From 4c605f55ac86bef324fa81a762e914e687acfb88 Mon Sep 17 00:00:00 2001 From: Claes Jakobsson Date: Mon, 16 Dec 2019 13:08:47 +0100 Subject: [PATCH] Adds each OrganizationalUnit (OU) from the certificates SubjectDN as a metadata entry in the form org_unit_ when authenticating with cert to facilitate writing dynamic templates using organisational schemes from the certificate itself. --- builtin/credential/cert/path_login.go | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/builtin/credential/cert/path_login.go b/builtin/credential/cert/path_login.go index 3ff6574c697d..acd0c242d898 100644 --- a/builtin/credential/cert/path_login.go +++ b/builtin/credential/cert/path_login.go @@ -106,6 +106,13 @@ func (b *backend) pathLogin(ctx context.Context, req *logical.Request, data *fra Name: clientCerts[0].Subject.CommonName, }, } + + // Add any OU item from SubjectDN + for i, ou := range clientCerts[0].Subject.OrganizationalUnit { + k := fmt.Sprintf("org_unit_%d", i) + auth.Metadata[k] = ou + } + matched.Entry.PopulateTokenAuth(auth) return &logical.Response{