core, providers/ldap: add parent/child groups to api and ldap results#14974
Conversation
✅ Deploy Preview for authentik-docs ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
✅ Deploy Preview for authentik-storybook canceled.
|
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #14974 +/- ##
===========================================
- Coverage 92.78% 70.01% -22.78%
===========================================
Files 818 818
Lines 42199 42218 +19
===========================================
- Hits 39156 29557 -9599
- Misses 3043 12661 +9618
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
|
I'd rather allow filtering groups by their parent. So you'd be able to say |
|
Ah, I didn't see that this was actually meant for the LDAP outpost. In that case, I'll let @BeryJu weigh in |
BeryJu
left a comment
There was a problem hiding this comment.
Lgtm aside from the default, I also wish we could narrow it down from 3 different serializers for groups but alas
7e69e65 to
a67c894
Compare
✅ Deploy Preview for authentik-integrations ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
a67c894 to
9c0326b
Compare
9c0326b to
ce928f1
Compare
@BeryJu Thanks for the review. I've updated the branch with your feedback, retested everything to ensure it still works, and also refreshed some now-outdated documentation to reflect the changes. |
* main: (77 commits) website/integrations: add hass-openid instructions (#14672) core: add updated_at field to user (#15571) root: Add more opencontainer labels to Dockerfiles (#15923) core: bump goauthentik.io/api/v3 from 3.2025064.2 to 3.2025064.3 (#15949) core, providers/ldap: add parent/child groups to api and ldap results (#14974) web: Make Webdriver optional during install. (#15952) core, web: update translations (#15945) packages/django-dramatiq-postgres: fix typo (#15932) web: bump API Client version (#15942) core: fix flow planner checking against wrong user when creating recovery link (#15390) providers/saml: configuration for default NameID Policy (#15109) core: bump boto3 from 1.39.15 to v1.40.1 (#15926) core: bump jsii from 1.112.0 to v1.113.0 (#15927) core: bump argon2-cffi-bindings from 21.2.0 to v25.1.0 (#15925) core: bump aiohttp from 3.12.14 to v3.12.15 (#15924) core: bump opentelemetry-api from 1.35.0 to v1.36.0 (#15928) web/admin: fix variable name (#15934) policies: fix typo (#15933) web: bump @sentry/browser from 9.43.0 to 10.0.0 in /web in the sentry group across 1 directory (#15911) core: bump github.com/prometheus/client_golang from 1.22.0 to 1.23.0 (#15908) ...
Details
Closes #2417
This PR adds a
children/childrenObjfield to the core groups API and amemberOfattribute for LDAP groups. Thememberattribute is also extended to show both users and child groups. Aninclude_childrenparameter is also added to the API, similar toinclude_users/include_groups, to control the inclusion of child groups in responses. Finally, serializers and queries are updated to accommodate these changes.Breaking changes? Since this is my first PR I am unsure if these are considered breaking changes. The core API just gets some additional fields/parameters so I would think not. As for the LDAP outpost changes, the results are again just extended with child groups and listing groups as
memberis expected behaviour IMO.Background: #2417 details how the LDAP results currently don't show parent/child groups. We are currently trying to migrate to authentik from FreeIPA, but we have other systems that depend on getting this information from its LDAP server. This PR would solve the issue for us.
Checklist
ak test authentik/)make lint-fix)If an API change has been made
make gen-build)If changes to the frontend have been madeThe code has been formatted (make web)If applicableThe documentation has been updatedThe documentation has been formatted (make website)