mirror of
https://github.com/zitadel/zitadel.git
synced 2025-08-12 05:07:31 +00:00
feat: ldap provider login (#5448)
Add the logic to configure and use LDAP provider as an external IDP with a dedicated login GUI.
This commit is contained in:
Stefan Benz
@@ -128,15 +128,16 @@ type GoogleIDPTemplate struct {
|
||||
}
|
||||
|
||||
type LDAPIDPTemplate struct {
|
||||
IDPID string
|
||||
Host string
|
||||
Port string
|
||||
TLS bool
|
||||
BaseDN string
|
||||
UserObjectClass string
|
||||
UserUniqueAttribute string
|
||||
Admin string
|
||||
Password *crypto.CryptoValue
|
||||
IDPID string
|
||||
Servers []string
|
||||
StartTLS bool
|
||||
BaseDN string
|
||||
BindDN string
|
||||
BindPassword *crypto.CryptoValue
|
||||
UserBase string
|
||||
UserObjectClasses []string
|
||||
UserFilters []string
|
||||
Timeout time.Duration
|
||||
idp.LDAPAttributes
|
||||
}
|
||||
|
||||
@@ -515,36 +516,40 @@ var (
|
||||
name: projection.LDAPInstanceIDCol,
|
||||
table: ldapIdpTemplateTable,
|
||||
}
|
||||
LDAPHostCol = Column{
|
||||
name: projection.LDAPHostCol,
|
||||
LDAPServersCol = Column{
|
||||
name: projection.LDAPServersCol,
|
||||
table: ldapIdpTemplateTable,
|
||||
}
|
||||
LDAPPortCol = Column{
|
||||
name: projection.LDAPPortCol,
|
||||
table: ldapIdpTemplateTable,
|
||||
}
|
||||
LDAPTlsCol = Column{
|
||||
name: projection.LDAPTlsCol,
|
||||
LDAPStartTLSCol = Column{
|
||||
name: projection.LDAPStartTLSCol,
|
||||
table: ldapIdpTemplateTable,
|
||||
}
|
||||
LDAPBaseDNCol = Column{
|
||||
name: projection.LDAPBaseDNCol,
|
||||
table: ldapIdpTemplateTable,
|
||||
}
|
||||
LDAPUserObjectClassCol = Column{
|
||||
name: projection.LDAPUserObjectClassCol,
|
||||
LDAPBindDNCol = Column{
|
||||
name: projection.LDAPBindDNCol,
|
||||
table: ldapIdpTemplateTable,
|
||||
}
|
||||
LDAPUserUniqueAttributeCol = Column{
|
||||
name: projection.LDAPUserUniqueAttributeCol,
|
||||
LDAPBindPasswordCol = Column{
|
||||
name: projection.LDAPBindPasswordCol,
|
||||
table: ldapIdpTemplateTable,
|
||||
}
|
||||
LDAPAdminCol = Column{
|
||||
name: projection.LDAPAdminCol,
|
||||
LDAPUserBaseCol = Column{
|
||||
name: projection.LDAPUserBaseCol,
|
||||
table: ldapIdpTemplateTable,
|
||||
}
|
||||
LDAPPasswordCol = Column{
|
||||
name: projection.LDAPPasswordCol,
|
||||
LDAPUserObjectClassesCol = Column{
|
||||
name: projection.LDAPUserObjectClassesCol,
|
||||
table: ldapIdpTemplateTable,
|
||||
}
|
||||
LDAPUserFiltersCol = Column{
|
||||
name: projection.LDAPUserFiltersCol,
|
||||
table: ldapIdpTemplateTable,
|
||||
}
|
||||
LDAPTimeoutCol = Column{
|
||||
name: projection.LDAPTimeoutCol,
|
||||
table: ldapIdpTemplateTable,
|
||||
}
|
||||
LDAPIDAttributeCol = Column{
|
||||
@@ -772,14 +777,15 @@ func prepareIDPTemplateByIDQuery(ctx context.Context, db prepareDatabase) (sq.Se
|
||||
GoogleScopesCol.identifier(),
|
||||
// ldap
|
||||
LDAPIDCol.identifier(),
|
||||
LDAPHostCol.identifier(),
|
||||
LDAPPortCol.identifier(),
|
||||
LDAPTlsCol.identifier(),
|
||||
LDAPServersCol.identifier(),
|
||||
LDAPStartTLSCol.identifier(),
|
||||
LDAPBaseDNCol.identifier(),
|
||||
LDAPUserObjectClassCol.identifier(),
|
||||
LDAPUserUniqueAttributeCol.identifier(),
|
||||
LDAPAdminCol.identifier(),
|
||||
LDAPPasswordCol.identifier(),
|
||||
LDAPBindDNCol.identifier(),
|
||||
LDAPBindPasswordCol.identifier(),
|
||||
LDAPUserBaseCol.identifier(),
|
||||
LDAPUserObjectClassesCol.identifier(),
|
||||
LDAPUserFiltersCol.identifier(),
|
||||
LDAPTimeoutCol.identifier(),
|
||||
LDAPIDAttributeCol.identifier(),
|
||||
LDAPFirstNameAttributeCol.identifier(),
|
||||
LDAPLastNameAttributeCol.identifier(),
|
||||
@@ -869,14 +875,15 @@ func prepareIDPTemplateByIDQuery(ctx context.Context, db prepareDatabase) (sq.Se
|
||||
googleScopes := database.StringArray{}
|
||||
|
||||
ldapID := sql.NullString{}
|
||||
ldapHost := sql.NullString{}
|
||||
ldapPort := sql.NullString{}
|
||||
ldapTls := sql.NullBool{}
|
||||
ldapServers := database.StringArray{}
|
||||
ldapStartTls := sql.NullBool{}
|
||||
ldapBaseDN := sql.NullString{}
|
||||
ldapUserObjectClass := sql.NullString{}
|
||||
ldapUserUniqueAttribute := sql.NullString{}
|
||||
ldapAdmin := sql.NullString{}
|
||||
ldapPassword := new(crypto.CryptoValue)
|
||||
ldapBindDN := sql.NullString{}
|
||||
ldapBindPassword := new(crypto.CryptoValue)
|
||||
ldapUserBase := sql.NullString{}
|
||||
ldapUserObjectClasses := database.StringArray{}
|
||||
ldapUserFilters := database.StringArray{}
|
||||
ldapTimeout := sql.NullInt64{}
|
||||
ldapIDAttribute := sql.NullString{}
|
||||
ldapFirstNameAttribute := sql.NullString{}
|
||||
ldapLastNameAttribute := sql.NullString{}
|
||||
@@ -965,14 +972,15 @@ func prepareIDPTemplateByIDQuery(ctx context.Context, db prepareDatabase) (sq.Se
|
||||
&googleScopes,
|
||||
// ldap
|
||||
&ldapID,
|
||||
&ldapHost,
|
||||
&ldapPort,
|
||||
&ldapTls,
|
||||
&ldapServers,
|
||||
&ldapStartTls,
|
||||
&ldapBaseDN,
|
||||
&ldapUserObjectClass,
|
||||
&ldapUserUniqueAttribute,
|
||||
&ldapAdmin,
|
||||
&ldapPassword,
|
||||
&ldapBindDN,
|
||||
&ldapBindPassword,
|
||||
&ldapUserBase,
|
||||
&ldapUserObjectClasses,
|
||||
&ldapUserFilters,
|
||||
&ldapTimeout,
|
||||
&ldapIDAttribute,
|
||||
&ldapFirstNameAttribute,
