third_party
/
gitea
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

LDAP via simple auth separate bind user and search base (#5055)

Browse Source
tokarchuk/v1.17
Tony Homrich 6 years ago committed by techknowlogick
parent 6e20b504b1
commit 2058c362a8
4 changed files with 37 additions and 17 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 40
      modules/auth/ldap/ldap.go
  2. 6
      public/js/index.js
  3. 6
      templates/admin/auth/edit.tmpl
  4. 2
      templates/admin/auth/source/ldap.tmpl

40
modules/auth/ldap/ldap.go
Unescape View File

@ -83,16 +83,6 @@ func (ls *Source) sanitizedUserDN(username string) (string, bool) {
func (ls *Source) findUserDN(l *ldap.Conn, name string) (string, bool) { func (ls *Source) findUserDN(l *ldap.Conn, name string) (string, bool) {
log.Trace("Search for LDAP user: %s", name) log.Trace("Search for LDAP user: %s", name)
if ls.BindDN != "" && ls.BindPassword != "" {
err := l.Bind(ls.BindDN, ls.BindPassword)
if err != nil {
log.Debug("Failed to bind as BindDN[%s]: %v", ls.BindDN, err)
return "", false
}
log.Trace("Bound as BindDN %s", ls.BindDN)
} else {
log.Trace("Proceeding with anonymous LDAP search.")
}
// A search for the user. // A search for the user.
userFilter, ok := ls.sanitizedUserQuery(name) userFilter, ok := ls.sanitizedUserQuery(name)
@ -203,20 +193,48 @@ func (ls *Source) SearchEntry(name, passwd string, directBind bool) *SearchResul
var ok bool var ok bool
userDN, ok = ls.sanitizedUserDN(name) userDN, ok = ls.sanitizedUserDN(name)
if !ok { if !ok {
return nil return nil
} }
err = bindUser(l, userDN, passwd)
if err != nil {
return nil
}
if ls.UserBase != "" {
// not everyone has a CN compatible with input name so we need to find
// the real userDN in that case
userDN, ok = ls.findUserDN(l, name)
if !ok {
return nil
}
}
} else { } else {
log.Trace("LDAP will use BindDN.") log.Trace("LDAP will use BindDN.")
var found bool var found bool
if ls.BindDN != "" && ls.BindPassword != "" {
err := l.Bind(ls.BindDN, ls.BindPassword)
if err != nil {
log.Debug("Failed to bind as BindDN[%s]: %v", ls.BindDN, err)
return nil
}
log.Trace("Bound as BindDN %s", ls.BindDN)
} else {
log.Trace("Proceeding with anonymous LDAP search.")
}
userDN, found = ls.findUserDN(l, name) userDN, found = ls.findUserDN(l, name)
if !found { if !found {
return nil return nil
} }
} }
if directBind || !ls.AttributesInBind { if !ls.AttributesInBind {
// binds user (checking password) before looking-up attributes in user context // binds user (checking password) before looking-up attributes in user context
err = bindUser(l, userDN, passwd) err = bindUser(l, userDN, passwd)
if err != nil { if err != nil {

6
public/js/index.js
Unescape View File

@ -1415,13 +1415,15 @@ function initAdmin() {
$('#auth_type').change(function () { $('#auth_type').change(function () {
$('.ldap, .dldap, .smtp, .pam, .oauth2, .has-tls .search-page-size').hide(); $('.ldap, .dldap, .smtp, .pam, .oauth2, .has-tls .search-page-size').hide();
$('.ldap input[required], .dldap input[required], .smtp input[required], .pam input[required], .oauth2 input[required], .has-tls input[required]').removeAttr('required'); $('.ldap input[required], .binddnrequired input[required], .dldap input[required], .smtp input[required], .pam input[required], .oauth2 input[required], .has-tls input[required]').removeAttr('required');
$('.binddnrequired').removeClass("required");
var authType = $(this).val(); var authType = $(this).val();
switch (authType) { switch (authType) {
case '2': // LDAP case '2': // LDAP
$('.ldap').show(); $('.ldap').show();
$('.ldap div.required:not(.dldap) input').attr('required', 'required'); $('.binddnrequired input, .ldap div.required:not(.dldap) input').attr('required', 'required');
$('.binddnrequired').addClass("required");
break; break;
case '3': // SMTP case '3': // SMTP
$('.smtp').show(); $('.smtp').show();

6
templates/admin/auth/edit.tmpl
Unescape View File

@ -55,11 +55,11 @@
<input id="bind_password" name="bind_password" type="password" value="{{$cfg.BindPassword}}"> <input id="bind_password" name="bind_password" type="password" value="{{$cfg.BindPassword}}">
<p class="help text red">{{.i18n.Tr "admin.auths.bind_password_helper"}}</p> <p class="help text red">{{.i18n.Tr "admin.auths.bind_password_helper"}}</p>
</div> </div>
<div class="required field"> {{end}}
<div class="{{if .Source.IsLDAP}}required{{end}} field">
<label for="user_base">{{.i18n.Tr "admin.auths.user_base"}}</label> <label for="user_base">{{.i18n.Tr "admin.auths.user_base"}}</label>
<input id="user_base" name="user_base" value="{{$cfg.UserBase}}" placeholder="e.g. ou=Users,dc=mydomain,dc=com" required> <input id="user_base" name="user_base" value="{{$cfg.UserBase}}" placeholder="e.g. ou=Users,dc=mydomain,dc=com" required>
</div> </div>
{{end}}
{{if .Source.IsDLDAP}} {{if .Source.IsDLDAP}}
<div class="required field"> <div class="required field">
<label for="user_dn">{{.i18n.Tr "admin.auths.user_dn"}}</label> <label for="user_dn">{{.i18n.Tr "admin.auths.user_dn"}}</label>

2
templates/admin/auth/source/ldap.tmpl
Unescape View File

@ -30,7 +30,7 @@
<input id="bind_password" name="bind_password" type="password" value="{{.bind_password}}"> <input id="bind_password" name="bind_password" type="password" value="{{.bind_password}}">
<p class="help text red">{{.i18n.Tr "admin.auths.bind_password_helper"}}</p> <p class="help text red">{{.i18n.Tr "admin.auths.bind_password_helper"}}</p>
</div> </div>
<div class="ldap required field {{if not (eq .type 2)}}hide{{end}}"> <div class="binddnrequired {{if (eq .type 2)}}required{{end}} field">
<label for="user_base">{{.i18n.Tr "admin.auths.user_base"}}</label> <label for="user_base">{{.i18n.Tr "admin.auths.user_base"}}</label>
<input id="user_base" name="user_base" value="{{.user_base}}" placeholder="e.g. ou=Users,dc=mydomain,dc=com"> <input id="user_base" name="user_base" value="{{.user_base}}" placeholder="e.g. ou=Users,dc=mydomain,dc=com">
</div> </div>

Write Preview
Loading…
Cancel
Save