Merge branch 'develop' into dependabot/go_modules/develop/github.com/go-git/go-git/v5-5.18.0

Author: marle3003

config/dynamic/parse.go

@@ -69,7 +69,7 @@ func parse(c *Config) (interface{}, error) {
 		result, err = parseYaml(b, result)
 	case ".json":
 		result, err = parseJson(b, result)
-	case ".lua", ".js", ".cjs", ".mjs", ".ts":
+	case ".lua", ".js", ".cjs", ".mjs", ".ts", ".ldif":
 		result = string(b)
 	default:
 		// try parse from JSON and YAML

examples/mail/package-lock.json

@@ -1,5 +1,5 @@
 {
   "dependencies": {
-    "nodemailer": "^7.0.11"
+    "nodemailer": "^8.0.5"
   }
 }

examples/mail/package.json

@@ -110,6 +110,18 @@ func TestLdif_Parse(t *testing.T) {
 				}, ld.Records[0])
 			},
 		},
+		{
+			name:  "comment",
+			input: "dn: dc=mokapi, dc=io\n# line 1\n line 2\nfoo: bar",
+			test: func(t *testing.T, ld *Ldif, err error) {
+				require.NoError(t, err)
+				require.Len(t, ld.Records, 1)
+				require.Equal(t, &AddRecord{
+					Dn:         "dc=mokapi, dc=io",
+					Attributes: map[string][]string{"foo": {"bar"}},
+				}, ld.Records[0])
+			},
+		},
 		{
 			name:  "version set",
 			input: "version: 1\ndn: dc=mokapi, dc=io",

providers/directory/config_ldif_test.go

@@ -63,9 +63,6 @@ func (l *Ldif) Parse(config *dynamic.Config, reader dynamic.Reader) error {
 			}
 			continue
 		}
-		if line[0] == '#' || line[0] == '-' {
-			continue
-		}
 
 		if isMultiLine(i + 1) {
 			parsedLine += trim(line)
@@ -75,6 +72,10 @@ func (l *Ldif) Parse(config *dynamic.Config, reader dynamic.Reader) error {
 			parsedLine = ""
 		}
 
+		if line[0] == '#' || line[0] == '-' {
+			continue
+		}
+
 		kv := strings.SplitN(line, ":", 2)
 		if len(kv) != 2 {
 			return fmt.Errorf("invalid line %v: %s", i, line)

providers/directory/ldif.go

@@ -22,6 +22,48 @@ import (
 
 type predicate func(entry Entry) bool
 
+func guidFromBytes(b []byte) string {
+	return fmt.Sprintf("%08x-%04x-%04x-%02x%02x-%x",
+		binary.LittleEndian.Uint32(b[0:4]),
+		binary.LittleEndian.Uint16(b[4:6]),
+		binary.LittleEndian.Uint16(b[6:8]),
+		b[8], b[9],
+		b[10:16],
+	)
+}
+
+func updateBaseDnForGuidIfNeeded(msg *ldap.SearchRequest, e *Entry) {
+	binGuid, ok := e.Attributes["objectGUID"]
+	if !ok || len(binGuid) == 0 {
+		return
+	}
+	msgGuid := msg.BaseDN[6 : len(msg.BaseDN)-1]
+	if guidFromBytes([]byte(binGuid[0])) != msgGuid {
+		return
+	}
+	log.Infof("Attributes: %+v", guidFromBytes([]byte(e.Attributes["objectGUID"][0])))
+	msg.BaseDN = e.Dn
+}
+
+var matchingRules = map[string]string{
+	"1.3.6.1.4.1.1466.115.121.1.38": "objectIdentifierMatch",
+	"1.3.6.1.4.1.1466.115.121.1.15": "caseIgnoreMatch",
+	"1.3.6.1.4.1.1466.115.121.1.26": "caseExactMatch",
+	"1.3.6.1.4.1.1466.115.121.1.7":  "booleanMatch",
+	"1.3.6.1.4.1.1466.115.121.1.27": "integerMatch",
+	"1.3.6.1.4.1.1466.115.121.1.12": "distinguishedNameMatch",
+	"1.3.6.1.4.1.1466.115.121.1.24": "generalizedTimeMatch",
+	"1.3.6.1.4.1.1466.115.121.1.5":  "octetStringMatch",
+}
+
+func inferMatchingRule(syntaxOID string) string {
+	if v, ok := matchingRules[syntaxOID]; ok {
+		return v
+	}
+	return "caseExactMatch"
+}
+
+
 func (d *Directory) serveSearch(rw ldap.ResponseWriter, r *ldap.Request) {
 	msg := r.Message.(*ldap.SearchRequest)
 	m, doMonitor := monitor.LdapFromContext(r.Context)
@@ -69,6 +111,10 @@ func (d *Directory) serveSearch(rw ldap.ResponseWriter, r *ldap.Request) {
 