|
||||
&ldapLastNameAttribute,
|
||||
@@ -1083,15 +1091,16 @@ func prepareIDPTemplateByIDQuery(ctx context.Context, db prepareDatabase) (sq.Se
|
||||
}
|
||||
if ldapID.Valid {
|
||||
idpTemplate.LDAPIDPTemplate = &LDAPIDPTemplate{
|
||||
IDPID: ldapID.String,
|
||||
Host: ldapHost.String,
|
||||
Port: ldapPort.String,
|
||||
TLS: ldapTls.Bool,
|
||||
BaseDN: ldapBaseDN.String,
|
||||
UserObjectClass: ldapUserObjectClass.String,
|
||||
UserUniqueAttribute: ldapUserUniqueAttribute.String,
|
||||
Admin: ldapAdmin.String,
|
||||
Password: ldapPassword,
|
||||
IDPID: ldapID.String,
|
||||
Servers: ldapServers,
|
||||
StartTLS: ldapStartTls.Bool,
|
||||
BaseDN: ldapBaseDN.String,
|
||||
BindDN: ldapBindDN.String,
|
||||
BindPassword: ldapBindPassword,
|
||||
UserBase: ldapUserBase.String,
|
||||
UserObjectClasses: ldapUserObjectClasses,
|
||||
UserFilters: ldapUserFilters,
|
||||
Timeout: time.Duration(ldapTimeout.Int64),
|
||||
LDAPAttributes: idp.LDAPAttributes{
|
||||
IDAttribute: ldapIDAttribute.String,
|
||||
FirstNameAttribute: ldapFirstNameAttribute.String,
|
||||
@@ -1189,14 +1198,15 @@ func prepareIDPTemplatesQuery(ctx context.Context, db prepareDatabase) (sq.Selec
|
||||
GoogleScopesCol.identifier(),
|
||||
// ldap
|
||||
LDAPIDCol.identifier(),
|
||||
LDAPHostCol.identifier(),
|
||||
LDAPPortCol.identifier(),
|
||||
LDAPTlsCol.identifier(),
|
||||
LDAPServersCol.identifier(),
|
||||
LDAPStartTLSCol.identifier(),
|
||||
LDAPBaseDNCol.identifier(),
|
||||
LDAPUserObjectClassCol.identifier(),
|
||||
LDAPUserUniqueAttributeCol.identifier(),
|
||||
LDAPAdminCol.identifier(),
|
||||
LDAPPasswordCol.identifier(),
|
||||
LDAPBindDNCol.identifier(),
|
||||
LDAPBindPasswordCol.identifier(),
|
||||
LDAPUserBaseCol.identifier(),
|
||||
LDAPUserObjectClassesCol.identifier(),
|
||||
LDAPUserFiltersCol.identifier(),
|
||||
LDAPTimeoutCol.identifier(),
|
||||
LDAPIDAttributeCol.identifier(),
|
||||
LDAPFirstNameAttributeCol.identifier(),
|
||||
LDAPLastNameAttributeCol.identifier(),
|
||||
@@ -1290,14 +1300,15 @@ func prepareIDPTemplatesQuery(ctx context.Context, db prepareDatabase) (sq.Selec
|
||||
googleScopes := database.StringArray{}
|
||||
|
||||
ldapID := sql.NullString{}
|
||||
ldapHost := sql.NullString{}
|
||||
ldapPort := sql.NullString{}
|
||||
ldapTls := sql.NullBool{}
|
||||
ldapServers := database.StringArray{}
|
||||
ldapStartTls := sql.NullBool{}
|
||||
ldapBaseDN := sql.NullString{}
|
||||
ldapUserObjectClass := sql.NullString{}
|
||||
ldapUserUniqueAttribute := sql.NullString{}
|
||||
ldapAdmin := sql.NullString{}
|
||||
ldapPassword := new(crypto.CryptoValue)
|
||||
ldapBindDN := sql.NullString{}
|
||||
ldapBindPassword := new(crypto.CryptoValue)
|
||||
ldapUserBase := sql.NullString{}
|
||||
ldapUserObjectClasses := database.StringArray{}
|
||||
ldapUserFilters := database.StringArray{}
|
||||
ldapTimeout := sql.NullInt64{}
|
||||
ldapIDAttribute := sql.NullString{}
|
||||
ldapFirstNameAttribute := sql.NullString{}
|
||||
ldapLastNameAttribute := sql.NullString{}
|
||||
@@ -1386,14 +1397,15 @@ func prepareIDPTemplatesQuery(ctx context.Context, db prepareDatabase) (sq.Selec
|
||||
&googleScopes,
|
||||
// ldap
|
||||
&ldapID,
|
||||
&ldapHost,
|
||||
&ldapPort,
|
||||
&ldapTls,
|
||||
&ldapServers,
|
||||
&ldapStartTls,
|
||||
&ldapBaseDN,
|
||||
&ldapUserObjectClass,
|
||||
&ldapUserUniqueAttribute,
|
||||
&ldapAdmin,
|
||||
&ldapPassword,
|
||||
&ldapBindDN,
|
||||
&ldapBindPassword,
|
||||
&ldapUserBase,
|
||||
&ldapUserObjectClasses,
|
||||
&ldapUserFilters,
|
||||
&ldapTimeout,
|
||||
&ldapIDAttribute,
|
||||
&ldapFirstNameAttribute,
|
||||
&ldapLastNameAttribute,
|
||||
@@ -1503,15 +1515,16 @@ func prepareIDPTemplatesQuery(ctx context.Context, db prepareDatabase) (sq.Selec
|
||||
}
|
||||
if ldapID.Valid {
|
||||
idpTemplate.LDAPIDPTemplate = &LDAPIDPTemplate{
|
||||
IDPID: ldapID.String,
|
||||
Host: ldapHost.String,
|
||||
Port: ldapPort.String,
|
||||
TLS: ldapTls.Bool,
|
||||
BaseDN: ldapBaseDN.String,
|
||||
UserObjectClass: ldapUserObjectClass.String,
|
||||
UserUniqueAttribute: ldapUserUniqueAttribute.String,
|
||||
Admin: ldapAdmin.String,
|
||||
Password: ldapPassword,
|
||||
IDPID: ldapID.String,
|
||||
Servers: ldapServers,
|
||||
StartTLS: ldapStartTls.Bool,
|
||||
BaseDN: ldapBaseDN.String,
|
||||
BindDN: ldapBindDN.String,
|
||||
BindPassword: ldapBindPassword,
|
||||
UserBase: ldapUserBase.String,
|
||||
UserObjectClasses: ldapUserObjectClasses,
|
||||
UserFilters: ldapUserFilters,
|
||||
Timeout: time.Duration(ldapTimeout.Int64),
|
||||
LDAPAttributes: idp.LDAPAttributes{
|
||||
IDAttribute: ldapIDAttribute.String,
|
||||
FirstNameAttribute: ldapFirstNameAttribute.String,
|
||||
|
||||
@@ -7,6 +7,7 @@ import (
|
||||
"fmt"
|
||||
"regexp"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/zitadel/zitadel/internal/database"
|
||||
"github.com/zitadel/zitadel/internal/domain"
|
||||
@@ -87,28 +88,29 @@ var (
|
||||
` projections.idp_templates4_google.client_secret,` +
|
||||
` projections.idp_templates4_google.scopes,` +
|
||||
// ldap
|
||||
` projections.idp_templates4_ldap.idp_id,` +
|
||||
` projections.idp_templates4_ldap.host,` +
|
||||
` projections.idp_templates4_ldap.port,` +
|
||||
