Closed cowboyd closed 2 years ago
Name | Link |
---|---|
Latest commit | e797e34cebede30aa9b700bf8d2cd367d6bbc5f0 |
Latest deploy log | https://app.netlify.com/sites/simulacrum/deploys/6250430821fb0900094e8611 |
Since this is a breaking change, do we want to do a major bump?
I think we're still in pre-release mode here and pre-1.0 at that, so I think it should be fine. We don't have any clients using this that I am aware of.
I have no idea why I did that.
Probably because LDAP is hard to make any sense of in the first place and getting something working is the first step to having anything nice at all ππ€£π€£. I still have barely a concept of how it works.
Motivation
There are some difficulties integrating the LDAP simulator in with the Backstage processors and providers. The
UserData
that feeds the LDAP server is required to have anid
attribute and anemail
attribute, both of which are not part of any common ldap schema. Furthermore, it does not send common user attributes as part of a search result. So, for example, Backstage (as well as most common LDAP clients), when connecting to an OpenLDAP server, will be looking for both theentryDN
virtual attribute and theentryUUID
attribute. Backstage, for example, usesentryUUID
as the value of the all-importantmetadata.name
Entity field.Approach
This aligns the
user data
with the minimum number of attributes. Sincecn
is used to authenticate, we usecn
in the user data api (also, the LDAP convention for the email field ismail
anyway, and notemail
). This also makes send the thedn
back to the client more straightforward since thedn
is comprised of thecn
,baseDN
.Note that this is a breaking change, and will require user data to be mapped differently for currently running these simulators.
Possible Drawbacks or Risks
There is actually quite a bit of variance in the attribute naming conventions that LDAP servers use, and so there really isn't a "one-size fits all". For example, there really is no guarantee that
entryUUID
is an attribute. I think we can mitigate this by specifying a "vendor" flag to showLearning
There are some good resources for learning LDAP... not something that I'm good at yet, but I was able to come up to basic, basic speed with the following resources:
In the future, it would be nice if we could run an actual open LDAP server embedded in-process using WASM.