
LdapAttributeUserUniqueIdentifier AppConfigVariable LdapAttributeUserUniqueIdentifier AppConfigVariable
LdapAttributeUserUsername AppConfigVariable LdapAttributeUserUsername AppConfigVariable

10
backend/internal/service/app_config_service.go
View File

@@ -138,6 +138,16 @@ var defaultDbConfig = model.AppConfig{
Key: "ldapBase", Key: "ldapBase",
Type: "string", Type: "string",
}, },
LdapUserSearchFilter: model.AppConfigVariable{
Key: "ldapUserSearchFilter",
Type: "string",
DefaultValue: "(objectClass=person)",
},
LdapUserGroupSearchFilter: model.AppConfigVariable{
Key: "ldapUserGroupSearchFilter",
Type: "string",
DefaultValue: "(objectClass=groupOfNames)",
},
LdapSkipCertVerify: model.AppConfigVariable{ LdapSkipCertVerify: model.AppConfigVariable{
Key: "ldapSkipCertVerify", Key: "ldapSkipCertVerify",
Type: "bool", Type: "bool",

5
backend/internal/service/ldap_service.go
View File

@@ -70,7 +70,7 @@ func (s *LdapService) SyncGroups() error {
baseDN := s.appConfigService.DbConfig.LdapBase.Value baseDN := s.appConfigService.DbConfig.LdapBase.Value
nameAttribute := s.appConfigService.DbConfig.LdapAttributeGroupName.Value nameAttribute := s.appConfigService.DbConfig.LdapAttributeGroupName.Value
uniqueIdentifierAttribute := s.appConfigService.DbConfig.LdapAttributeGroupUniqueIdentifier.Value uniqueIdentifierAttribute := s.appConfigService.DbConfig.LdapAttributeGroupUniqueIdentifier.Value
filter := "(objectClass=groupOfUniqueNames)" filter := s.appConfigService.DbConfig.LdapUserGroupSearchFilter.Value
searchAttrs := []string{ searchAttrs := []string{
nameAttribute, nameAttribute,
@@ -176,8 +176,7 @@ func (s *LdapService) SyncUsers() error {
firstNameAttribute := s.appConfigService.DbConfig.LdapAttributeUserFirstName.Value firstNameAttribute := s.appConfigService.DbConfig.LdapAttributeUserFirstName.Value
lastNameAttribute := s.appConfigService.DbConfig.LdapAttributeUserLastName.Value lastNameAttribute := s.appConfigService.DbConfig.LdapAttributeUserLastName.Value
adminGroupAttribute := s.appConfigService.DbConfig.LdapAttributeAdminGroup.Value adminGroupAttribute := s.appConfigService.DbConfig.LdapAttributeAdminGroup.Value
filter := s.appConfigService.DbConfig.LdapUserSearchFilter.Value
filter := "(objectClass=person)"
searchAttrs := []string{ searchAttrs := []string{
"memberOf", "memberOf",

2
frontend/src/lib/types/application-configuration.ts
View File

@@ -23,6 +23,8 @@ export type AllAppConfig = AppConfig & {
ldapBindDn: string; ldapBindDn: string;
ldapBindPassword: string; ldapBindPassword: string;
ldapBase: string; ldapBase: string;
ldapUserSearchFilter: string;
ldapUserGroupSearchFilter: string;
ldapSkipCertVerify: boolean; ldapSkipCertVerify: boolean;
ldapAttributeUserUniqueIdentifier: string; ldapAttributeUserUniqueIdentifier: string;
ldapAttributeUserUsername: string; ldapAttributeUserUsername: string;

16
frontend/src/routes/settings/admin/application-configuration/forms/app-config-ldap-form.svelte
View File

