Merge pull request #214 from Kartinkin/master

Set replied=0 before search of group dn
main
Valery Komarov 5 years ago committed by GitHub
commit a33b5c5102
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 4
      ngx_http_auth_ldap_module.c

@ -1954,7 +1954,7 @@ ngx_http_auth_ldap_authenticate(ngx_http_request_t *r, ngx_http_auth_ldap_ctx_t
break; break;
case PHASE_CHECK_GROUP: case PHASE_CHECK_GROUP:
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "Checking group", &ctx->user_dn); ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "http_auth_ldap: Checking group", &ctx->user_dn);
rc = ngx_http_auth_ldap_check_group(r, ctx); rc = ngx_http_auth_ldap_check_group(r, ctx);
if (rc == NGX_AGAIN) { if (rc == NGX_AGAIN) {
/* LDAP operation in progress, wait for the results */ /* LDAP operation in progress, wait for the results */
@ -1972,7 +1972,6 @@ ngx_http_auth_ldap_authenticate(ngx_http_request_t *r, ngx_http_auth_ldap_ctx_t
break; break;
case PHASE_CHECK_BIND: case PHASE_CHECK_BIND:
if (ctx->outcome == OUTCOME_UNCERTAIN) { if (ctx->outcome == OUTCOME_UNCERTAIN) {
/* If we're still uncertain when satisfy is 'any' and there /* If we're still uncertain when satisfy is 'any' and there
* is at least one require user/group rule, it means no * is at least one require user/group rule, it means no
@ -2185,6 +2184,7 @@ ngx_http_auth_ldap_check_group(ngx_http_request_t *r, ngx_http_auth_ldap_ctx_t *
return NGX_AGAIN; return NGX_AGAIN;
} }
ctx->replied = 0;
ngx_str_t val; ngx_str_t val;
values = ctx->server->require_group->elts; values = ctx->server->require_group->elts;
if (ngx_http_complex_value(r, &values[ctx->iteration], &val) != NGX_OK) { if (ngx_http_complex_value(r, &values[ctx->iteration], &val) != NGX_OK) {

Loading…
Cancel
Save