search

datahub-project / datahub

The Metadata Platform for your Data and AI Stack
https://datahubproject.io
Apache License 2.0
9.99k stars 2.96k forks source link

LDAP Ingestion not working for lower-case objectClass definitions (using FreeIPA, for example) #11988

Open nmartineznl opened 3 days ago

nmartineznl commented 3 days ago

Describe the bug While executing LDAP ingestion using FreeIPA, groups are being dropped because objectClass values are in lower-case. Users work because the objectClass value "person" does not contain any capital letter.

FreeIPA user class: objectClass: posixgroup

LDAP code that processes users and groups:

                if (
                    b"inetOrgPerson" in attrs["objectClass"]
                    or b"posixAccount" in attrs["objectClass"]
                    or b"person" in attrs["objectClass"]
                ):
                    yield from self.handle_user(dn, attrs)
                elif (
                    b"posixGroup" in attrs["objectClass"]
                    or b"organizationalUnit" in attrs["objectClass"]
                    or b"groupOfNames" in attrs["objectClass"]
                    or b"group" in attrs["objectClass"]
                ):
                    yield from self.handle_group(dn, attrs)
                else:
                    self.report.report_dropped(dn)

To Reproduce Steps to reproduce the behavior:

  1. Configure LDAP ingestion as documented in https://datahubproject.io/docs/generated/ingestion/sources/ldap/
  2. Configure FreeIPA as the LDAP server
  3. Run the ingestion as documented in: https://datahubproject.io/docs/metadata-ingestion/cli-ingestion/
  4. The report contains all groups in the dropped_dns list and groups are not created.

Expected behavior The dropped_dns should be empty and groups should be created in DataHub.

nmartineznl commented 3 days ago

I belive that for both users and groups processing the comparisson should be case-insensitive