improve ldap

2026-04-21 14:40:10 +10:00
parent 4fca10795e
commit 35840697fa
5 changed files with 2 additions and 22 deletions
@@ -80,7 +80,6 @@ type SettingsYML struct {
 		LDAPBindAddress                  string               `yaml:"ldap_bind_address"`
 		LDAPBaseDN                       string               `yaml:"ldap_base_dn"`
 		LDAPUserBaseDN                   string               `yaml:"ldap_user_base_dn"`
-		LDAPGroupBaseDN                  string               `yaml:"ldap_group_base_dn"`
 		LDAPTrustCertFile                string               `yaml:"ldap_trust_cert_file"`
 		LDAPDisableValidation            bool                 `yaml:"ldap_disable_validation"`
 		LDAPInsecure                     bool                 `yaml:"ldap_insecure"`
@@ -287,7 +286,6 @@ func applyDefaultsAndValidateSettings(cfg *SettingsYML) error {
 	s.LDAPBindAddress = strings.TrimSpace(s.LDAPBindAddress)
 	s.LDAPBaseDN = strings.TrimSpace(s.LDAPBaseDN)
 	s.LDAPUserBaseDN = strings.TrimSpace(s.LDAPUserBaseDN)
-	s.LDAPGroupBaseDN = strings.TrimSpace(s.LDAPGroupBaseDN)
 	s.LDAPTrustCertFile = strings.TrimSpace(s.LDAPTrustCertFile)
 	s.LDAPGroups = compactTrimmedStrings(s.LDAPGroups)

@@ -347,9 +345,6 @@ func applyDefaultsAndValidateSettings(cfg *SettingsYML) error {
 	if s.LDAPUserBaseDN == "" {
 		s.LDAPUserBaseDN = s.LDAPBaseDN
 	}
-	if s.LDAPGroupBaseDN == "" {
-		s.LDAPGroupBaseDN = s.LDAPBaseDN
-	}
 	if len(s.AuthGroupRoleMappings) == 0 {
 		return errors.New("settings.auth_group_role_mappings must define at least one mapping when settings.auth_enabled=true")
 	}
@@ -196,9 +196,6 @@ func TestReadYMLSettingsAcceptsValidAuthConfigAndNormalizesMappings(t *testing.T
 	if got.LDAPUserBaseDN != "dc=example,dc=com" {
 		t.Fatalf("expected default ldap_user_base_dn to fall back to ldap_base_dn, got %q", got.LDAPUserBaseDN)
 	}
-	if got.LDAPGroupBaseDN != "dc=example,dc=com" {
-		t.Fatalf("expected default ldap_group_base_dn to fall back to ldap_base_dn, got %q", got.LDAPGroupBaseDN)
-	}
 	if got.AuthGroupRoleMappings["cn=vctp-admins,ou=groups,dc=example,dc=com"] != authRoleAdmin {
 		t.Fatalf("expected admin mapping to normalize role to %q, got %#v", authRoleAdmin, got.AuthGroupRoleMappings)
 	}