Nested custom attributes handled inconsistently in LDAP property mapper #7088
Description
Describe the bug
I would like to migrate from an OpenLDAP + Keycloak setup to Authentik, but I have identified a problem with the LDAP property mapper. The mapper does not handle nested object fields like attributes.firstlevel.secondlevel as expected.
To Reproduce
Steps to reproduce the behavior:
- Configure a LDAP property mapping with a nested object field like
attributes.firstlevel.secondlevel - Let the LDAP sync run
- Check the generated user attributes
Expected behavior
firstlevel:
secondlevel: valueCurrent behaviour
firstlevel.secondlevel: valueThis behaviour is the opposite of how prompts handle nested object fields. A prompt with a configured field key attributes.firstlevel.secondlevel creates a nested yaml structure like described in the "expected behaviour" section above.
This inconsistency makes it difficult to migrate from OpenLDAP to Authentik if a large number of attributes are to be migrated from LDAP to Authentik in a structured way.
Version and Deployment (please complete the following information):
- authentik version: 2023.8.1
- Deployment: docker-compose