fix race condition during ldap initialization (#571)

2025-11-21 16:26:17 +00:00 · 2025-11-20 18:28:20 +01:00
parent d759fc7dc7
commit 907bb0599a
3 changed files with 61 additions and 50 deletions
--- a/internal/config/auth.go
+++ b/internal/config/auth.go
@@ -1,6 +1,7 @@
 package config

 import (
+	"fmt"
 	"log/slog"
 	"regexp"
 	"time"
@@ -125,6 +126,45 @@ type LdapFields struct {
 	GroupMembership string `yaml:"memberof"`
 }

+// getMappingWithDefaults returns a full field mapping for the LDAP provider.
+// If specific fields are not set, the default values are used.
+func (f LdapFields) getMappingWithDefaults() LdapFields {
+	defaultMap := LdapFields{
+		BaseFields: BaseFields{
+			UserIdentifier: "mail",
+			Email:          "mail",
+			Firstname:      "givenName",
+			Lastname:       "sn",
+			Phone:          "telephoneNumber",
+			Department:     "department",
+		},
+		GroupMembership: "memberOf",
+	}
+	if f.UserIdentifier != "" {
+		defaultMap.UserIdentifier = f.UserIdentifier
+	}
+	if f.Email != "" {
+		defaultMap.Email = f.Email
+	}
+	if f.Firstname != "" {
+		defaultMap.Firstname = f.Firstname
+	}
+	if f.Lastname != "" {
+		defaultMap.Lastname = f.Lastname
+	}
+	if f.Phone != "" {
+		defaultMap.Phone = f.Phone
+	}
+	if f.Department != "" {
+		defaultMap.Department = f.Department
+	}
+	if f.GroupMembership != "" {
+		defaultMap.GroupMembership = f.GroupMembership
+	}
+
+	return defaultMap
+}
+
 // LdapProvider contains the configuration for the LDAP connection.
 type LdapProvider struct {
 	// ProviderName is an internal name that is used to distinguish LDAP servers. It must not contain spaces or special characters.
@@ -178,6 +218,19 @@ type LdapProvider struct {
 	LogUserInfo bool `yaml:"log_user_info"`
 }

+// Sanitize checks the LDAP configuration and sets default values for missing fields.
+func (l *LdapProvider) Sanitize() error {
+	l.FieldMap = l.FieldMap.getMappingWithDefaults()
+
+	dn, err := ldap.ParseDN(l.AdminGroupDN)
+	if err != nil {
+		return fmt.Errorf("failed to parse admin group DN: %w", err)
+	}
+	l.ParsedAdminGroupDN = dn
+
+	return nil
+}
+
 // OpenIDConnectProvider contains the configuration for the OpenID Connect provider.
 type OpenIDConnectProvider struct {
 	// ProviderName is an internal name that is used to distinguish oauth endpoints. It must not contain spaces or special characters.