diff --git a/outpost/pkg/ldap/api.go b/outpost/pkg/ldap/api.go index 77a4da452..7d15bd75f 100644 --- a/outpost/pkg/ldap/api.go +++ b/outpost/pkg/ldap/api.go @@ -39,8 +39,8 @@ func (ls *LDAPServer) Refresh() error { s: ls, log: log.WithField("logger", "authentik.outpost.ldap").WithField("provider", provider.Name), tlsServerName: provider.TlsServerName, - uidStartNumber: *provider.UidStartNumber, - gidStartNumber: *provider.GidStartNumber, + uidStartNumber: *provider.UidStartNumber, + gidStartNumber: *provider.GidStartNumber, } if provider.Certificate.Get() != nil { logger.WithField("provider", provider.Name).Debug("Enabling TLS") @@ -122,21 +122,3 @@ func (ls *LDAPServer) Start() error { wg.Wait() return nil } - -type transport struct { - headers map[string]string - inner http.RoundTripper -} - -func (t *transport) RoundTrip(req *http.Request) (*http.Response, error) { - for key, value := range t.headers { - req.Header.Add(key, value) - } - return t.inner.RoundTrip(req) -} -func newTransport(inner http.RoundTripper, headers map[string]string) *transport { - return &transport{ - inner: inner, - headers: headers, - } -} diff --git a/outpost/pkg/ldap/instance_bind.go b/outpost/pkg/ldap/instance_bind.go index b145d0958..e2ee5e912 100644 --- a/outpost/pkg/ldap/instance_bind.go +++ b/outpost/pkg/ldap/instance_bind.go @@ -56,11 +56,10 @@ func (pi *ProviderInstance) Bind(username string, bindDN, bindPW string, conn ne config.Scheme = pi.s.ac.Client.GetConfig().Scheme config.UserAgent = pkg.UserAgent() config.HTTPClient = &http.Client{ - Jar: jar, - Transport: newTransport(ak.GetTLSTransport(), map[string]string{ - "X-authentik-remote-ip": host, - }), + Jar: jar, + Transport: ak.GetTLSTransport(), } + config.AddDefaultHeader("X-authentik-remote-ip", host) // create the API client, with the transport apiClient := api.NewAPIClient(config) diff --git a/outpost/pkg/ldap/instance_search.go b/outpost/pkg/ldap/instance_search.go index 8b10de5d1..f01f41acd 100644 --- a/outpost/pkg/ldap/instance_search.go +++ b/outpost/pkg/ldap/instance_search.go @@ -108,11 +108,11 @@ func (pi *ProviderInstance) UserEntry(u api.User) *ldap.Entry { }, { Name: "uidNumber", - Values: []string{ pi.GetUidNumber(u) }, + Values: []string{pi.GetUidNumber(u)}, }, { Name: "gidNumber", - Values: []string{ pi.GetUidNumber(u) }, + Values: []string{pi.GetUidNumber(u)}, }, } @@ -144,18 +144,18 @@ func (pi *ProviderInstance) GroupEntry(g LDAPGroup) *ldap.Entry { }, { Name: "gidNumber", - Values: []string{ g.gidNumber }, + Values: []string{g.gidNumber}, }, } - if (g.isVirtualGroup) { + if g.isVirtualGroup { attrs = append(attrs, &ldap.EntryAttribute{ - Name: "objectClass", + Name: "objectClass", Values: []string{GroupObjectClass, "goauthentik.io/ldap/group", "goauthentik.io/ldap/virtual-group"}, }) } else { attrs = append(attrs, &ldap.EntryAttribute{ - Name: "objectClass", + Name: "objectClass", Values: []string{GroupObjectClass, "goauthentik.io/ldap/group"}, }) } @@ -163,7 +163,7 @@ func (pi *ProviderInstance) GroupEntry(g LDAPGroup) *ldap.Entry { attrs = append(attrs, &ldap.EntryAttribute{Name: "member", Values: g.member}) attrs = append(attrs, &ldap.EntryAttribute{Name: "goauthentik.io/ldap/superuser", Values: []string{BoolToString(g.isSuperuser)}}) - if (g.akAttributes != nil) { + if g.akAttributes != nil { attrs = append(attrs, AKAttrsToLDAP(g.akAttributes)...) } diff --git a/outpost/pkg/ldap/ldap.go b/outpost/pkg/ldap/ldap.go index 1fa6ba9f4..0b1f5c078 100644 --- a/outpost/pkg/ldap/ldap.go +++ b/outpost/pkg/ldap/ldap.go @@ -51,14 +51,14 @@ type LDAPServer struct { } type LDAPGroup struct { - dn string - cn string - uid string - gidNumber string - member []string - isSuperuser bool + dn string + cn string + uid string + gidNumber string + member []string + isSuperuser bool isVirtualGroup bool - akAttributes interface{} + akAttributes interface{} } func NewServer(ac *ak.APIController) *LDAPServer { diff --git a/outpost/pkg/ldap/utils.go b/outpost/pkg/ldap/utils.go index d6f4ef403..3686bc281 100644 --- a/outpost/pkg/ldap/utils.go +++ b/outpost/pkg/ldap/utils.go @@ -82,27 +82,27 @@ func (pi *ProviderInstance) UsersForGroup(group api.Group) []string { func (pi *ProviderInstance) APIGroupToLDAPGroup(g api.Group) LDAPGroup { return LDAPGroup{ - dn: pi.GetGroupDN(g.Name), - cn: g.Name, - uid: string(g.Pk), - gidNumber: pi.GetGidNumber(g), - member: pi.UsersForGroup(g), - isVirtualGroup: false, - isSuperuser: *g.IsSuperuser, - akAttributes: g.Attributes, + dn: pi.GetGroupDN(g.Name), + cn: g.Name, + uid: string(g.Pk), + gidNumber: pi.GetGidNumber(g), + member: pi.UsersForGroup(g), + isVirtualGroup: false, + isSuperuser: *g.IsSuperuser, + akAttributes: g.Attributes, } } func (pi *ProviderInstance) APIUserToLDAPGroup(u api.User) LDAPGroup { return LDAPGroup{ - dn: pi.GetGroupDN(u.Username), - cn: u.Username, - uid: u.Uid, - gidNumber: pi.GetUidNumber(u), - member: []string{pi.GetUserDN(u.Username)}, - isVirtualGroup: true, - isSuperuser: false, - akAttributes: nil, + dn: pi.GetGroupDN(u.Username), + cn: u.Username, + uid: u.Uid, + gidNumber: pi.GetUidNumber(u), + member: []string{pi.GetUserDN(u.Username)}, + isVirtualGroup: true, + isSuperuser: false, + akAttributes: nil, } } @@ -115,11 +115,11 @@ func (pi *ProviderInstance) GetGroupDN(group string) string { } func (pi *ProviderInstance) GetUidNumber(user api.User) string { - return strconv.FormatInt(int64(pi.uidStartNumber + user.Pk), 10) + return strconv.FormatInt(int64(pi.uidStartNumber+user.Pk), 10) } func (pi *ProviderInstance) GetGidNumber(group api.Group) string { - return strconv.FormatInt(int64(pi.gidStartNumber + pi.GetRIDForGroup(group.Pk)), 10) + return strconv.FormatInt(int64(pi.gidStartNumber+pi.GetRIDForGroup(group.Pk)), 10) } func (pi *ProviderInstance) GetRIDForGroup(uid string) int32 {