TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-11 21:27:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: ldap provider login (#5448)

Browse Source 
Add the logic to configure and use LDAP provider as an external IDP with a dedicated login GUI.
This commit is contained in:
Stefan Benz
2023-03-24 16:18:56 +01:00
committed by GitHub
parent a8bfcc166e
commit 41ff0bbc63
40 changed files with 2240 additions and 1142 deletions
Download Patch File Download Diff File Expand all files Collapse all files

222
internal/query/idp_template_test.go
View File

@@ -7,6 +7,7 @@ import (
"fmt"
"regexp"
"testing"
"time"
"github.com/zitadel/zitadel/internal/database"
"github.com/zitadel/zitadel/internal/domain"
@@ -87,28 +88,29 @@ var (
` projections.idp_templates4_google.client_secret,` +
` projections.idp_templates4_google.scopes,` +
// ldap
` projections.idp_templates4_ldap.idp_id,` +
` projections.idp_templates4_ldap.host,` +
` projections.idp_templates4_ldap.port,` +
` projections.idp_templates4_ldap.tls,` +
` projections.idp_templates4_ldap.base_dn,` +
` projections.idp_templates4_ldap.user_object_class,` +
` projections.idp_templates4_ldap.user_unique_attribute,` +
` projections.idp_templates4_ldap.admin,` +
` projections.idp_templates4_ldap.password,` +
` projections.idp_templates4_ldap.id_attribute,` +
` projections.idp_templates4_ldap.first_name_attribute,` +
` projections.idp_templates4_ldap.last_name_attribute,` +
` projections.idp_templates4_ldap.display_name_attribute,` +
` projections.idp_templates4_ldap.nick_name_attribute,` +
` projections.idp_templates4_ldap.preferred_username_attribute,` +
` projections.idp_templates4_ldap.email_attribute,` +
` projections.idp_templates4_ldap.email_verified,` +
` projections.idp_templates4_ldap.phone_attribute,` +
` projections.idp_templates4_ldap.phone_verified_attribute,` +
` projections.idp_templates4_ldap.preferred_language_attribute,` +
` projections.idp_templates4_ldap.avatar_url_attribute,` +
` projections.idp_templates4_ldap.profile_attribute` +
` projections.idp_templates4_ldap2.idp_id,` +
` projections.idp_templates4_ldap2.servers,` +
` projections.idp_templates4_ldap2.start_tls,` +
` projections.idp_templates4_ldap2.base_dn,` +
` projections.idp_templates4_ldap2.bind_dn,` +
` projections.idp_templates4_ldap2.bind_password,` +
` projections.idp_templates4_ldap2.user_base,` +
` projections.idp_templates4_ldap2.user_object_classes,` +
` projections.idp_templates4_ldap2.user_filters,` +
` projections.idp_templates4_ldap2.timeout,` +
` projections.idp_templates4_ldap2.id_attribute,` +
` projections.idp_templates4_ldap2.first_name_attribute,` +
` projections.idp_templates4_ldap2.last_name_attribute,` +
` projections.idp_templates4_ldap2.display_name_attribute,` +
` projections.idp_templates4_ldap2.nick_name_attribute,` +
` projections.idp_templates4_ldap2.preferred_username_attribute,` +
` projections.idp_templates4_ldap2.email_attribute,` +
` projections.idp_templates4_ldap2.email_verified,` +
` projections.idp_templates4_ldap2.phone_attribute,` +
` projections.idp_templates4_ldap2.phone_verified_attribute,` +
` projections.idp_templates4_ldap2.preferred_language_attribute,` +
` projections.idp_templates4_ldap2.avatar_url_attribute,` +
` projections.idp_templates4_ldap2.profile_attribute` +
` FROM projections.idp_templates4` +
` LEFT JOIN projections.idp_templates4_oauth2 ON projections.idp_templates4.id = projections.idp_templates4_oauth2.idp_id AND projections.idp_templates4.instance_id = projections.idp_templates4_oauth2.instance_id` +
