mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-12-22 12:54:53 -05:00
Add option to use paged LDAP search when synchronizing users (#3895)
This commit is contained in:
parent
7467ff3d94
commit
501fb228e6
7 changed files with 59 additions and 2 deletions
|
@ -25,6 +25,8 @@ type AuthenticationForm struct {
|
||||||
AttributeSurname string
|
AttributeSurname string
|
||||||
AttributeMail string
|
AttributeMail string
|
||||||
AttributesInBind bool
|
AttributesInBind bool
|
||||||
|
UsePagedSearch bool
|
||||||
|
SearchPageSize int
|
||||||
Filter string
|
Filter string
|
||||||
AdminFilter string
|
AdminFilter string
|
||||||
IsActive bool
|
IsActive bool
|
||||||
|
|
|
@ -42,6 +42,7 @@ type Source struct {
|
||||||
AttributeSurname string // Surname attribute
|
AttributeSurname string // Surname attribute
|
||||||
AttributeMail string // E-mail attribute
|
AttributeMail string // E-mail attribute
|
||||||
AttributesInBind bool // fetch attributes in bind context (not user)
|
AttributesInBind bool // fetch attributes in bind context (not user)
|
||||||
|
SearchPageSize uint32 // Search with paging page size
|
||||||
Filter string // Query filter to validate entry
|
Filter string // Query filter to validate entry
|
||||||
AdminFilter string // Query filter to check if user is admin
|
AdminFilter string // Query filter to check if user is admin
|
||||||
Enabled bool // if this source is disabled
|
Enabled bool // if this source is disabled
|
||||||
|
@ -269,6 +270,11 @@ func (ls *Source) SearchEntry(name, passwd string, directBind bool) *SearchResul
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// UsePagedSearch returns if need to use paged search
|
||||||
|
func (ls *Source) UsePagedSearch() bool {
|
||||||
|
return ls.SearchPageSize > 0
|
||||||
|
}
|
||||||
|
|
||||||
// SearchEntries : search an LDAP source for all users matching userFilter
|
// SearchEntries : search an LDAP source for all users matching userFilter
|
||||||
func (ls *Source) SearchEntries() []*SearchResult {
|
func (ls *Source) SearchEntries() []*SearchResult {
|
||||||
l, err := dial(ls)
|
l, err := dial(ls)
|
||||||
|
@ -298,7 +304,12 @@ func (ls *Source) SearchEntries() []*SearchResult {
|
||||||
[]string{ls.AttributeUsername, ls.AttributeName, ls.AttributeSurname, ls.AttributeMail},
|
[]string{ls.AttributeUsername, ls.AttributeName, ls.AttributeSurname, ls.AttributeMail},
|
||||||
nil)
|
nil)
|
||||||
|
|
||||||
sr, err := l.Search(search)
|
var sr *ldap.SearchResult
|
||||||
|
if ls.UsePagedSearch() {
|
||||||
|
sr, err = l.SearchWithPaging(search, ls.SearchPageSize)
|
||||||
|
} else {
|
||||||
|
sr, err = l.Search(search)
|
||||||
|
}
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Error(4, "LDAP Search failed unexpectedly! (%v)", err)
|
log.Error(4, "LDAP Search failed unexpectedly! (%v)", err)
|
||||||
return nil
|
return nil
|
||||||
|
|
|
@ -1352,6 +1352,8 @@ auths.attribute_name = First Name Attribute
|
||||||
auths.attribute_surname = Surname Attribute
|
auths.attribute_surname = Surname Attribute
|
||||||
auths.attribute_mail = Email Attribute
|
auths.attribute_mail = Email Attribute
|
||||||
auths.attributes_in_bind = Fetch Attributes in Bind DN Context
|
auths.attributes_in_bind = Fetch Attributes in Bind DN Context
|
||||||
|
auths.use_paged_search = Use paged search
|
||||||
|
auths.search_page_size = Page size
|
||||||
auths.filter = User Filter
|
auths.filter = User Filter
|
||||||
auths.admin_filter = Admin Filter
|
auths.admin_filter = Admin Filter
|
||||||
