8000 fix(api): bind ldap with DN · ovh/cds@0992931 · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Commit 0992931

Browse files
ELABOUTISamihabnjjj
ELABOUTISamiha
authored and
bnjjj
committed
fix(api): bind ldap with DN
fixes #4479 Ldap auth
1 parent 13a7edf commit 0992931

File tree

1 file changed

+32
-7
lines changed

1 file changed

+32
-7
lines changed

engine/api/auth/ldapclient.go

Lines changed: 32 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -86,7 +86,7 @@ func (c *LDAPClient) openLDAP(options interface{}) error {
8686
return sdk.ErrLDAPConn
8787
}
8888

89-
// Reconnect with TLS
89+
//Reconnect with TLS
9090
err = c.conn.StartTLS(&tls.Config{InsecureSkipVerify: true})
9191
if err != nil {
9292
log.Error("Auth> Cannot start TLS %s : %s", address, err)
@@ -225,6 +225,23 @@ func (c *LDAPClient) Bind(username, password string) error {
225225
return nil
226226
}
227227

228+
//BindDN
229+
func (c *LDAPClient) BindDN(dn, password string) error {
230+
log.Debug("LDAP> Bind DN %s", dn)
231+
if err := c.conn.Bind(dn, password); err != nil {
232+
if !shoudRetry(err) {
233+
return err
234+
}
235+
if err = c.openLDAP(c.conf); err != nil {
236+
return err
237+
}
238+
if err = c.conn.Bind(dn, password); err != nil {
239+
return err
240+
}
241+
}
242+
return nil
243+
}
244+
228245
//Search search
229246
func (c *LDAPClient) Search(filter string, attributes ...string) ([]Entry, error) {
230247
attr := append(attributes, "dn")
@@ -370,15 +387,23 @@ func (c *LDAPClient) searchAndInsertOrUpdateUser(db gorp.SqlExecutor, username s
370387

371388
//Authentify check username and password
372389
func (c *LDAPClient) Authentify(username, password string) (bool, error) {
390+
// Search user
391+
r, err := c.Search("(&(uid=" + username + "))")
392+
if err != nil {
393+
return false, nil
394+
}
395+
373396
//Bind user
374-
if err := c.Bind(username, password); err != nil {
375-
log.Warning("LDAP> Bind error %s %s", username, err)
397+
if r != nil {
398+
if err = c.BindDN(r[0].DN, password); err != nil {
399+
log.Warning("LDAP> Bind error %s %s", username, err)
376400

377-
if !isCredentialError(err) {
378-
return false, err
401+
if !isCredentialError(err) {
402+
return false, err
403+
}
404+
//Try local auth
405+
return c.local.Authentify(username, password)
379406
}
380-
//Try local auth
381-
return c.local.Authentify(username, password)
382407
}
383408

384409
log.Debug("LDAP> Bind successful %s", username)

0 commit comments

Comments
 (0)
0