` LEFT JOIN projections.idp_templates4_oidc ON projections.idp_templates4.id = projections.idp_templates4_oidc.idp_id AND projections.idp_templates4.instance_id = projections.idp_templates4_oidc.instance_id` +
@@ -119,7 +121,7 @@ var (
` LEFT JOIN projections.idp_templates4_gitlab ON projections.idp_templates4.id = projections.idp_templates4_gitlab.idp_id AND projections.idp_templates4.instance_id = projections.idp_templates4_gitlab.instance_id` +
` LEFT JOIN projections.idp_templates4_gitlab_self_hosted ON projections.idp_templates4.id = projections.idp_templates4_gitlab_self_hosted.idp_id AND projections.idp_templates4.instance_id = projections.idp_templates4_gitlab_self_hosted.instance_id` +
` LEFT JOIN projections.idp_templates4_google ON projections.idp_templates4.id = projections.idp_templates4_google.idp_id AND projections.idp_templates4.instance_id = projections.idp_templates4_google.instance_id` +
` LEFT JOIN projections.idp_templates4_ldap ON projections.idp_templates4.id = projections.idp_templates4_ldap.idp_id AND projections.idp_templates4.instance_id = projections.idp_templates4_ldap.instance_id` +
` LEFT JOIN projections.idp_templates4_ldap2 ON projections.idp_templates4.id = projections.idp_templates4_ldap2.idp_id AND projections.idp_templates4.instance_id = projections.idp_templates4_ldap2.instance_id` +
` AS OF SYSTEM TIME '-1 ms'`
idpTemplateCols = []string{
"id",
@@ -195,14 +197,15 @@ var (
"scopes",
// ldap config
"idp_id",
"host",
"port",
"tls",
"servers",
"start_tls",
"base_dn",
"user_object_class",
"user_unique_attribute",
"admin",
"password",
"bind_dn",
"bind_password",
"user_base",
"user_object_classes",
"user_filters",
"timeout",
"id_attribute",
"first_name_attribute",
"last_name_attribute",
@@ -289,28 +292,29 @@ var (
` projections.idp_templates4_google.client_secret,` +
` projections.idp_templates4_google.scopes,` +
// ldap
` projections.idp_templates4_ldap.idp_id,` +
` projections.idp_templates4_ldap.host,` +
` projections.idp_templates4_ldap.port,` +
` projections.idp_templates4_ldap.tls,` +
` projections.idp_templates4_ldap.base_dn,` +
` projections.idp_templates4_ldap.user_object_class,` +
` projections.idp_templates4_ldap.user_unique_attribute,` +
` projections.idp_templates4_ldap.admin,` +
` projections.idp_templates4_ldap.password,` +
` projections.idp_templates4_ldap.id_attribute,` +
` projections.idp_templates4_ldap.first_name_attribute,` +
` projections.idp_templates4_ldap.last_name_attribute,` +
` projections.idp_templates4_ldap.display_name_attribute,` +
` projections.idp_templates4_ldap.nick_name_attribute,` +
` projections.idp_templates4_ldap.preferred_username_attribute,` +
` projections.idp_templates4_ldap.email_attribute,` +
` projections.idp_templates4_ldap.email_verified,` +
` projections.idp_templates4_ldap.phone_attribute,` +
` projections.idp_templates4_ldap.phone_verified_attribute,` +
` projections.idp_templates4_ldap.preferred_language_attribute,` +
` projections.idp_templates4_ldap.avatar_url_attribute,` +
` projections.idp_templates4_ldap.profile_attribute,` +
` projections.idp_templates4_ldap2.idp_id,` +
` projections.idp_templates4_ldap2.servers,` +
` projections.idp_templates4_ldap2.start_tls,` +
` projections.idp_templates4_ldap2.base_dn,` +
` projections.idp_templates4_ldap2.bind_dn,` +
` projections.idp_templates4_ldap2.bind_password,` +
` projections.idp_templates4_ldap2.user_base,` +