auths.ms_ad_sa = MS AD Search Attributes
|
auths.ms_ad_sa = MS AD Search Attributes
|
||||||
|
|
|
@ -1138,6 +1138,16 @@ function initAdmin() {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function onUsePagedSearchChange() {
|
||||||
|
if ($('#use_paged_search').prop('checked')) {
|
||||||
|
$('.search-page-size').show()
|
||||||
|
.find('input').attr('required', 'required');
|
||||||
|
} else {
|
||||||
|
$('.search-page-size').hide()
|
||||||
|
.find('input').removeAttr('required');
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
function onOAuth2Change() {
|
function onOAuth2Change() {
|
||||||
$('.open_id_connect_auto_discovery_url, .oauth2_use_custom_url').hide();
|
$('.open_id_connect_auto_discovery_url, .oauth2_use_custom_url').hide();
|
||||||
$('.open_id_connect_auto_discovery_url input[required]').removeAttr('required');
|
$('.open_id_connect_auto_discovery_url input[required]').removeAttr('required');
|
||||||
|
@ -1191,7 +1201,7 @@ function initAdmin() {
|
||||||
// New authentication
|
// New authentication
|
||||||
if ($('.admin.new.authentication').length > 0) {
|
if ($('.admin.new.authentication').length > 0) {
|
||||||
$('#auth_type').change(function () {
|
$('#auth_type').change(function () {
|
||||||
$('.ldap, .dldap, .smtp, .pam, .oauth2, .has-tls').hide();
|
$('.ldap, .dldap, .smtp, .pam, .oauth2, .has-tls .search-page-size').hide();
|
||||||
|
|
||||||
$('.ldap input[required], .dldap input[required], .smtp input[required], .pam input[required], .oauth2 input[required], .has-tls input[required]').removeAttr('required');
|
$('.ldap input[required], .dldap input[required], .smtp input[required], .pam input[required], .oauth2 input[required], .has-tls input[required]').removeAttr('required');
|
||||||
|
|
||||||
|
@ -1223,9 +1233,13 @@ function initAdmin() {
|
||||||
if (authType == '2' || authType == '5') {
|
if (authType == '2' || authType == '5') {
|
||||||
onSecurityProtocolChange()
|
onSecurityProtocolChange()
|
||||||
}
|
}
|
||||||
|
if (authType == '2') {
|
||||||
|
onUsePagedSearchChange();
|
||||||
|
}
|
||||||
});
|
});
|
||||||
$('#auth_type').change();
|
$('#auth_type').change();
|
||||||
$('#security_protocol').change(onSecurityProtocolChange);
|
$('#security_protocol').change(onSecurityProtocolChange);
|
||||||
|
$('#use_paged_search').change(onUsePagedSearchChange);
|
||||||
$('#oauth2_provider').change(onOAuth2Change);
|
$('#oauth2_provider').change(onOAuth2Change);
|
||||||
$('#oauth2_use_custom_url').change(onOAuth2UseCustomURLChange);
|
$('#oauth2_use_custom_url').change(onOAuth2UseCustomURLChange);
|
||||||
}
|
}
|
||||||
|
@ -1234,6 +1248,9 @@ function initAdmin() {
|
||||||
var authType = $('#auth_type').val();
|
var authType = $('#auth_type').val();
|
||||||
if (authType == '2' || authType == '5') {
|
if (authType == '2' || authType == '5') {
|
||||||
$('#security_protocol').change(onSecurityProtocolChange);
|
$('#security_protocol').change(onSecurityProtocolChange);
|
||||||
|
if (authType == '2') {
|
||||||
|
$('#use_paged_search').change(onUsePagedSearchChange);
|
||||||
|
}
|
||||||
} else if (authType == '6') {
|
} else if (authType == '6') {
|
||||||
$('#oauth2_provider').change(onOAuth2Change);
|
$('#oauth2_provider').change(onOAuth2Change);
|
||||||
$('#oauth2_use_custom_url').change(onOAuth2UseCustomURLChange);
|
$('#oauth2_use_custom_url').change(onOAuth2UseCustomURLChange);
|
||||||
|
|
|
@ -91,6 +91,10 @@ func NewAuthSource(ctx *context.Context) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func parseLDAPConfig(form auth.AuthenticationForm) *models.LDAPConfig {
