diff --git a/modules/auth/auth_form.go b/modules/auth/auth_form.go index 7c452bbc3..8fe07d073 100644 --- a/modules/auth/auth_form.go +++ b/modules/auth/auth_form.go @@ -25,6 +25,8 @@ type AuthenticationForm struct { AttributeSurname string AttributeMail string AttributesInBind bool + UsePagedSearch bool + SearchPageSize int Filter string AdminFilter string IsActive bool diff --git a/modules/auth/ldap/ldap.go b/modules/auth/ldap/ldap.go index bb69f3558..2e2db004f 100644 --- a/modules/auth/ldap/ldap.go +++ b/modules/auth/ldap/ldap.go @@ -42,6 +42,7 @@ type Source struct { AttributeSurname string // Surname attribute AttributeMail string // E-mail attribute AttributesInBind bool // fetch attributes in bind context (not user) + SearchPageSize uint32 // Search with paging page size Filter string // Query filter to validate entry AdminFilter string // Query filter to check if user is admin Enabled bool // if this source is disabled @@ -269,6 +270,11 @@ func (ls *Source) SearchEntry(name, passwd string, directBind bool) *SearchResul } } +// UsePagedSearch returns if need to use paged search +func (ls *Source) UsePagedSearch() bool { + return ls.SearchPageSize > 0 +} + // SearchEntries : search an LDAP source for all users matching userFilter func (ls *Source) SearchEntries() []*SearchResult { l, err := dial(ls) @@ -298,7 +304,12 @@ func (ls *Source) SearchEntries() []*SearchResult { []string{ls.AttributeUsername, ls.AttributeName, ls.AttributeSurname, ls.AttributeMail}, nil) - sr, err := l.Search(search) + var sr *ldap.SearchResult + if ls.UsePagedSearch() { + sr, err = l.SearchWithPaging(search, ls.SearchPageSize) + } else { + sr, err = l.Search(search) + } if err != nil { log.Error(4, "LDAP Search failed unexpectedly! (%v)", err) return nil diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini index 379da8aab..0e274fab0 100644 --- a/options/locale/locale_en-US.ini +++ b/options/locale/locale_en-US.ini @@ -1352,6 +1352,8 @@ auths.attribute_name = First Name Attribute auths.attribute_surname = Surname Attribute auths.attribute_mail = Email Attribute auths.attributes_in_bind = Fetch Attributes in Bind DN Context +auths.use_paged_search = Use paged search +auths.search_page_size = Page size auths.filter = User Filter auths.admin_filter = Admin Filter auths.ms_ad_sa = MS AD Search Attributes diff --git a/public/js/index.js b/public/js/index.js index f1d308457..dc473b6f3 100644 --- a/public/js/index.js +++ b/public/js/index.js @@ -1138,6 +1138,16 @@ function initAdmin() { } } + function onUsePagedSearchChange() { + if ($('#use_paged_search').prop('checked')) { + $('.search-page-size').show() + .find('input').attr('required', 'required'); + } else { + $('.search-page-size').hide() + .find('input').removeAttr('required'); + } + } + function onOAuth2Change() { $('.open_id_connect_auto_discovery_url, .oauth2_use_custom_url').hide(); $('.open_id_connect_auto_discovery_url input[required]').removeAttr('required'); @@ -1191,7 +1201,7 @@ function initAdmin() { // New authentication if ($('.admin.new.authentication').length > 0) { $('#auth_type').change(function () { - $('.ldap, .dldap, .smtp, .pam, .oauth2, .has-tls').hide(); + $('.ldap, .dldap, .smtp, .pam, .oauth2, .has-tls .search-page-size').hide(); $('.ldap input[required], .dldap input[required], .smtp input[required], .pam input[required], .oauth2 input[required], .has-tls input[required]').removeAttr('required'); @@ -1223,9 +1233,13 @@ function initAdmin() { if (authType == '2' || authType == '5') { onSecurityProtocolChange() } + if (authType == '2') { + onUsePagedSearchChange(); + } }); $('#auth_type').change(); $('#security_protocol').change(onSecurityProtocolChange); + $('#use_paged_search').change(onUsePagedSearchChange); $('#oauth2_provider').change(onOAuth2Change); $('#oauth2_use_custom_url').change(onOAuth2UseCustomURLChange); } @@ -1234,6 +1248,9 @@ function initAdmin() { var authType = $('#auth_type').val(); if (authType == '2' || authType == '5') { $('#security_protocol').change(onSecurityProtocolChange); + if (authType == '2') { + $('#use_paged_search').change(onUsePagedSearchChange); + } } else if (authType == '6') { $('#oauth2_provider').change(onOAuth2Change); $('#oauth2_use_custom_url').change(onOAuth2UseCustomURLChange); diff --git a/routers/admin/auths.go b/routers/admin/auths.go index 3915c618b..6f142d797 100644 --- a/routers/admin/auths.go +++ b/routers/admin/auths.go @@ -91,6 +91,10 @@ func NewAuthSource(ctx *context.Context) { } func parseLDAPConfig(form auth.AuthenticationForm) *models.LDAPConfig { + var pageSize uint32 + if form.UsePagedSearch { + pageSize = uint32(form.SearchPageSize) + } return &models.LDAPConfig{ Source: &ldap.Source{ Name: form.Name, @@ -107,6 +111,7 @@ func parseLDAPConfig(form auth.AuthenticationForm) *models.LDAPConfig { AttributeSurname: form.AttributeSurname, AttributeMail: form.AttributeMail, AttributesInBind: form.AttributesInBind, + SearchPageSize: pageSize, Filter: form.Filter, AdminFilter: form.AdminFilter, Enabled: true, diff --git a/templates/admin/auth/edit.tmpl b/templates/admin/auth/edit.tmpl index e3048b218..e4ec3a9f5 100644 --- a/templates/admin/auth/edit.tmpl +++ b/templates/admin/auth/edit.tmpl @@ -91,6 +91,16 @@ {{if .Source.IsLDAP}} +