 			switch msg.Scope {
 			case ldap.ScopeBaseObject:
+				// handle Active Directory extended DN (see MS-ADTS for details)
+				if strings.HasPrefix(msg.BaseDN, "<GUID=") {
+					updateBaseDnForGuidIfNeeded(msg, &e)
+				}
 				if e.Dn != msg.BaseDN {
 					continue
 				}
@@ -80,6 +126,10 @@ func (d *Directory) serveSearch(rw ldap.ResponseWriter, r *ldap.Request) {
 				if dn := strings.Join(parts[1:], ","); dn != msg.BaseDN {
 					continue
 				}
+			case ldap.ScopeWholeSubtree:
+				if !strings.HasSuffix(strings.ToLower(e.Dn), strings.ToLower(msg.BaseDN)) {
+					continue
+				}
 			}
 			if d.skip(&e, msg.BaseDN) {
 				continue
@@ -343,6 +393,9 @@ func (p *parser) equal(name, value string) (predicate, error) {
 	if p.s != nil {
 		t, ok := p.s.AttributeTypes[name]
 		if ok {
+			if t.Equality == "" {
+				t.Equality = inferMatchingRule(t.Syntax)
+			}
 			switch t.Equality {
 			case "caseIgnoreMatch", "2.5.13.2":
 				f = func(s string) bool {

providers/directory/search.go

@@ -431,6 +431,32 @@ attributeTypes: ( 1.2.3.4.5.6.7.8 NAME 'objectSid' DESC 'objectSid' EQUALITY act
 				require.Equal(t, "ldap: filter syntax error: invalid SID 'S-1-5-21-foo-1234567890-1234567890-1001': invalid uint value 'foo' at position: 3", log.Entries[1].Message)
 			},
 		},
+		{
+			name:  "no EQUALITY specified",
+			input: `{ "files": [ "./schema.ldif", "./users.ldif" ] }`,
+			reader: &dynamictest.Reader{Data: map[string]*dynamic.Config{
+				"file:/schema.ldif": {Raw: []byte(`
+dn: 
+subschemaSubentry: cn=schema
+
+dn: cn=schema
+attributeTypes: ( 2.5.4.3 NAME 'cn' DESC 'Common Name' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+`)},
+				"file:/users.ldif": {Raw: []byte("dn: cn=user\ncn: UsEr")},
+			}},
+			test: func(t *testing.T, h ldap.Handler, _ *test.Hook, err error) {
+				require.NoError(t, err)
+
+				rr := ldaptest.NewRecorder()
+				h.ServeLDAP(rr, ldaptest.NewRequest(0, &ldap.SearchRequest{
+					Scope:  ldap.ScopeWholeSubtree,
+					Filter: "(cn=user)",
+				}))
+				res := rr.Message.(*ldap.SearchResponse)
+
+				require.Len(t, res.Results, 1)
+			},
+		},
 	}
 
 	for _, tc := range testcases {
@@ -609,6 +635,37 @@ func TestSearch(t *testing.T) {
 				require.Len(t, res.Results, 1)
 			},
 		},
+		{
+			name:  "scope whole subtree",
+			input: `{ "files": [ "./users.ldif" ] }`,
+			reader: &dynamictest.Reader{Data: map[string]*dynamic.Config{
+				"file:/users.ldif": {Raw: []byte(`
+dn: cn=user
+
+dn: id=user1,ou=Sales,dc=example,dc=com
+foo: bar
+
+dn: id=user2,ou=Sales,dc=example,dc=com
+foo: bar
+
+dn: id=user3,ou=Accounting,dc=example,dc=com
+foo: bar
+`)},
+			}},
+			test: func(t *testing.T, h ldap.Handler, err error) {
+				require.NoError(t, err)
+
+				rr := ldaptest.NewRecorder()
+				h.ServeLDAP(rr, ldaptest.NewRequest(0, &ldap.SearchRequest{
+					Scope:  ldap.ScopeWholeSubtree,
+					BaseDN: "ou=Sales,dc=example,dc=com",
+					Filter: "(foo=bar)",
+				}))
+				res := rr.Message.(*ldap.SearchResponse)
+
+				require.Len(t, res.Results, 2)
+			},
+		},
 	}
 
 	t.Parallel()

providers/directory/search_test.go

@@ -52,16 +52,16 @@
     "@rushstack/eslint-patch": "^1.16.1",
     "@types/js-yaml": "^4.0.9",
     "@types/markdown-it-container": "^4.0.0",
-    "@types/node": "^25.5.1",
-    "@vitejs/plugin-vue": "^6.0.5",
+    "@types/node": "^25.6.0",
+    "@vitejs/plugin-vue": "^6.0.6",
     "@vue/eslint-config-prettier": "^10.2.0",
     "@vue/eslint-config-typescript": "^14.7.0",
     "@vue/tsconfig": "^0.9.1",
     "eslint": "^10.2.0",
     "eslint-plugin-vue": "^10.8.0",
     "npm-run-all": "^4.1.5",
-    "prettier": "^3.8.2",
-    "typescript": "~6.0.2",
+    "prettier": "^3.8.3",
+    "typescript": "~6.0.3",
     "vite": "^8.0.8",
     "vue-tsc": "^3.2.6",
     "xml2js": "^0.6.2"