` projections.idp_templates4_ldap.tls,` +
|
||||
` projections.idp_templates4_ldap.base_dn,` +
|
||||
` projections.idp_templates4_ldap.user_object_class,` +
|
||||
` projections.idp_templates4_ldap.user_unique_attribute,` +
|
||||
` projections.idp_templates4_ldap.admin,` +
|
||||
` projections.idp_templates4_ldap.password,` +
|
||||
` projections.idp_templates4_ldap.id_attribute,` +
|
||||
` projections.idp_templates4_ldap.first_name_attribute,` +
|
||||
` projections.idp_templates4_ldap.last_name_attribute,` +
|
||||
` projections.idp_templates4_ldap.display_name_attribute,` +
|
||||
` projections.idp_templates4_ldap.nick_name_attribute,` +
|
||||
` projections.idp_templates4_ldap.preferred_username_attribute,` +
|
||||
` projections.idp_templates4_ldap.email_attribute,` +
|
||||
` projections.idp_templates4_ldap.email_verified,` +
|
||||
` projections.idp_templates4_ldap.phone_attribute,` +
|
||||
` projections.idp_templates4_ldap.phone_verified_attribute,` +
|
||||
` projections.idp_templates4_ldap.preferred_language_attribute,` +
|
||||
` projections.idp_templates4_ldap.avatar_url_attribute,` +
|
||||
` projections.idp_templates4_ldap.profile_attribute` +
|
||||
` projections.idp_templates4_ldap2.idp_id,` +
|
||||
` projections.idp_templates4_ldap2.servers,` +
|
||||
` projections.idp_templates4_ldap2.start_tls,` +
|
||||
` projections.idp_templates4_ldap2.base_dn,` +
|
||||
` projections.idp_templates4_ldap2.bind_dn,` +
|
||||
` projections.idp_templates4_ldap2.bind_password,` +
|
||||
` projections.idp_templates4_ldap2.user_base,` +
|
||||
` projections.idp_templates4_ldap2.user_object_classes,` +
|
||||
` projections.idp_templates4_ldap2.user_filters,` +
|
||||
` projections.idp_templates4_ldap2.timeout,` +
|
||||
` projections.idp_templates4_ldap2.id_attribute,` +
|
||||
` projections.idp_templates4_ldap2.first_name_attribute,` +
|
||||
` projections.idp_templates4_ldap2.last_name_attribute,` +
|
||||
` projections.idp_templates4_ldap2.display_name_attribute,` +
|
||||
` projections.idp_templates4_ldap2.nick_name_attribute,` +
|
||||
` projections.idp_templates4_ldap2.preferred_username_attribute,` +
|
||||
` projections.idp_templates4_ldap2.email_attribute,` +
|
||||
` projections.idp_templates4_ldap2.email_verified,` +
|
||||
` projections.idp_templates4_ldap2.phone_attribute,` +
|
||||
` projections.idp_templates4_ldap2.phone_verified_attribute,` +
|
||||
` projections.idp_templates4_ldap2.preferred_language_attribute,` +
|
||||
` projections.idp_templates4_ldap2.avatar_url_attribute,` +
|
||||
` projections.idp_templates4_ldap2.profile_attribute` +
|
||||
` FROM projections.idp_templates4` +
|
||||
` LEFT JOIN projections.idp_templates4_oauth2 ON projections.idp_templates4.id = projections.idp_templates4_oauth2.idp_id AND projections.idp_templates4.instance_id = projections.idp_templates4_oauth2.instance_id` +
|
||||
` LEFT JOIN projections.idp_templates4_oidc ON projections.idp_templates4.id = projections.idp_templates4_oidc.idp_id AND projections.idp_templates4.instance_id = projections.idp_templates4_oidc.instance_id` +
|
||||
@@ -119,7 +121,7 @@ var (
|
||||
` LEFT JOIN projections.idp_templates4_gitlab ON projections.idp_templates4.id = projections.idp_templates4_gitlab.idp_id AND projections.idp_templates4.instance_id = projections.idp_templates4_gitlab.instance_id` +
|
||||
` LEFT JOIN projections.idp_templates4_gitlab_self_hosted ON projections.idp_templates4.id = projections.idp_templates4_gitlab_self_hosted.idp_id AND projections.idp_templates4.instance_id = projections.idp_templates4_gitlab_self_hosted.instance_id` +
|
||||
` LEFT JOIN projections.idp_templates4_google ON projections.idp_templates4.id = projections.idp_templates4_google.idp_id AND projections.idp_templates4.instance_id = projections.idp_templates4_google.instance_id` +
|
||||
` LEFT JOIN projections.idp_templates4_ldap ON projections.idp_templates4.id = projections.idp_templates4_ldap.idp_id AND projections.idp_templates4.instance_id = projections.idp_templates4_ldap.instance_id` +
|
||||
` LEFT JOIN projections.idp_templates4_ldap2 ON projections.idp_templates4.id = projections.idp_templates4_ldap2.idp_id AND projections.idp_templates4.instance_id = projections.idp_templates4_ldap2.instance_id` +
|
||||
` AS OF SYSTEM TIME '-1 ms'`
|
||||
idpTemplateCols = []string{
|
||||
"id",
|
||||
@@ -195,14 +197,15 @@ var (
|
||||
"scopes",
|
||||
// ldap config
|
||||
"idp_id",
|
||||
"host",
|
||||
"port",
|
||||
"tls",
|
||||
"servers",
|
||||
"start_tls",
|
||||
"base_dn",
|
||||
"user_object_class",
|
||||
"user_unique_attribute",
|
||||
"admin",
|
||||
"password",
|
||||
"bind_dn",
|
||||
"bind_password",
|
||||
"user_base",
|
||||
"user_object_classes",
|
||||
"user_filters",
|
||||
"timeout",
|
||||
"id_attribute",
|
||||
"first_name_attribute",
|
||||
"last_name_attribute",
|
||||
@@ -289,28 +292,29 @@ var (
|
||||
` projections.idp_templates4_google.client_secret,` +
|
||||
` projections.idp_templates4_google.scopes,` +
|
||||
// ldap
|
||||
` projections.idp_templates4_ldap.idp_id,` +
|
||||
` projections.idp_templates4_ldap.host,` +
|
||||
` projections.idp_templates4_ldap.port,` +
|
||||
` projections.idp_templates4_ldap.tls,` +
|
||||
