feat(authentication): ldap memberof group search (#5418)

Introduces the concept of group search mode into the LDAP configuration. This also adds the filter and memberof search modes. The full description of these is included in the docs but the filter mode is the same mode as previous which is also the default and recommended value. The memberof mode should only be used by users who are aware of how the concept works as per the docs.

Closes #2161

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>

1 files changed, 20 insertions, 5 deletions

diff --git a/internal/configuration/schema/const.go b/internal/configuration/schema/const.go
index 9c5621c2d..f7575939f 100644
--- a/internal/configuration/schema/const.go
+++ b/internal/configuration/schema/const.go
@@ -78,6 +78,14 @@ const (
 	LDAPImplementationGLAuth = "glauth"
 )
 
+const (
+	// LDAPGroupSearchModeFilter is the string for the filter group search mode.
+	LDAPGroupSearchModeFilter = "filter"
+
+	// LDAPGroupSearchModeMemberOf is the string for the memberOf group search mode.
+	LDAPGroupSearchModeMemberOf = "memberof"
+)
+
 // TOTP Algorithm.
 const (
 	TOTPAlgorithmSHA1   = "SHA1"
@@ -121,11 +129,18 @@ const (
 )
 
 const (
-	ldapAttrMail        = "mail"
-	ldapAttrUserID      = "uid"
-	ldapAttrDisplayName = "displayName"
-	ldapAttrDescription = "description"
-	ldapAttrCommonName  = "cn"
+	ldapGroupSearchModeFilter = "filter"
+)
+
+const (
+	ldapAttrDistinguishedName = "distinguishedName"
+	ldapAttrMail              = "mail"
+	ldapAttrUserID            = "uid"
+	ldapAttrSAMAccountName    = "sAMAccountName"
+	ldapAttrDisplayName       = "displayName"
+	ldapAttrDescription       = "description"
+	ldapAttrCommonName        = "cn"
+	ldapAttrMemberOf          = "memberOf"
 )
 
 // Address Schemes.