authentik icon indicating copy to clipboard operation
authentik copied to clipboard
verified publisher icon goauthentik

core, providers/ldap: add parent/child groups to api and ldap results

Open danieladugyan opened this issue 6 months ago • 2 comments

Details

Closes #2417

This PR adds a children/childrenObj field to the core groups API and a memberOf attribute for LDAP groups. The member attribute is also extended to show both users and child groups. An include_children parameter is also added to the API, similar to include_users/include_groups, to control the inclusion of child groups in responses. Finally, serializers and queries are updated to accommodate these changes.

Breaking changes? Since this is my first PR I am unsure if these are considered breaking changes. The core API just gets some additional fields/parameters so I would think not. As for the LDAP outpost changes, the results are again just extended with child groups and listing groups as member is expected behaviour IMO.

Background: #2417 details how the LDAP results currently don't show parent/child groups. We are currently trying to migrate to authentik from FreeIPA, but we have other systems that depend on getting this information from its LDAP server. This PR would solve the issue for us.

Checklist

  • [ ] Local tests pass (ak test authentik/)
  • [x] The code has been formatted (make lint-fix)

If an API change has been made

  • [x] The API schema has been updated (make gen-build)

~If changes to the frontend have been made~

  • [ ] ~The code has been formatted (make web)~

~If applicable~

  • [ ] ~The documentation has been updated~
  • [ ] ~The documentation has been formatted (make website)~

danieladugyan avatar Jun 09 '25 09:06 danieladugyan

Deploy Preview for authentik-docs ready!

Name Link
Latest commit a28f3d5d7bbd9504b243ede14ab46c8af7544f7c
Latest deploy log https://app.netlify.com/projects/authentik-docs/deploys/688f78d673577a0008a7c0e1
Deploy Preview https://deploy-preview-14974--authentik-docs.netlify.app
Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

netlify[bot] avatar Jun 09 '25 09:06 netlify[bot]

Deploy Preview for authentik-storybook canceled.

Name Link
Latest commit a28f3d5d7bbd9504b243ede14ab46c8af7544f7c
Latest deploy log https://app.netlify.com/projects/authentik-storybook/deploys/688f78d67aa547000844c47c

netlify[bot] avatar Jun 09 '25 09:06 netlify[bot]

Codecov Report

Attention: Patch coverage is 78.94737% with 4 lines in your changes missing coverage. Please review.

Project coverage is 70.01%. Comparing base (fad6ac7) to head (7e69e65). Report is 92 commits behind head on main.

Files with missing lines Patch % Lines
authentik/core/api/groups.py 78.94% 4 Missing :warning:

:exclamation: There is a different number of reports uploaded between BASE (fad6ac7) and HEAD (7e69e65). Click for more details.

HEAD has 15 uploads less than BASE
Flag BASE (fad6ac7) HEAD (7e69e65)
unit 15 4
e2e 8 4
Additional details and impacted files 
@@             Coverage Diff             @@
##             main   #14974       +/-   ##
===========================================
- Coverage   92.78%   70.01%   -22.78%     
===========================================
  Files         818      818               
  Lines       42199    42218       +19     
===========================================
- Hits        39156    29557     -9599     
- Misses       3043    12661     +9618
Flag Coverage Δ
e2e 44.86% <52.63%> (-2.91%) :arrow_down:
integration 24.43% <0.00%> (-0.02%) :arrow_down:
unit 66.91% <78.94%> (-23.76%) :arrow_down:

Flags with carried forward coverage won't be shown. Click here to find out more.

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

:rocket: New features to boost your workflow:
  • :package: JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

codecov[bot] avatar Jun 17 '25 14:06 codecov[bot]

I'd rather allow filtering groups by their parent. So you'd be able to say /api/v3/core/groups/?parent=123 Adding a children attribute to the response makes it look like it might include all children recursively, which this PR doesn't do.

rissson avatar Jun 18 '25 11:06 rissson

Ah, I didn't see that this was actually meant for the LDAP outpost. In that case, I'll let @BeryJu weigh in

rissson avatar Jun 18 '25 11:06 rissson

Deploy Preview for authentik-integrations ready!

Name Link
Latest commit a28f3d5d7bbd9504b243ede14ab46c8af7544f7c
Latest deploy log https://app.netlify.com/projects/authentik-integrations/deploys/688f78d6a6d0de0008976da6
Deploy Preview https://deploy-preview-14974--authentik-integrations.netlify.app
Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

netlify[bot] avatar Aug 03 '25 08:08 netlify[bot]

Lgtm aside from the default, I also wish we could narrow it down from 3 different serializers for groups but alas

@BeryJu Thanks for the review. I've updated the branch with your feedback, retested everything to ensure it still works, and also refreshed some now-outdated documentation to reflect the changes.

danieladugyan avatar Aug 03 '25 15:08 danieladugyan