` projections.idp_templates4_ldap.base_dn,` +
|
||||
` projections.idp_templates4_ldap.user_object_class,` +
|
||||
` projections.idp_templates4_ldap.user_unique_attribute,` +
|
||||
` projections.idp_templates4_ldap.admin,` +
|
||||
` projections.idp_templates4_ldap.password,` +
|
||||
` projections.idp_templates4_ldap.id_attribute,` +
|
||||
` projections.idp_templates4_ldap.first_name_attribute,` +
|
||||
` projections.idp_templates4_ldap.last_name_attribute,` +
|
||||
` projections.idp_templates4_ldap.display_name_attribute,` +
|
||||
` projections.idp_templates4_ldap.nick_name_attribute,` +
|
||||
` projections.idp_templates4_ldap.preferred_username_attribute,` +
|
||||
` projections.idp_templates4_ldap.email_attribute,` +
|
||||
` projections.idp_templates4_ldap.email_verified,` +
|
||||
` projections.idp_templates4_ldap.phone_attribute,` +
|
||||
` projections.idp_templates4_ldap.phone_verified_attribute,` +
|
||||
` projections.idp_templates4_ldap.preferred_language_attribute,` +
|
||||
` projections.idp_templates4_ldap.avatar_url_attribute,` +
|
||||
` projections.idp_templates4_ldap.profile_attribute,` +
|
||||
` projections.idp_templates4_ldap2.idp_id,` +
|
||||
` projections.idp_templates4_ldap2.servers,` +
|
||||
` projections.idp_templates4_ldap2.start_tls,` +
|
||||
` projections.idp_templates4_ldap2.base_dn,` +
|
||||
` projections.idp_templates4_ldap2.bind_dn,` +
|
||||
` projections.idp_templates4_ldap2.bind_password,` +
|
||||
` projections.idp_templates4_ldap2.user_base,` +
|
||||
` projections.idp_templates4_ldap2.user_object_classes,` +
|
||||
` projections.idp_templates4_ldap2.user_filters,` +
|
||||
` projections.idp_templates4_ldap2.timeout,` +
|
||||
` projections.idp_templates4_ldap2.id_attribute,` +
|
||||
` projections.idp_templates4_ldap2.first_name_attribute,` +
|
||||
` projections.idp_templates4_ldap2.last_name_attribute,` +
|
||||
` projections.idp_templates4_ldap2.display_name_attribute,` +
|
||||
` projections.idp_templates4_ldap2.nick_name_attribute,` +
|
||||
` projections.idp_templates4_ldap2.preferred_username_attribute,` +
|
||||
` projections.idp_templates4_ldap2.email_attribute,` +
|
||||
` projections.idp_templates4_ldap2.email_verified,` +
|
||||
` projections.idp_templates4_ldap2.phone_attribute,` +
|
||||
` projections.idp_templates4_ldap2.phone_verified_attribute,` +
|
||||
` projections.idp_templates4_ldap2.preferred_language_attribute,` +
|
||||
` projections.idp_templates4_ldap2.avatar_url_attribute,` +
|
||||
` projections.idp_templates4_ldap2.profile_attribute,` +
|
||||
` COUNT(*) OVER ()` +
|
||||
` FROM projections.idp_templates4` +
|
||||
` LEFT JOIN projections.idp_templates4_oauth2 ON projections.idp_templates4.id = projections.idp_templates4_oauth2.idp_id AND projections.idp_templates4.instance_id = projections.idp_templates4_oauth2.instance_id` +
|
||||
@@ -322,7 +326,7 @@ var (
|
||||
` LEFT JOIN projections.idp_templates4_gitlab ON projections.idp_templates4.id = projections.idp_templates4_gitlab.idp_id AND projections.idp_templates4.instance_id = projections.idp_templates4_gitlab.instance_id` +
|
||||
` LEFT JOIN projections.idp_templates4_gitlab_self_hosted ON projections.idp_templates4.id = projections.idp_templates4_gitlab_self_hosted.idp_id AND projections.idp_templates4.instance_id = projections.idp_templates4_gitlab_self_hosted.instance_id` +
|
||||
` LEFT JOIN projections.idp_templates4_google ON projections.idp_templates4.id = projections.idp_templates4_google.idp_id AND projections.idp_templates4.instance_id = projections.idp_templates4_google.instance_id` +
|
||||
` LEFT JOIN projections.idp_templates4_ldap ON projections.idp_templates4.id = projections.idp_templates4_ldap.idp_id AND projections.idp_templates4.instance_id = projections.idp_templates4_ldap.instance_id` +
|
||||
` LEFT JOIN projections.idp_templates4_ldap2 ON projections.idp_templates4.id = projections.idp_templates4_ldap2.idp_id AND projections.idp_templates4.instance_id = projections.idp_templates4_ldap2.instance_id` +
|
||||
` AS OF SYSTEM TIME '-1 ms'`
|
||||
idpTemplatesCols = []string{
|
||||
"id",
|
||||
@@ -398,14 +402,15 @@ var (
|
||||
"scopes",
|
||||
// ldap config
|
||||
"idp_id",
|
||||
"host",
|
||||
"port",
|
||||
"tls",
|
||||
"servers",
|
||||
"start_tls",
|
||||
"base_dn",
|
||||
"user_object_class",
|
||||
"user_unique_attribute",
|
||||
"admin",
|
||||
"password",
|
||||
"bind_dn",
|
||||
"bind_password",
|
||||
"user_base",
|
||||
"user_object_classes",
|
||||
"user_filters",
|
||||
"timeout",
|
||||
"id_attribute",
|
||||
"first_name_attribute",
|
||||
"last_name_attribute",
|
||||
@@ -554,6 +559,7 @@ func Test_IDPTemplateTemplatesPrepares(t *testing.T) {
|
||||
nil,
|
||||
nil,
|
||||
nil,
|
||||
nil,
|
||||
},
|
||||
),
|
||||
},
|
||||
@@ -685,6 +691,7 @@ func Test_IDPTemplateTemplatesPrepares(t *testing.T) {
|
||||
nil,
|
||||
nil,
|
||||
nil,
|
||||
nil,
|
||||
},
|
||||
),
|
||||
},
|
||||
@@ -814,6 +821,7 @@ func Test_IDPTemplateTemplatesPrepares(t *testing.T) {
|
||||
nil,
|
||||
nil,
|
||||
nil,
|
||||
nil,
|
||||
},
|
||||
),
|
||||
},
|
||||
@@ -942,6 +950,7 @@ func Test_IDPTemplateTemplatesPrepares(t *testing.T) {
|
||||
nil,
|
||||
nil,
|
||||
nil,
|
||||
nil,
|
