Merge pull request #1740 from BastelBaus/master

added configuration to enable radicale LDAP with Authentik
2025-04-03 21:27:36 +03:00 · 2025-03-25 07:08:15 +01:00 · 2025-03-25 07:08:15 +01:00 · d25786c190
commit d25786c190
parent e0a24b14b4 5d5b12c124
4 changed files with 23 additions and 0 deletions
--- a/DOCUMENTATION.md
+++ b/DOCUMENTATION.md
@ -1060,6 +1060,16 @@ The path to the CA file in pem format which is used to certificate the server ce

 Default:

+##### ldap_ignore_attribute_create_modify_timestamp
+
+_(>= 3.5.1)_
+
+Add modifyTimestamp and createTimestamp to the exclusion list of internal ldap3 client
+so that these schema attributes are not checked. This is needed for Authentik since
+Authentik does not provide these both attributes.
+
+Default: false
+
 ##### dovecot_connection_type = AF_UNIX

 _(>= 3.4.1)_
--- a/3
+++ b/3
@ -74,6 +74,9 @@
 ## Expiration time of caching failed logins in seconds
 #cache_failed_logins_expiry = 90

+# Ignore modifyTimestamp and createTimestamp attributes. Needed if Authentik LDAP server is used. Uncomment then.
+#ldap_ignore_attribute_create_modify_timestamp = true  
+
 # URI to the LDAP server
 #ldap_uri = ldap://localhost

--- a/radicale/auth/ldap.py
+++ b/radicale/auth/ldap.py
@ -63,6 +63,12 @@ class Auth(auth.BaseAuth):
                self.ldap = ldap
            except ImportError as e:
                raise RuntimeError("LDAP authentication requires the ldap3 module") from e
+
+        self._ldap_ignore_attribute_create_modify_timestamp = configuration.get("auth", "ldap_ignore_attribute_create_modify_timestamp")
+        if self._ldap_ignore_attribute_create_modify_timestamp:
+            self.ldap3.utils.config._ATTRIBUTES_EXCLUDED_FROM_CHECK.extend(['createTimestamp', 'modifyTimestamp'])
+            logger.info("auth.ldap_ignore_attribute_create_modify_timestamp applied")
+
        self._ldap_uri = configuration.get("auth", "ldap_uri")
        self._ldap_base = configuration.get("auth", "ldap_base")
        self._ldap_reader_dn = configuration.get("auth", "ldap_reader_dn")
--- a/radicale/config.py
+++ b/radicale/config.py
@ -259,6 +259,10 @@ DEFAULT_CONFIG_SCHEMA: types.CONFIG_SCHEMA = OrderedDict([
            "value": "1",
            "help": "incorrect authentication delay",
            "type": positive_float}),
+        ("ldap_ignore_attribute_create_modify_timestamp", {
+            "value": "false",
+            "help": "Ignore modifyTimestamp and createTimestamp attributes. Need if Authentik LDAP server is used.",
+            "type": bool}),
        ("ldap_uri", {
            "value": "ldap://localhost",
            "help": "URI to the ldap server",