Astra linux domain support

Added support ALD
This commit is contained in:
fsight 2022-04-18 23:38:32 +05:00
parent 31f11627e1
commit 4a16f02414
3 changed files with 23 additions and 10 deletions

View File

@ -25,6 +25,8 @@ ldap_users:
name_attribute: sAMAccountName
# lowercase name for use as PG role name
lowercase_name: true
# uppercase name for use as PG role name
uppercase_name: false
# Add lowercase name *and* original name for use as PG role names (useful for migrating between case types)
bothcase_name: false
@ -36,8 +38,13 @@ ldap_groups:
name_attribute: cn
# lowercase name for use as PG role name
lowercase_name: false
# uppercase name for use as PG role name
uppercase_name: false
# this attribute must reference to all member DN's of the given group
member_attribute: member
member_attribute: "memberuid"
# True if use Astra Linux Domain
ald_domain: true
# Connection parameters to PostgreSQL server
# see also: http://rubydoc.info/gems/pg/PG/Connection#initialize-instance_method

View File

@ -20,10 +20,10 @@ mapping:
"lowercase_name":
type: bool
required: no
"uppercase_name":
"bothcase_name":
type: bool
required: no
"bothcase_name":
"uppercase_name":
type: bool
required: no
@ -43,15 +43,18 @@ mapping:
"lowercase_name":
type: bool
required: no
"uppercase_name":
"bothcase_name":
type: bool
required: no
"bothcase_name":
"uppercase_name":
type: bool
required: no
"member_attribute":
type: str
required: yes
"ald_domain":
type: bool
required: no
"pg_connection":
type: any

View File

@ -61,7 +61,6 @@ class Application
log.warn "user attribute #{ldap_user_conf[:name_attribute].inspect} not defined for #{entry.dn}"
next
end
log.info "found user-dn: #{entry.dn}"
names = if ldap_user_conf[:bothcase_name]
@ -99,7 +98,6 @@ class Application
log.warn "user attribute #{ldap_group_conf[:name_attribute].inspect} not defined for #{entry.dn}"
next
end
log.info "found group-dn: #{entry.dn}"
names = if ldap_group_conf[:bothcase_name]
@ -256,8 +254,13 @@ class Application
MatchedMembership = Struct.new :role_name, :has_member, :state
def match_memberships(ldap_roles, pg_roles)
ldap_group_conf = @config[:ldap_groups]
hash_of_arrays = Hash.new { |h, k| h[k] = [] }
if ldap_group_conf[:ald_domain]
ldap_by_dn = ldap_roles.inject(hash_of_arrays){|h,r| h[r.name] << r; h }
else
ldap_by_dn = ldap_roles.inject(hash_of_arrays){|h,r| h[r.dn] << r; h }
end
ldap_by_m2m = ldap_roles.inject([]) do |a,r|
next a unless r.member_dns
a + r.member_dns.flat_map do |dn|