||||
},
|
||||
),
|
||||
},
|
||||
@@ -1069,6 +1078,7 @@ func Test_IDPTemplateTemplatesPrepares(t *testing.T) {
|
||||
nil,
|
||||
nil,
|
||||
nil,
|
||||
nil,
|
||||
},
|
||||
),
|
||||
},
|
||||
@@ -1196,6 +1206,7 @@ func Test_IDPTemplateTemplatesPrepares(t *testing.T) {
|
||||
nil,
|
||||
nil,
|
||||
nil,
|
||||
nil,
|
||||
},
|
||||
),
|
||||
},
|
||||
@@ -1324,6 +1335,7 @@ func Test_IDPTemplateTemplatesPrepares(t *testing.T) {
|
||||
nil,
|
||||
nil,
|
||||
nil,
|
||||
nil,
|
||||
},
|
||||
),
|
||||
},
|
||||
@@ -1430,14 +1442,15 @@ func Test_IDPTemplateTemplatesPrepares(t *testing.T) {
|
||||
nil,
|
||||
// ldap config
|
||||
"idp-id",
|
||||
"host",
|
||||
"port",
|
||||
database.StringArray{"server"},
|
||||
true,
|
||||
"base",
|
||||
"user",
|
||||
"uid",
|
||||
"admin",
|
||||
"dn",
|
||||
nil,
|
||||
"user",
|
||||
database.StringArray{"object"},
|
||||
database.StringArray{"filter"},
|
||||
time.Duration(30000000000),
|
||||
"id",
|
||||
"first",
|
||||
"last",
|
||||
@@ -1469,14 +1482,15 @@ func Test_IDPTemplateTemplatesPrepares(t *testing.T) {
|
||||
IsAutoCreation: true,
|
||||
IsAutoUpdate: true,
|
||||
LDAPIDPTemplate: &LDAPIDPTemplate{
|
||||
IDPID: "idp-id",
|
||||
Host: "host",
|
||||
Port: "port",
|
||||
TLS: true,
|
||||
BaseDN: "base",
|
||||
UserObjectClass: "user",
|
||||
UserUniqueAttribute: "uid",
|
||||
Admin: "admin",
|
||||
IDPID: "idp-id",
|
||||
Servers: []string{"server"},
|
||||
StartTLS: true,
|
||||
BaseDN: "base",
|
||||
BindDN: "dn",
|
||||
UserBase: "user",
|
||||
UserObjectClasses: []string{"object"},
|
||||
UserFilters: []string{"filter"},
|
||||
Timeout: time.Duration(30000000000),
|
||||
LDAPAttributes: idp.LDAPAttributes{
|
||||
IDAttribute: "id",
|
||||
FirstNameAttribute: "first",
|
||||
@@ -1597,6 +1611,7 @@ func Test_IDPTemplateTemplatesPrepares(t *testing.T) {
|
||||
nil,
|
||||
nil,
|
||||
nil,
|
||||
nil,
|
||||
},
|
||||
),
|
||||
},
|
||||
@@ -1733,14 +1748,15 @@ func Test_IDPTemplateTemplatesPrepares(t *testing.T) {
|
||||
nil,
|
||||
// ldap config
|
||||
"idp-id",
|
||||
"host",
|
||||
"port",
|
||||
database.StringArray{"server"},
|
||||
true,
|
||||
"base",
|
||||
"user",
|
||||
"uid",
|
||||
"admin",
|
||||
"dn",
|
||||
nil,
|
||||
"user",
|
||||
database.StringArray{"object"},
|
||||
database.StringArray{"filter"},
|
||||
time.Duration(30000000000),
|
||||
"id",
|
||||
"first",
|
||||
"last",
|
||||
@@ -1778,14 +1794,15 @@ func Test_IDPTemplateTemplatesPrepares(t *testing.T) {
|
||||
IsAutoCreation: true,
|
||||
IsAutoUpdate: true,
|
||||
LDAPIDPTemplate: &LDAPIDPTemplate{
|
||||
IDPID: "idp-id",
|
||||
Host: "host",
|
||||
Port: "port",
|
||||
TLS: true,
|
||||
BaseDN: "base",
|
||||
UserObjectClass: "user",
|
||||
UserUniqueAttribute: "uid",
|
||||
Admin: "admin",
|
||||
IDPID: "idp-id",
|
||||
Servers: []string{"server"},
|
||||
StartTLS: true,
|
||||
BaseDN: "base",
|
||||
BindDN: "dn",
|
||||
UserBase: "user",
|
||||
UserObjectClasses: []string{"object"},
|
||||
UserFilters: []string{"filter"},
|
||||
Timeout: time.Duration(30000000000),
|
||||
LDAPAttributes: idp.LDAPAttributes{
|
||||
IDAttribute: "id",
|
||||
FirstNameAttribute: "first",
|
||||
@@ -1909,6 +1926,7 @@ func Test_IDPTemplateTemplatesPrepares(t *testing.T) {
|
||||
nil,
|
||||
nil,
|
||||
nil,
|
||||
nil,
|
||||
},
|
||||
},
|
||||
),
|
||||
@@ -2018,14 +2036,15 @@ func Test_IDPTemplateTemplatesPrepares(t *testing.T) {
|
||||
nil,
|
||||
// ldap config
|
||||
"idp-id-ldap",
|
||||
"host",
|
||||
"port",
|
||||
database.StringArray{"server"},
|
||||
true,
|
||||
"base",
|
||||
"user",
|
||||
"uid",
|
||||
"admin",
|
||||
"dn",
|
||||
nil,
|
||||
"user",
|
||||
database.StringArray{"object"},
|
||||
database.StringArray{"filter"},
|
||||
time.Duration(30000000000),
|
||||
"id",
|
||||
"first",
|
||||
"last",
|
||||
@@ -2135,6 +2154,7 @@ func Test_IDPTemplateTemplatesPrepares(t *testing.T) {
|
||||
nil,
|
||||
nil,
|
||||
nil,
|
||||
nil,
|
||||
},
|
||||
{
|
||||
"idp-id-oauth",
|
||||
@@ -2231,6 +2251,7 @@ func Test_IDPTemplateTemplatesPrepares(t *testing.T) {
|
||||
nil,
|
||||
nil,
|
||||
nil,
|
||||
nil,
|
||||
},
|
||||
{
|
||||
"idp-id-oidc",
|
||||
@@ -2327,6 +2348,7 @@ func Test_IDPTemplateTemplatesPrepares(t *testing.T) {
|
||||
nil,
|
||||
nil,
|
||||
nil,
|
||||
nil,
|
||||
},
|
||||
{
|
||||
"idp-id-jwt",
|
||||
@@ -2423,6 +2445,7 @@ func Test_IDPTemplateTemplatesPrepares(t *testing.T) {
|
||||
nil,
|
||||
nil,
|
||||
nil,
|
||||
nil,
|
||||
},
|
||||
},
|
||||
),
|
||||
@@ -2447,14 +2470,15 @@ func Test_IDPTemplateTemplatesPrepares(t *testing.T) {
|
||||
IsAutoCreation: true,
|
||||
IsAutoUpdate: true,
|
||||
LDAPIDPTemplate: &LDAPIDPTemplate{
|
||||
IDPID: "idp-id-ldap",
|
||||
Host: "host",
|
||||
Port: "port",
|
||||
TLS: true,
|
||||
BaseDN: "base",
|
||||
UserObjectClass: "user",
|
||||
UserUniqueAttribute: "uid",
|
||||
Admin: "admin",
|
||||
IDPID: "idp-id-ldap",
|
||||
Servers: []string{"server"},
|
||||
StartTLS: true,
|
||||
BaseDN: "base",
|
||||
BindDN: "dn",
|
||||
UserBase: "user",
|
||||
UserObjectClasses: []string{"object"},
|
||||
UserFilters: []string{"filter"},
|
||||
Timeout: time.Duration(30000000000),
|
||||
LDAPAttributes: idp.LDAPAttributes{
|
||||
IDAttribute: "id",