@@ -28,6 +28,8 @@
ldapBindDn: appConfig.ldapBindDn, ldapBindDn: appConfig.ldapBindDn,
ldapBindPassword: appConfig.ldapBindPassword, ldapBindPassword: appConfig.ldapBindPassword,
ldapBase: appConfig.ldapBase, ldapBase: appConfig.ldapBase,
ldapUserSearchFilter: appConfig.ldapUserSearchFilter,
ldapUserGroupSearchFilter: appConfig.ldapUserGroupSearchFilter,
ldapSkipCertVerify: appConfig.ldapSkipCertVerify, ldapSkipCertVerify: appConfig.ldapSkipCertVerify,
ldapAttributeUserUniqueIdentifier: appConfig.ldapAttributeUserUniqueIdentifier, ldapAttributeUserUniqueIdentifier: appConfig.ldapAttributeUserUniqueIdentifier,
ldapAttributeUserUsername: appConfig.ldapAttributeUserUsername, ldapAttributeUserUsername: appConfig.ldapAttributeUserUsername,
@@ -44,6 +46,8 @@
ldapBindDn: z.string().min(1), ldapBindDn: z.string().min(1),
ldapBindPassword: z.string().min(1), ldapBindPassword: z.string().min(1),
ldapBase: z.string().min(1), ldapBase: z.string().min(1),
ldapUserSearchFilter: z.string().min(1),
ldapUserGroupSearchFilter: z.string().min(1),
ldapSkipCertVerify: z.boolean(), ldapSkipCertVerify: z.boolean(),
ldapAttributeUserUniqueIdentifier: z.string().min(1), ldapAttributeUserUniqueIdentifier: z.string().min(1),
ldapAttributeUserUsername: z.string().min(1), ldapAttributeUserUsername: z.string().min(1),
@@ -102,6 +106,18 @@
/> />
<FormInput label="LDAP Bind Password" type="password" bind:input={$inputs.ldapBindPassword} /> <FormInput label="LDAP Bind Password" type="password" bind:input={$inputs.ldapBindPassword} />
<FormInput label="LDAP Base DN" placeholder="dc=example,dc=com" bind:input={$inputs.ldapBase} /> <FormInput label="LDAP Base DN" placeholder="dc=example,dc=com" bind:input={$inputs.ldapBase} />
<FormInput
label="User Search Filter"
description="The Search filter to use to search/sync users."
placeholder="(objectClass=person)"
bind:input={$inputs.ldapUserSearchFilter}
/>
<FormInput
label="Groups Search Filter"
description="The Search filter to use to search/sync groups."
placeholder="(objectClass=groupOfNames)"
bind:input={$inputs.ldapUserGroupSearchFilter}
/>
<CheckboxWithLabel <CheckboxWithLabel
id="skip-cert-verify" id="skip-cert-verify"
label="Skip Certificate Verification" label="Skip Certificate Verification"

4
frontend/tests/application-configuration.spec.ts
View File

@@ -58,6 +58,8 @@ test('Update LDAP configuration', async ({ page }) => {
await page.getByLabel('LDAP Bind DN').fill('cn=admin,dc=example,dc=com'); await page.getByLabel('LDAP Bind DN').fill('cn=admin,dc=example,dc=com');
await page.getByLabel('LDAP Bind Password').fill('password'); await page.getByLabel('LDAP Bind Password').fill('password');
await page.getByLabel('LDAP Base DN').fill('dc=example,dc=com'); await page.getByLabel('LDAP Base DN').fill('dc=example,dc=com');
await page.getByLabel('User Search Filter').fill('(objectClass=person)');
await page.getByLabel('Groups Search Filter').fill('(objectClass=groupOfUniqueNames)');
await page.getByLabel('User Unique Identifier Attribute').fill('uuid'); await page.getByLabel('User Unique Identifier Attribute').fill('uuid');
await page.getByLabel('Username Attribute').fill('uid'); await page.getByLabel('Username Attribute').fill('uid');
await page.getByLabel('User Mail Attribute').fill('mail'); await page.getByLabel('User Mail Attribute').fill('mail');
@@ -78,6 +80,8 @@ test('Update LDAP configuration', async ({ page }) => {
await expect(page.getByLabel('LDAP Bind DN')).toHaveValue('cn=admin,dc=example,dc=com'); await expect(page.getByLabel('LDAP Bind DN')).toHaveValue('cn=admin,dc=example,dc=com');
await expect(page.getByLabel('LDAP Bind Password')).toHaveValue('password'); await expect(page.getByLabel('LDAP Bind Password')).toHaveValue('password');
await expect(page.getByLabel('LDAP Base DN')).toHaveValue('dc=example,dc=com'); await expect(page.getByLabel('LDAP Base DN')).toHaveValue('dc=example,dc=com');
await page.getByLabel('User Search Filter').fill('(objectClass=person)');
await page.getByLabel('Groups Search Filter').fill('(objectClass=groupOfUniqueNames)');
await expect(page.getByLabel('User Unique Identifier Attribute')).toHaveValue('uuid'); await expect(page.getByLabel('User Unique Identifier Attribute')).toHaveValue('uuid');
await expect(page.getByLabel('Username Attribute')).toHaveValue('uid'); await expect(page.getByLabel('Username Attribute')).toHaveValue('uid');
await expect(page.getByLabel('User Mail Attribute')).toHaveValue('mail'); await expect(page.getByLabel('User Mail Attribute')).toHaveValue('mail');