Add ldap_dn and ldap_groups to user meta-data (elastic/x-pack-elasticsearch#739)
In the LdapRealm, include the user's DN and the list of groups (the DN for each group) in the User object This allows this information to be referenced in templated roles. Closes: elastic/x-pack-elasticsearch#729 Original commit: elastic/x-pack-elasticsearch@065f337109
This commit is contained in:
Tim Vernum
GitHub
parent
cc7a1a821f
commit
3e0f785f0c
|
|
@ -17,6 +17,7 @@ import org.apache.lucene.util.IOUtils;
|
|||
import org.elasticsearch.ElasticsearchTimeoutException;
|
||||
import org.elasticsearch.action.ActionListener;
|
||||
import org.elasticsearch.common.Strings;
|
||||
import org.elasticsearch.common.collect.MapBuilder;
|
||||
import org.elasticsearch.common.settings.Setting;
|
||||
import org.elasticsearch.common.settings.Setting.Property;
|
||||
import org.elasticsearch.common.unit.TimeValue;
|
||||
|
|
@ -167,7 +168,11 @@ public final class LdapRealm extends CachingUsernamePasswordRealm {
|
|||
session.groups(ActionListener.wrap((groups) -> {
|
||||
Set<String> roles = roleMapper.resolveRoles(session.userDn(), groups);
|
||||
IOUtils.close(session);
|
||||
listener.onResponse(new User(username, roles.toArray(Strings.EMPTY_ARRAY)));
|
||||
final Map<String, Object> meta = MapBuilder.<String, Object>newMapBuilder()
|
||||
.put("ldap_dn", session.userDn())
|
||||
.put("ldap_groups", groups)
|
||||
.map();
|
||||
listener.onResponse(new User(username, roles.toArray(Strings.EMPTY_ARRAY), null, null, meta, true));
|
||||
},
|
||||
(e) -> {
|
||||
IOUtils.closeWhileHandlingException(session);
|
||||
|
|
|
|||
|
|
@ -29,11 +29,14 @@ import org.junit.After;
|
|||
import org.junit.Before;
|
||||
|
||||
import java.util.Arrays;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
import static org.elasticsearch.xpack.security.authc.ldap.support.SessionFactory.URLS_SETTING;
|
||||
import static org.hamcrest.Matchers.arrayContaining;
|
||||
import static org.hamcrest.Matchers.contains;
|
||||
import static org.hamcrest.Matchers.containsString;
|
||||
import static org.hamcrest.Matchers.equalTo;
|
||||
import static org.hamcrest.Matchers.hasEntry;
|
||||
import static org.hamcrest.Matchers.instanceOf;
|
||||
import static org.hamcrest.Matchers.is;
|
||||
|
|
@ -86,6 +89,10 @@ public class LdapRealmTests extends LdapTestCase {
|
|||
User user = future.actionGet();
|
||||
assertThat(user, notNullValue());
|
||||
assertThat(user.roles(), arrayContaining("HMS Victory"));
|
||||
assertThat(user.metadata(), notNullValue());
|
||||
assertThat(user.metadata().get("ldap_dn"), equalTo("cn=" + VALID_USERNAME + ",ou=people,o=sevenSeas"));
|
||||
assertThat(user.metadata().get("ldap_groups"), instanceOf(List.class));
|
||||
assertThat((List<?>) user.metadata().get("ldap_groups"), contains("cn=HMS Victory,ou=crews,ou=groups,o=sevenSeas"));
|
||||
}
|
||||
|
||||
public void testAuthenticateOneLevelGroupSearch() throws Exception {
|
||||
|
|
@ -105,6 +112,10 @@ public class LdapRealmTests extends LdapTestCase {
|
|||
User user = future.actionGet();
|
||||
assertThat(user, notNullValue());
|
||||
assertThat("For roles " + Arrays.toString(user.roles()), user.roles(), arrayContaining("HMS Victory"));
|
||||
assertThat(user.metadata(), notNullValue());
|
||||
assertThat(user.metadata().get("ldap_dn"), equalTo("cn=" + VALID_USERNAME + ",ou=people,o=sevenSeas"));
|
||||
assertThat(user.metadata().get("ldap_groups"), instanceOf(List.class));
|
||||
assertThat((List<?>) user.metadata().get("ldap_groups"), contains("cn=HMS Victory,ou=crews,ou=groups,o=sevenSeas"));
|
||||
}
|
||||
|
||||
public void testAuthenticateCaching() throws Exception {
|
||||
|
|
|
|||
Loading…
Reference in New Issue