|
||||
FirstNameAttribute: "first",
|
||||
|
||||
@@ -38,7 +38,7 @@ const (
|
||||
IDPTemplateGitLabSuffix = "gitlab"
|
||||
IDPTemplateGitLabSelfHostedSuffix = "gitlab_self_hosted"
|
||||
IDPTemplateGoogleSuffix = "google"
|
||||
IDPTemplateLDAPSuffix = "ldap"
|
||||
IDPTemplateLDAPSuffix = "ldap2"
|
||||
|
||||
IDPTemplateIDCol = "id"
|
||||
IDPTemplateCreationDateCol = "creation_date"
|
||||
@@ -125,14 +125,15 @@ const (
|
||||
|
||||
LDAPIDCol = "idp_id"
|
||||
LDAPInstanceIDCol = "instance_id"
|
||||
LDAPHostCol = "host"
|
||||
LDAPPortCol = "port"
|
||||
LDAPTlsCol = "tls"
|
||||
LDAPServersCol = "servers"
|
||||
LDAPStartTLSCol = "start_tls"
|
||||
LDAPBaseDNCol = "base_dn"
|
||||
LDAPUserObjectClassCol = "user_object_class"
|
||||
LDAPUserUniqueAttributeCol = "user_unique_attribute"
|
||||
LDAPAdminCol = "admin"
|
||||
LDAPPasswordCol = "password"
|
||||
LDAPBindDNCol = "bind_dn"
|
||||
LDAPBindPasswordCol = "bind_password"
|
||||
LDAPUserBaseCol = "user_base"
|
||||
LDAPUserObjectClassesCol = "user_object_classes"
|
||||
LDAPUserFiltersCol = "user_filters"
|
||||
LDAPTimeoutCol = "timeout"
|
||||
LDAPIDAttributeCol = "id_attribute"
|
||||
LDAPFirstNameAttributeCol = "first_name_attribute"
|
||||
LDAPLastNameAttributeCol = "last_name_attribute"
|
||||
@@ -293,14 +294,15 @@ func newIDPTemplateProjection(ctx context.Context, config crdb.StatementHandlerC
|
||||
crdb.NewSuffixedTable([]*crdb.Column{
|
||||
crdb.NewColumn(LDAPIDCol, crdb.ColumnTypeText),
|
||||
crdb.NewColumn(LDAPInstanceIDCol, crdb.ColumnTypeText),
|
||||
crdb.NewColumn(LDAPHostCol, crdb.ColumnTypeText, crdb.Nullable()),
|
||||
crdb.NewColumn(LDAPPortCol, crdb.ColumnTypeText, crdb.Nullable()),
|
||||
crdb.NewColumn(LDAPTlsCol, crdb.ColumnTypeBool, crdb.Nullable()),
|
||||
crdb.NewColumn(LDAPBaseDNCol, crdb.ColumnTypeText, crdb.Nullable()),
|
||||
crdb.NewColumn(LDAPUserObjectClassCol, crdb.ColumnTypeText, crdb.Nullable()),
|
||||
crdb.NewColumn(LDAPUserUniqueAttributeCol, crdb.ColumnTypeText, crdb.Nullable()),
|
||||
crdb.NewColumn(LDAPAdminCol, crdb.ColumnTypeText, crdb.Nullable()),
|
||||
crdb.NewColumn(LDAPPasswordCol, crdb.ColumnTypeJSONB, crdb.Nullable()),
|
||||
crdb.NewColumn(LDAPServersCol, crdb.ColumnTypeTextArray),
|
||||
crdb.NewColumn(LDAPStartTLSCol, crdb.ColumnTypeBool),
|
||||
crdb.NewColumn(LDAPBaseDNCol, crdb.ColumnTypeText),
|
||||
crdb.NewColumn(LDAPBindDNCol, crdb.ColumnTypeText),
|
||||
crdb.NewColumn(LDAPBindPasswordCol, crdb.ColumnTypeJSONB),
|
||||
crdb.NewColumn(LDAPUserBaseCol, crdb.ColumnTypeText),
|
||||
crdb.NewColumn(LDAPUserObjectClassesCol, crdb.ColumnTypeTextArray),
|
||||
crdb.NewColumn(LDAPUserFiltersCol, crdb.ColumnTypeTextArray),
|
||||
crdb.NewColumn(LDAPTimeoutCol, crdb.ColumnTypeInt64),
|
||||
crdb.NewColumn(LDAPIDAttributeCol, crdb.ColumnTypeText, crdb.Nullable()),
|
||||
crdb.NewColumn(LDAPFirstNameAttributeCol, crdb.ColumnTypeText, crdb.Nullable()),
|
||||
crdb.NewColumn(LDAPLastNameAttributeCol, crdb.ColumnTypeText, crdb.Nullable()),
|
||||
@@ -1663,14 +1665,15 @@ func (p *idpTemplateProjection) reduceLDAPIDPAdded(event eventstore.Event) (*han
|
||||
[]handler.Column{
|
||||
handler.NewCol(LDAPIDCol, idpEvent.ID),
|
||||
handler.NewCol(LDAPInstanceIDCol, idpEvent.Aggregate().InstanceID),
|
||||
handler.NewCol(LDAPHostCol, idpEvent.Host),
|
||||
handler.NewCol(LDAPPortCol, idpEvent.Port),
|
||||
handler.NewCol(LDAPTlsCol, idpEvent.TLS),
|
||||
handler.NewCol(LDAPServersCol, database.StringArray(idpEvent.Servers)),
|
||||
handler.NewCol(LDAPStartTLSCol, idpEvent.StartTLS),
|
||||
handler.NewCol(LDAPBaseDNCol, idpEvent.BaseDN),
|
||||
handler.NewCol(LDAPUserObjectClassCol, idpEvent.UserObjectClass),
|
||||
handler.NewCol(LDAPUserUniqueAttributeCol, idpEvent.UserUniqueAttribute),
|
||||
handler.NewCol(LDAPAdminCol, idpEvent.Admin),
|
||||
handler.NewCol(LDAPPasswordCol, idpEvent.Password),
|
||||
handler.NewCol(LDAPBindDNCol, idpEvent.BindDN),
|
||||
handler.NewCol(LDAPBindPasswordCol, idpEvent.BindPassword),
|
||||
handler.NewCol(LDAPUserBaseCol, idpEvent.UserBase),
|
||||
handler.NewCol(LDAPUserObjectClassesCol, database.StringArray(idpEvent.UserObjectClasses)),
|
||||
handler.NewCol(LDAPUserFiltersCol, database.StringArray(idpEvent.UserFilters)),
|
||||
handler.NewCol(LDAPTimeoutCol, idpEvent.Timeout),
|
||||
handler.NewCol(LDAPIDAttributeCol, idpEvent.IDAttribute),
|
||||
handler.NewCol(LDAPFirstNameAttributeCol, idpEvent.FirstNameAttribute),
|
||||
handler.NewCol(LDAPLastNameAttributeCol, idpEvent.LastNameAttribute),
|
||||
@@ -1962,29 +1965,32 @@ func reduceGoogleIDPChangedColumns(idpEvent idp.GoogleIDPChangedEvent) []handler
|
||||
|
||||
func reduceLDAPIDPChangedColumns(idpEvent idp.LDAPIDPChangedEvent) []handler.Column {
|
||||
ldapCols := make([]handler.Column, 0, 4)
|
||||
if idpEvent.Host != nil {
|
||||
ldapCols = append(ldapCols, handler.NewCol(LDAPHostCol, *idpEvent.Host))
|
||||
if idpEvent.Servers != nil {
|
||||
ldapCols = append(ldapCols, handler.NewCol(LDAPServersCol, database.StringArray(idpEvent.Servers)))
|
||||
}
|
||||
if idpEvent.Port != nil {
|
||||
ldapCols = append(ldapCols, handler.NewCol(LDAPPortCol, *idpEvent.Port))
|
||||
}
|
||||
if idpEvent.TLS != nil {
|
||||