|
func parseLDAPConfig(form auth.AuthenticationForm) *models.LDAPConfig {
|
||||||
|
var pageSize uint32
|
||||||
|
if form.UsePagedSearch {
|
||||||
|
pageSize = uint32(form.SearchPageSize)
|
||||||
|
}
|
||||||
return &models.LDAPConfig{
|
return &models.LDAPConfig{
|
||||||
Source: &ldap.Source{
|
Source: &ldap.Source{
|
||||||
Name: form.Name,
|
Name: form.Name,
|
||||||
|
@ -107,6 +111,7 @@ func parseLDAPConfig(form auth.AuthenticationForm) *models.LDAPConfig {
|
||||||
AttributeSurname: form.AttributeSurname,
|
AttributeSurname: form.AttributeSurname,
|
||||||
AttributeMail: form.AttributeMail,
|
AttributeMail: form.AttributeMail,
|
||||||
AttributesInBind: form.AttributesInBind,
|
AttributesInBind: form.AttributesInBind,
|
||||||
|
SearchPageSize: pageSize,
|
||||||
Filter: form.Filter,
|
Filter: form.Filter,
|
||||||
AdminFilter: form.AdminFilter,
|
AdminFilter: form.AdminFilter,
|
||||||
Enabled: true,
|
Enabled: true,
|
||||||
|
|
|
@ -91,6 +91,16 @@
|
||||||
<input id="attribute_mail" name="attribute_mail" value="{{$cfg.AttributeMail}}" placeholder="e.g. mail" required>
|
<input id="attribute_mail" name="attribute_mail" value="{{$cfg.AttributeMail}}" placeholder="e.g. mail" required>
|
||||||
</div>
|
</div>
|
||||||
{{if .Source.IsLDAP}}
|
{{if .Source.IsLDAP}}
|
||||||
|
<div class="inline field">
|
||||||
|
<div class="ui checkbox">
|
||||||
|
<label for="use_paged_search"><strong>{{.i18n.Tr "admin.auths.use_paged_search"}}</strong></label>
|
||||||
|
<input id="use_paged_search" name="use_paged_search" type="checkbox" {{if $cfg.UsePagedSearch}}checked{{end}}>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="field required search-page-size{{if not $cfg.UsePagedSearch}} hide{{end}}">
|
||||||
|
<label for="search_page_size">{{.i18n.Tr "admin.auths.search_page_size"}}</label>
|
||||||
|
<input id="search_page_size" name="search_page_size" value="{{if $cfg.UsePagedSearch}}{{$cfg.SearchPageSize}}{{end}}">
|
||||||
|
</div>
|
||||||
<div class="inline field">
|
<div class="inline field">
|
||||||
<div class="ui checkbox">
|
<div class="ui checkbox">
|
||||||
<label><strong>{{.i18n.Tr "admin.auths.attributes_in_bind"}}</strong></label>
|
<label><strong>{{.i18n.Tr "admin.auths.attributes_in_bind"}}</strong></label>
|
||||||
|
|
|
@ -62,4 +62,14 @@
|
||||||
<label for="attribute_mail">{{.i18n.Tr "admin.auths.attribute_mail"}}</label>
|
<label for="attribute_mail">{{.i18n.Tr "admin.auths.attribute_mail"}}</label>
|
||||||
<input id="attribute_mail" name="attribute_mail" value="{{.attribute_mail}}" placeholder="e.g. mail">
|
<input id="attribute_mail" name="attribute_mail" value="{{.attribute_mail}}" placeholder="e.g. mail">
|
||||||
</div>
|
</div>
|
||||||
|
<div class="ldap inline field {{if not (eq .type 2)}}hide{{end}}">
|
||||||
|
<div class="ui checkbox">
|
||||||
|
<label for="use_paged_search"><strong>{{.i18n.Tr "admin.auths.use_paged_search"}}</strong></label>
|
||||||
|
<input id="use_paged_search" name="use_paged_search" class="use-paged-search" type="checkbox" {{if .use_paged_search}}checked{{end}}>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="ldap field search-page-size required {{if or (not (eq .type 2)) (not .use_paged_search)}}hide{{end}}">
|
||||||
|
<label for="search_page_size">{{.i18n.Tr "admin.auths.search_page_size"}}</label>
|
||||||
|
<input id="search_page_size" name="search_page_size" value="{{.search_page_size}}">
|
||||||
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
Loading…
Reference in a new issue