initial skel for external tenant id

Signed-off-by: Christian Richter <c.richter@opencloud.eu>
2026-02-15 08:41:16 -05:00 · 2026-01-26 16:36:40 +01:00
parent 13ae67b02c
commit 5877bfa8a2
4 changed files with 8 additions and 4 deletions
--- a/devtools/deployments/shared/config/ldap/schemas/20_opencloud_education_schema.ldif
+++ b/devtools/deployments/shared/config/ldap/schemas/20_opencloud_education_schema.ldif
@@ -42,4 +42,4 @@ olcObjectClasses: ( openCloudOid:1.2.5 NAME 'openCloudEducationSchool'
  DESC 'OpenCloud education school objectclass'
  SUP openCloudObject
  AUXILIARY
-  MAY ( openCloudEducationSchoolNumber $ openCloudEducationSchoolTerminationTimestamp ) )
+  MAY ( openCloudEducationSchoolNumber $ openCloudEducationSchoolTerminationTimestamp $ openCloudEducationExternalId) )
--- a/services/graph/pkg/identity/ldap.go
+++ b/services/graph/pkg/identity/ldap.go
@@ -80,6 +80,7 @@ type LDAP struct {
 type userAttributeMap struct {
 	displayName    string
 	id             string
+	externalId     string
 	mail           string
 	userName       string
 	givenName      string
--- a/services/graph/pkg/identity/ldap_education_class.go
+++ b/services/graph/pkg/identity/ldap_education_class.go
@@ -7,8 +7,8 @@ import (

 	"github.com/go-ldap/ldap/v3"
 	"github.com/libregraph/idm/pkg/ldapdn"
-	"github.com/opencloud-eu/opencloud/services/graph/pkg/errorcode"
 	libregraph "github.com/opencloud-eu/libre-graph-api-go"
+	"github.com/opencloud-eu/opencloud/services/graph/pkg/errorcode"
 )

 type educationClassAttributeMap struct {
@@ -349,6 +349,7 @@ func (i *LDAP) getEducationClassByID(nameOrID string, requestMembers bool) (*lda
 	return i.getEducationObjectByNameOrID(
 		nameOrID,
 		i.userAttributeMap.id,
+		i.userAttributeMap.externalId,
 		i.educationConfig.classAttributeMap.externalID,
 		i.groupFilter,
 		i.educationConfig.classObjectClass,
--- a/services/graph/pkg/identity/ldap_education_user.go
+++ b/services/graph/pkg/identity/ldap_education_user.go
@@ -318,6 +318,7 @@ func (i *LDAP) getEducationUserAttrTypes() []string {
 	return []string{
 		i.userAttributeMap.displayName,
 		i.userAttributeMap.id,
+		i.userAttributeMap.externalId,
 		i.userAttributeMap.mail,
 		i.userAttributeMap.userName,
 		i.userAttributeMap.surname,
@@ -345,6 +346,7 @@ func (i *LDAP) getEducationUserByNameOrID(nameOrID string) (*ldap.Entry, error)
 		nameOrID,
 		i.userAttributeMap.userName,
 		i.userAttributeMap.id,
+		i.userAttributeMap.externalId,
 		i.userFilter,
 		i.educationConfig.userObjectClass,
 		i.userBaseDN,
@@ -352,9 +354,9 @@ func (i *LDAP) getEducationUserByNameOrID(nameOrID string) (*ldap.Entry, error)
 	)
 }

-func (i *LDAP) getEducationObjectByNameOrID(nameOrID, nameAttribute, idAttribute, objectFilter, objectClass, baseDN string, attributes []string) (*ldap.Entry, error) {
+func (i *LDAP) getEducationObjectByNameOrID(nameOrID, nameAttribute, idAttribute, externalIdAttribute, objectFilter, objectClass, baseDN string, attributes []string) (*ldap.Entry, error) {
 	nameOrID = ldap.EscapeFilter(nameOrID)
-	filter := fmt.Sprintf("(|(%s=%s)(%s=%s))", nameAttribute, nameOrID, idAttribute, nameOrID)
+	filter := fmt.Sprintf("(|(%s=%s)(%s=%s)(%s=%s)", nameAttribute, nameOrID, idAttribute, nameOrID, externalIdAttribute, nameOrID)
 	return i.getEducationObjectByFilter(filter, baseDN, objectFilter, objectClass, attributes)
 }