ldapCols = append(ldapCols, handler.NewCol(LDAPTlsCol, *idpEvent.TLS))
|
||||
if idpEvent.StartTLS != nil {
|
||||
ldapCols = append(ldapCols, handler.NewCol(LDAPStartTLSCol, *idpEvent.StartTLS))
|
||||
}
|
||||
if idpEvent.BaseDN != nil {
|
||||
ldapCols = append(ldapCols, handler.NewCol(LDAPBaseDNCol, *idpEvent.BaseDN))
|
||||
}
|
||||
if idpEvent.UserObjectClass != nil {
|
||||
ldapCols = append(ldapCols, handler.NewCol(LDAPUserObjectClassCol, *idpEvent.UserObjectClass))
|
||||
if idpEvent.BindDN != nil {
|
||||
ldapCols = append(ldapCols, handler.NewCol(LDAPBindDNCol, *idpEvent.BindDN))
|
||||
}
|
||||
if idpEvent.UserUniqueAttribute != nil {
|
||||
ldapCols = append(ldapCols, handler.NewCol(LDAPUserUniqueAttributeCol, *idpEvent.UserUniqueAttribute))
|
||||
if idpEvent.BindPassword != nil {
|
||||
ldapCols = append(ldapCols, handler.NewCol(LDAPBindPasswordCol, idpEvent.BindPassword))
|
||||
}
|
||||
if idpEvent.Admin != nil {
|
||||
ldapCols = append(ldapCols, handler.NewCol(LDAPAdminCol, *idpEvent.Admin))
|
||||
if idpEvent.UserBase != nil {
|
||||
ldapCols = append(ldapCols, handler.NewCol(LDAPUserBaseCol, *idpEvent.UserBase))
|
||||
}
|
||||
if idpEvent.Password != nil {
|
||||
ldapCols = append(ldapCols, handler.NewCol(LDAPPasswordCol, *idpEvent.Password))
|
||||
if idpEvent.UserObjectClasses != nil {
|
||||
ldapCols = append(ldapCols, handler.NewCol(LDAPUserObjectClassesCol, database.StringArray(idpEvent.UserObjectClasses)))
|
||||
}
|
||||
if idpEvent.UserFilters != nil {
|
||||
ldapCols = append(ldapCols, handler.NewCol(LDAPUserFiltersCol, database.StringArray(idpEvent.UserFilters)))
|
||||
}
|
||||
if idpEvent.Timeout != nil {
|
||||
ldapCols = append(ldapCols, handler.NewCol(LDAPTimeoutCol, *idpEvent.Timeout))
|
||||
}
|
||||
if idpEvent.IDAttribute != nil {
|
||||
ldapCols = append(ldapCols, handler.NewCol(LDAPIDAttributeCol, *idpEvent.IDAttribute))
|
||||
|
||||
@@ -2,6 +2,7 @@ package projection
|
||||
|
||||
import (
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/zitadel/zitadel/internal/database"
|
||||
"github.com/zitadel/zitadel/internal/domain"
|
||||
@@ -2033,18 +2034,19 @@ func TestIDPTemplateProjection_reducesLDAP(t *testing.T) {
|
||||
[]byte(`{
|
||||
"id": "idp-id",
|
||||
"name": "custom-zitadel-instance",
|
||||
"host": "host",
|
||||
"port": "port",
|
||||
"tls": true,
|
||||
"baseDN": "base",
|
||||
"userObjectClass": "user",
|
||||
"userUniqueAttribute": "uid",
|
||||
"admin": "admin",
|
||||
"password": {
|
||||
"servers": ["server"],
|
||||
"startTls": false,
|
||||
"baseDN": "basedn",
|
||||
"bindDN": "binddn",
|
||||
"bindPassword": {
|
||||
"cryptoType": 0,
|
||||
"algorithm": "RSA-265",
|
||||
"keyId": "key-id"
|
||||
},
|
||||
"userBase": "user",
|
||||
"userObjectClasses": ["object"],
|
||||
"userFilters": ["filter"],
|
||||
"timeout": 30000000000,
|
||||
"idAttribute": "id",
|
||||
"firstNameAttribute": "first",
|
||||
"lastNameAttribute": "last",
|
||||
@@ -2092,18 +2094,19 @@ func TestIDPTemplateProjection_reducesLDAP(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "INSERT INTO projections.idp_templates4_ldap (idp_id, instance_id, host, port, tls, base_dn, user_object_class, user_unique_attribute, admin, password, id_attribute, first_name_attribute, last_name_attribute, display_name_attribute, nick_name_attribute, preferred_username_attribute, email_attribute, email_verified, phone_attribute, phone_verified_attribute, preferred_language_attribute, avatar_url_attribute, profile_attribute) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14, $15, $16, $17, $18, $19, $20, $21, $22, $23)",
|
||||
expectedStmt: "INSERT INTO projections.idp_templates4_ldap2 (idp_id, instance_id, servers, start_tls, base_dn, bind_dn, bind_password, user_base, user_object_classes, user_filters, timeout, id_attribute, first_name_attribute, last_name_attribute, display_name_attribute, nick_name_attribute, preferred_username_attribute, email_attribute, email_verified, phone_attribute, phone_verified_attribute, preferred_language_attribute, avatar_url_attribute, profile_attribute) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14, $15, $16, $17, $18, $19, $20, $21, $22, $23, $24)",
|
||||
expectedArgs: []interface{}{
|
||||
"idp-id",
|
||||
"instance-id",
|
||||
"host",
|
||||
"port",
|
||||
true,
|
||||
"base",
|
||||
"user",
|
||||
"uid",
|
||||
"admin",
|
||||
database.StringArray{"server"},
|
||||
false,
|
||||
"basedn",
|
||||
"binddn",
|
||||
anyArg{},
|
||||
"user",
|
||||
database.StringArray{"object"},
|
||||
database.StringArray{"filter"},
|
||||
time.Duration(30000000000),
|
||||
"id",
|
||||
"first",
|
||||
"last",
|
||||
@@ -2132,18 +2135,19 @@ func TestIDPTemplateProjection_reducesLDAP(t *testing.T) {
|
||||
[]byte(`{
|
||||
"id": "idp-id",
|
||||
"name": "custom-zitadel-instance",
|
||||
"host": "host",
|
||||
"port": "port",
|
||||
"tls": true,
|
||||
"baseDN": "base",
|
||||
"userObjectClass": "user",
|
||||
"userUniqueAttribute": "uid",
|
||||
"admin": "admin",
|
||||
"password": {
|
||||
"servers": ["server"],
|
||||
"startTls": false,
|
||||
"baseDN": "basedn",
|
||||
"bindDN": "binddn",
|
||||
"bindPassword": {
|
||||
"cryptoType": 0,
|
||||
"algorithm": "RSA-265",
|
||||
"keyId": "key-id"
|
||||
},
