Merge pull request #6599 from stonezdj/pr6161

Add new parameter ldap_group_membership_attribute (PR#6161)
2025-04-17 21:48:21 +00:00 · 2019-03-07 13:26:26 +08:00 · 2019-03-07 13:26:26 +08:00 · f7745baf30
commit f7745baf30
parent 002094dbbb cf134bc80e
5 changed files with 23 additions and 12 deletions
--- a/src/common/config/metadata/metadatalist.go
+++ b/src/common/config/metadata/metadatalist.go
@ -102,6 +102,7 @@ var (
 		{Name: "ldap_uid", Scope: UserScope, Group: LdapBasicGroup, EnvKey: "LDAP_UID", DefaultValue: "cn", ItemType: &NonEmptyStringType{}, Editable: false},
 		{Name: "ldap_url", Scope: UserScope, Group: LdapBasicGroup, EnvKey: "LDAP_URL", DefaultValue: "", ItemType: &NonEmptyStringType{}, Editable: false},
 		{Name: "ldap_verify_cert", Scope: UserScope, Group: LdapBasicGroup, EnvKey: "LDAP_VERIFY_CERT", DefaultValue: "true", ItemType: &BoolType{}, Editable: false},
+		{Name: common.LDAPGroupMembershipAttribute, Scope: UserScope, Group: LdapBasicGroup, EnvKey: "LDAP_GROUP_MEMBERSHIP_ATTRIBUTE", DefaultValue: "memberof", ItemType: &StringType{}, Editable: true},

 		{Name: "max_job_workers", Scope: SystemScope, Group: BasicGroup, EnvKey: "MAX_JOB_WORKERS", DefaultValue: "10", ItemType: &IntType{}, Editable: false},
 		{Name: "notary_url", Scope: SystemScope, Group: BasicGroup, EnvKey: "NOTARY_URL", DefaultValue: "http://notary-server:4443", ItemType: &StringType{}, Editable: false},
--- a/src/common/const.go
+++ b/src/common/const.go
@ -112,6 +112,7 @@ const (
 	DefaultNotaryEndpoint             = "http://notary-server:4443"
 	LdapGroupType                     = 1
 	LdapGroupAdminDn                  = "ldap_group_admin_dn"
+	LDAPGroupMembershipAttribute      = "ldap_group_membership_attribute"
 	DefaultRegistryControllerEndpoint = "http://registryctl:8080"
 	WithChartMuseum                   = "with_chartmuseum"
 	ChartRepoURL                      = "chart_repository_url"
--- a/src/common/models/ldap.go
+++ b/src/common/models/ldap.go
@ -29,11 +29,12 @@ type LdapConf struct {

 // LdapGroupConf holds information about ldap group
 type LdapGroupConf struct {
-	LdapGroupBaseDN        string `json:"ldap_group_base_dn,omitempty"`
-	LdapGroupFilter        string `json:"ldap_group_filter,omitempty"`
-	LdapGroupNameAttribute string `json:"ldap_group_name_attribute,omitempty"`
-	LdapGroupSearchScope   int    `json:"ldap_group_search_scope"`
-	LdapGroupAdminDN       string `json:"ldap_group_admin_dn,omitempty"`
+	LdapGroupBaseDN              string `json:"ldap_group_base_dn,omitempty"`
+	LdapGroupFilter              string `json:"ldap_group_filter,omitempty"`
+	LdapGroupNameAttribute       string `json:"ldap_group_name_attribute,omitempty"`
+	LdapGroupSearchScope         int    `json:"ldap_group_search_scope"`
+	LdapGroupAdminDN             string `json:"ldap_group_admin_dn,omitempty"`
+	LdapGroupMembershipAttribute string `json:"ldap_group_membership_attribute,omitempty"`
 }

 // LdapUser ...
--- a/src/common/utils/ldap/ldap.go
+++ b/src/common/utils/ldap/ldap.go
@ -212,6 +212,7 @@ func (session *Session) SearchUser(username string) ([]models.LdapUser, error) {
 	for _, ldapEntry := range result.Entries {
 		var u models.LdapUser
 		groupDNList := []string{}
+		groupAttr := strings.ToLower(session.ldapGroupConfig.LdapGroupMembershipAttribute)
 		for _, attr := range ldapEntry.Attributes {
 			// OpenLdap sometimes contain leading space in useranme
 			val := strings.TrimSpace(attr.Values[0])
@ -227,7 +228,7 @@ func (session *Session) SearchUser(username string) ([]models.LdapUser, error) {
 				u.Email = val
 			case "email":
 				u.Email = val
-			case "memberof":
+			case groupAttr:
 				for _, dnItem := range attr.Values {
 					groupDNList = append(groupDNList, strings.TrimSpace(dnItem))
 					log.Debugf("Found memberof %v", dnItem)
@ -281,12 +282,18 @@ func (session *Session) Open() error {

 // SearchLdap to search ldap with the provide filter
 func (session *Session) SearchLdap(filter string) (*goldap.SearchResult, error) {
-	attributes := []string{"uid", "cn", "mail", "email", "memberof"}
+	attributes := []string{"uid", "cn", "mail", "email"}
 	lowerUID := strings.ToLower(session.ldapConfig.LdapUID)

 	if lowerUID != "uid" && lowerUID != "cn" && lowerUID != "mail" && lowerUID != "email" {
 		attributes = append(attributes, session.ldapConfig.LdapUID)
 	}
+
+	// Add the Group membership attribute
+	groupAttr := strings.TrimSpace(session.ldapGroupConfig.LdapGroupMembershipAttribute)
+	log.Debugf("Membership attribute: %s\n", groupAttr)
+	attributes = append(attributes, groupAttr)
+
 	return session.SearchLdapAttribute(session.ldapConfig.LdapBaseDn, filter, attributes)
 }

--- a/src/core/config/config.go
+++ b/src/core/config/config.go
@ -212,11 +212,12 @@ func LDAPGroupConf() (*models.LdapGroupConf, error) {
 		return nil, err
 	}
 	return &models.LdapGroupConf{
-		LdapGroupBaseDN:        cfgMgr.Get(common.LDAPGroupBaseDN).GetString(),
-		LdapGroupFilter:        cfgMgr.Get(common.LDAPGroupSearchFilter).GetString(),
-		LdapGroupNameAttribute: cfgMgr.Get(common.LDAPGroupAttributeName).GetString(),
-		LdapGroupSearchScope:   cfgMgr.Get(common.LDAPGroupSearchScope).GetInt(),
-		LdapGroupAdminDN:       cfgMgr.Get(common.LdapGroupAdminDn).GetString(),
+		LdapGroupBaseDN:              cfgMgr.Get(common.LDAPGroupBaseDN).GetString(),
+		LdapGroupFilter:              cfgMgr.Get(common.LDAPGroupSearchFilter).GetString(),
+		LdapGroupNameAttribute:       cfgMgr.Get(common.LDAPGroupAttributeName).GetString(),
+		LdapGroupSearchScope:         cfgMgr.Get(common.LDAPGroupSearchScope).GetInt(),
+		LdapGroupAdminDN:             cfgMgr.Get(common.LdapGroupAdminDn).GetString(),
+		LdapGroupMembershipAttribute: cfgMgr.Get(common.LDAPGroupMembershipAttribute).GetString(),
 	}, nil
 }