From 409f497954e73464620064a632fcd714f7599866 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rn=20Friedrich=20Dreyer?= Date: Fri, 24 Jul 2020 10:39:05 +0200 Subject: [PATCH] handle ownCloudUUID attribute MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jörn Friedrich Dreyer --- changelog/unreleased/handle-ownclouduuid.md | 6 ++++++ pkg/server/glauth/handler.go | 12 +++++++++++- 2 files changed, 17 insertions(+), 1 deletion(-) create mode 100644 changelog/unreleased/handle-ownclouduuid.md diff --git a/changelog/unreleased/handle-ownclouduuid.md b/changelog/unreleased/handle-ownclouduuid.md new file mode 100644 index 0000000000..472871e327 --- /dev/null +++ b/changelog/unreleased/handle-ownclouduuid.md @@ -0,0 +1,6 @@ +Enhancement: handle ownCloudUUID attribute + +Clients can now query an accounts immutable id by using the [new `ownCloudUUID` attribute](https://github.com/butonic/owncloud-ldap-schema/blob/master/owncloud.schema#L28-L34). + + +https://github.com/owncloud/ocis-glauth/pull/27 \ No newline at end of file diff --git a/pkg/server/glauth/handler.go b/pkg/server/glauth/handler.go index 2dbe23b366..dcadb1a289 100644 --- a/pkg/server/glauth/handler.go +++ b/pkg/server/glauth/handler.go @@ -126,6 +126,12 @@ func (h ocisHandler) Search(bindDN string, searchReq ldap.SearchRequest, conn ne var cf *ber.Packet cf, err = ldap.CompileFilter(searchReq.Filter) if err != nil { + h.log.Debug(). + Str("binddn", bindDN). + Str("basedn", h.cfg.Backend.BaseDN). + Str("filter", searchReq.Filter). + Interface("src", conn.RemoteAddr()). + Msg("could not compile filter") return ldap.ServerSearchResult{ ResultCode: ldap.LDAPResultOperationsError, }, fmt.Errorf("Search Error: error parsing filter: %s", searchReq.Filter) @@ -218,6 +224,7 @@ func (h ocisHandler) mapAccounts(accounts []*accounts.Account) []*ldap.Entry { attribute("cn", accounts[i].PreferredName), attribute("uid", accounts[i].PreferredName), attribute("sn", accounts[i].PreferredName), + attribute("ownCloudUUID", accounts[i].Id), // see https://github.com/butonic/owncloud-ldap-schema/blob/master/owncloud.schema#L28-L34 } if accounts[i].DisplayName != "" { attrs = append(attrs, attribute("displayName", accounts[i].DisplayName)) @@ -253,6 +260,7 @@ func (h ocisHandler) mapGroups(groups []*accounts.Group) []*ldap.Entry { attrs := []*ldap.EntryAttribute{ attribute("objectClass", "posixGroup", "groupOfNames", "top"), attribute("cn", groups[i].OnPremisesSamAccountName), + attribute("ownCloudUUID", groups[i].Id), // see https://github.com/butonic/owncloud-ldap-schema/blob/master/owncloud.schema#L28-L34 } if groups[i].DisplayName != "" { attrs = append(attrs, attribute("displayName", groups[i].DisplayName)) @@ -313,6 +321,8 @@ func parseFilter(f *ber.Packet) (qtype queryType, q string, err error) { default: qtype = "" } + case "ownclouduuid": + q = fmt.Sprintf("id eq '%s'", escapeValue(value)) case "cn", "uid": q = fmt.Sprintf("on_premises_sam_account_name eq '%s'", escapeValue(value)) case "mail": @@ -326,7 +336,7 @@ func parseFilter(f *ber.Packet) (qtype queryType, q string, err error) { case "description": q = fmt.Sprintf("description eq '%s'", escapeValue(value)) default: - err = fmt.Errorf("filter by %s not implmented", attribute) + err = fmt.Errorf("filter by %s not implemented", attribute) } return