|
||||
"userBase": "user",
|
||||
"userObjectClasses": ["object"],
|
||||
"userFilters": ["filter"],
|
||||
"timeout": 30000000000,
|
||||
"idAttribute": "id",
|
||||
"firstNameAttribute": "first",
|
||||
"lastNameAttribute": "last",
|
||||
@@ -2191,18 +2195,19 @@ func TestIDPTemplateProjection_reducesLDAP(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "INSERT INTO projections.idp_templates4_ldap (idp_id, instance_id, host, port, tls, base_dn, user_object_class, user_unique_attribute, admin, password, id_attribute, first_name_attribute, last_name_attribute, display_name_attribute, nick_name_attribute, preferred_username_attribute, email_attribute, email_verified, phone_attribute, phone_verified_attribute, preferred_language_attribute, avatar_url_attribute, profile_attribute) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14, $15, $16, $17, $18, $19, $20, $21, $22, $23)",
|
||||
expectedStmt: "INSERT INTO projections.idp_templates4_ldap2 (idp_id, instance_id, servers, start_tls, base_dn, bind_dn, bind_password, user_base, user_object_classes, user_filters, timeout, id_attribute, first_name_attribute, last_name_attribute, display_name_attribute, nick_name_attribute, preferred_username_attribute, email_attribute, email_verified, phone_attribute, phone_verified_attribute, preferred_language_attribute, avatar_url_attribute, profile_attribute) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14, $15, $16, $17, $18, $19, $20, $21, $22, $23, $24)",
|
||||
expectedArgs: []interface{}{
|
||||
"idp-id",
|
||||
"instance-id",
|
||||
"host",
|
||||
"port",
|
||||
true,
|
||||
"base",
|
||||
"user",
|
||||
"uid",
|
||||
"admin",
|
||||
database.StringArray{"server"},
|
||||
false,
|
||||
"basedn",
|
||||
"binddn",
|
||||
anyArg{},
|
||||
"user",
|
||||
database.StringArray{"object"},
|
||||
database.StringArray{"filter"},
|
||||
time.Duration(30000000000),
|
||||
"id",
|
||||
"first",
|
||||
"last",
|
||||
@@ -2231,7 +2236,7 @@ func TestIDPTemplateProjection_reducesLDAP(t *testing.T) {
|
||||
[]byte(`{
|
||||
"id": "idp-id",
|
||||
"name": "custom-zitadel-instance",
|
||||
"host": "host"
|
||||
"baseDN": "basedn"
|
||||
}`),
|
||||
), instance.LDAPIDPChangedEventMapper),
|
||||
},
|
||||
@@ -2253,9 +2258,9 @@ func TestIDPTemplateProjection_reducesLDAP(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.idp_templates4_ldap SET host = $1 WHERE (idp_id = $2) AND (instance_id = $3)",
|
||||
expectedStmt: "UPDATE projections.idp_templates4_ldap2 SET base_dn = $1 WHERE (idp_id = $2) AND (instance_id = $3)",
|
||||
expectedArgs: []interface{}{
|
||||
"host",
|
||||
"basedn",
|
||||
"idp-id",
|
||||
"instance-id",
|
||||
},
|
||||
@@ -2273,18 +2278,19 @@ func TestIDPTemplateProjection_reducesLDAP(t *testing.T) {
|
||||
[]byte(`{
|
||||
"id": "idp-id",
|
||||
"name": "custom-zitadel-instance",
|
||||
"host": "host",
|
||||
"port": "port",
|
||||
"tls": true,
|
||||
"baseDN": "base",
|
||||
"userObjectClass": "user",
|
||||
"userUniqueAttribute": "uid",
|
||||
"admin": "admin",
|
||||
"password": {
|
||||
"servers": ["server"],
|
||||
"startTls": false,
|
||||
"baseDN": "basedn",
|
||||
"bindDN": "binddn",
|
||||
"bindPassword": {
|
||||
"cryptoType": 0,
|
||||
"algorithm": "RSA-265",
|
||||
"keyId": "key-id"
|
||||
},
|
||||
"userBase": "user",
|
||||
"userObjectClasses": ["object"],
|
||||
"userFilters": ["filter"],
|
||||
"timeout": 30000000000,
|
||||
"idAttribute": "id",
|
||||
"firstNameAttribute": "first",
|
||||
"lastNameAttribute": "last",
|
||||
@@ -2327,16 +2333,17 @@ func TestIDPTemplateProjection_reducesLDAP(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.idp_templates4_ldap SET (host, port, tls, base_dn, user_object_class, user_unique_attribute, admin, password, id_attribute, first_name_attribute, last_name_attribute, display_name_attribute, nick_name_attribute, preferred_username_attribute, email_attribute, email_verified, phone_attribute, phone_verified_attribute, preferred_language_attribute, avatar_url_attribute, profile_attribute) = ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14, $15, $16, $17, $18, $19, $20, $21) WHERE (idp_id = $22) AND (instance_id = $23)",
|
||||
expectedStmt: "UPDATE projections.idp_templates4_ldap2 SET (servers, start_tls, base_dn, bind_dn, bind_password, user_base, user_object_classes, user_filters, timeout, id_attribute, first_name_attribute, last_name_attribute, display_name_attribute, nick_name_attribute, preferred_username_attribute, email_attribute, email_verified, phone_attribute, phone_verified_attribute, preferred_language_attribute, avatar_url_attribute, profile_attribute) = ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14, $15, $16, $17, $18, $19, $20, $21, $22) WHERE (idp_id = $23) AND (instance_id = $24)",
|
||||
expectedArgs: []interface{}{
|
||||
"host",
|
||||
"port",
|
||||
true,
|
||||
"base",
|
||||
"user",
|
||||
"uid",
|
||||
"admin",
|
||||
database.StringArray{"server"},
|
||||
false,
|
||||
"basedn",
|
||||
"binddn",
|
||||
anyArg{},
|
||||
"user",
|
||||
database.StringArray{"object"},
|
||||
database.StringArray{"filter"},
|
||||
time.Duration(30000000000),
|
||||
"id",
|
||||
"first",
|
||||
"last",
|
||||
|
||||
Reference in New Issue
Block a user