` projections.idp_templates4_ldap2.user_object_classes,` +
` projections.idp_templates4_ldap2.user_filters,` +
` projections.idp_templates4_ldap2.timeout,` +
` projections.idp_templates4_ldap2.id_attribute,` +
` projections.idp_templates4_ldap2.first_name_attribute,` +
` projections.idp_templates4_ldap2.last_name_attribute,` +
` projections.idp_templates4_ldap2.display_name_attribute,` +
` projections.idp_templates4_ldap2.nick_name_attribute,` +
` projections.idp_templates4_ldap2.preferred_username_attribute,` +
` projections.idp_templates4_ldap2.email_attribute,` +
` projections.idp_templates4_ldap2.email_verified,` +
` projections.idp_templates4_ldap2.phone_attribute,` +
` projections.idp_templates4_ldap2.phone_verified_attribute,` +
` projections.idp_templates4_ldap2.preferred_language_attribute,` +
` projections.idp_templates4_ldap2.avatar_url_attribute,` +
` projections.idp_templates4_ldap2.profile_attribute,` +
` COUNT(*) OVER ()` +
` FROM projections.idp_templates4` +
` LEFT JOIN projections.idp_templates4_oauth2 ON projections.idp_templates4.id = projections.idp_templates4_oauth2.idp_id AND projections.idp_templates4.instance_id = projections.idp_templates4_oauth2.instance_id` +
@@ -322,7 +326,7 @@ var (
` LEFT JOIN projections.idp_templates4_gitlab ON projections.idp_templates4.id = projections.idp_templates4_gitlab.idp_id AND projections.idp_templates4.instance_id = projections.idp_templates4_gitlab.instance_id` +
` LEFT JOIN projections.idp_templates4_gitlab_self_hosted ON projections.idp_templates4.id = projections.idp_templates4_gitlab_self_hosted.idp_id AND projections.idp_templates4.instance_id = projections.idp_templates4_gitlab_self_hosted.instance_id` +
` LEFT JOIN projections.idp_templates4_google ON projections.idp_templates4.id = projections.idp_templates4_google.idp_id AND projections.idp_templates4.instance_id = projections.idp_templates4_google.instance_id` +
` LEFT JOIN projections.idp_templates4_ldap ON projections.idp_templates4.id = projections.idp_templates4_ldap.idp_id AND projections.idp_templates4.instance_id = projections.idp_templates4_ldap.instance_id` +
` LEFT JOIN projections.idp_templates4_ldap2 ON projections.idp_templates4.id = projections.idp_templates4_ldap2.idp_id AND projections.idp_templates4.instance_id = projections.idp_templates4_ldap2.instance_id` +
` AS OF SYSTEM TIME '-1 ms'`
idpTemplatesCols = []string{
"id",
@@ -398,14 +402,15 @@ var (
"scopes",
// ldap config
"idp_id",
"host",
"port",
"tls",
"servers",
"start_tls",
"base_dn",
"user_object_class",
"user_unique_attribute",
"admin",
"password",
"bind_dn",
"bind_password",
"user_base",
"user_object_classes",
"user_filters",
"timeout",
"id_attribute",
"first_name_attribute",
"last_name_attribute",
@@ -554,6 +559,7 @@ func Test_IDPTemplateTemplatesPrepares(t *testing.T) {
nil,
nil,
nil,
nil,
},
),
},
@@ -685,6 +691,7 @@ func Test_IDPTemplateTemplatesPrepares(t *testing.T) {
nil,
nil,
nil,
nil,
},
),
},
@@ -814,6 +821,7 @@ func Test_IDPTemplateTemplatesPrepares(t *testing.T) {
nil,
nil,
nil,
nil,
},
),
},
@@ -942,6 +950,7 @@ func Test_IDPTemplateTemplatesPrepares(t *testing.T) {
nil,
nil,
nil,
nil,
},
),
},
@@ -1069,6 +1078,7 @@ func Test_IDPTemplateTemplatesPrepares(t *testing.T) {
nil,
nil,
nil,
nil,
},
),
},
@@ -1196,6 +1206,7 @@ func Test_IDPTemplateTemplatesPrepares(t *testing.T) {
nil,
nil,
nil,
nil,
},
),
},
@@ -1324,6 +1335,7 @@ func Test_IDPTemplateTemplatesPrepares(t *testing.T) {
nil,
nil,
nil,
nil,
},
),
},
@@ -1430,14 +1442,15 @@ func Test_IDPTemplateTemplatesPrepares(t *testing.T) {
nil,
// ldap config
"idp-id",
"host",
"port",
database.StringArray{"server"},
true,
"base",
"user",
"uid",
"admin",
"dn",
nil,
"user",
database.StringArray{"object"},
database.StringArray{"filter"},
time.Duration(30000000000),
"id",
"first",
"last",
@@ -1469,14 +1482,15 @@ func Test_IDPTemplateTemplatesPrepares(t *testing.T) {
IsAutoCreation: true,
IsAutoUpdate: true,
LDAPIDPTemplate: &LDAPIDPTemplate{
IDPID: "idp-id",
Host: "host",
Port: "port",
TLS: true,
BaseDN: "base",
UserObjectClass: "user",
UserUniqueAttribute: "uid",
Admin: "admin",
IDPID: "idp-id",
Servers: []string{"server"},
StartTLS: true,
BaseDN: "base",
BindDN: "dn",
UserBase: "user",
UserObjectClasses: []string{"object"},
UserFilters: []string{"filter"},
Timeout: time.Duration(30000000000),
LDAPAttributes: idp.LDAPAttributes{
IDAttribute: "id",
FirstNameAttribute: "first",
@@ -1597,6 +1611,7 @@ func Test_IDPTemplateTemplatesPrepares(t *testing.T) {
nil,
nil,
nil,
nil,
},
),
},
@@ -1733,14 +1748,15 @@ func Test_IDPTemplateTemplatesPrepares(t *testing.T) {
nil,
// ldap config
"idp-id",
"host",
"port",
database.StringArray{"server"},
true,
"base",
"user",
"uid",
"admin",
"dn",
nil,
"user",
database.StringArray{"object"},
database.StringArray{"filter"},
time.Duration(30000000000),
"id",
"first",
"last",
@@ -1778,14 +1794,15 @@ func Test_IDPTemplateTemplatesPrepares(t *testing.T) {
IsAutoCreation: true,
IsAutoUpdate: true,
LDAPIDPTemplate: &LDAPIDPTemplate{
IDPID: "idp-id",
Host: "host",
Port: "port",
TLS: true,
BaseDN: "base",
UserObjectClass: "user",
UserUniqueAttribute: "uid",
Admin: "admin",
IDPID: "idp-id",
Servers: []string{"server"},
StartTLS: true,
BaseDN: "base",
BindDN: "dn",
UserBase: "user",
UserObjectClasses: []string{"object"},
UserFilters: []string{"filter"},
Timeout: time.Duration(30000000000),
LDAPAttributes: idp.LDAPAttributes{
IDAttribute: "id",
FirstNameAttribute: "first",
@@ -1909,6 +1926,7 @@ func Test_IDPTemplateTemplatesPrepares(t *testing.T) {
nil,
nil,
nil,
nil,
},
},
),
@@ -2018,14 +2036,15 @@ func Test_IDPTemplateTemplatesPrepares(t *testing.T) {
nil,
// ldap config
"idp-id-ldap",
"host",
"port",
database.StringArray{"server"},
true,
"base",
"user",
"uid",
"admin",
"dn",
nil,
"user",
database.StringArray{"object"},
database.StringArray{"filter"},
time.Duration(30000000000),
"id",
"first",
"last",
@@ -2135,6 +2154,7 @@ func Test_IDPTemplateTemplatesPrepares(t *testing.T) {
nil,
nil,
nil,
nil,
},
{
"idp-id-oauth",
@@ -2231,6 +2251,7 @@ func Test_IDPTemplateTemplatesPrepares(t *testing.T) {
nil,
nil,
nil,
nil,
},
{
"idp-id-oidc",
@@ -2327,6 +2348,7 @@ func Test_IDPTemplateTemplatesPrepares(t *testing.T) {
nil,
nil,
nil,
nil,
},
{
"idp-id-jwt",
@@ -2423,6 +2445,7 @@ func Test_IDPTemplateTemplatesPrepares(t *testing.T) {
nil,
nil,
nil,
nil,
},
},
),
@@ -2447,14 +2470,15 @@ func Test_IDPTemplateTemplatesPrepares(t *testing.T) {
IsAutoCreation: true,
IsAutoUpdate: true,
LDAPIDPTemplate: &LDAPIDPTemplate{
IDPID: "idp-id-ldap",
Host: "host",
Port: "port",
TLS: true,
BaseDN: "base",
UserObjectClass: "user",
UserUniqueAttribute: "uid",
Admin: "admin",
IDPID: "idp-id-ldap",
Servers: []string{"server"},
StartTLS: true,
BaseDN: "base",
BindDN: "dn",
UserBase: "user",
UserObjectClasses: []string{"object"},
UserFilters: []string{"filter"},
Timeout: time.Duration(30000000000),
LDAPAttributes: idp.LDAPAttributes{
IDAttribute: "id",
FirstNameAttribute: "first",