third_party
/
gitea
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #915 from Lafriks/dev

Browse Source 
Get username, name, surname and e-mail from LDAP server
tokarchuk/v1.17
无闻 10 years ago
parent 2369881808 00653e52ee
commit cd8b43d984
6 changed files with 75 additions and 44 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 5
      conf/locale/locale_en-US.ini
  2. 3
      models/login.go
  3. 5
      modules/auth/auth_form.go
  4. 48
      modules/auth/ldap/ldap.go
  5. 42
      routers/admin/auths.go
  6. 16
      templates/admin/auth/edit.tmpl

5
conf/locale/locale_en-US.ini
Unescape View File

@ -595,7 +595,10 @@ auths.domain = Domain
auths.host = Host
auths.port = Port
auths.base_dn = Base DN
auths.attributes = Search Attributes
auths.attribute_username = Username attribute
auths.attribute_name = First name attribute
auths.attribute_surname = Surname attribute
auths.attribute_mail = E-mail attribute
auths.filter = Search Filter
auths.ms_ad_sa = Ms Ad SA
auths.smtp_auth = SMTP Authorization Type

3
models/login.go
Unescape View File

@ -231,7 +231,7 @@ func UserSignIn(uname, passwd string) (*User, error) {
// Return the same LoginUserPlain semantic
// FIXME: https://github.com/gogits/gogs/issues/672
func LoginUserLdapSource(u *User, name, passwd string, sourceId int64, cfg *LDAPConfig, autoRegister bool) (*User, error) {
mail, logged := cfg.Ldapsource.SearchEntry(name, passwd)
name, fn, sn, mail, logged := cfg.Ldapsource.SearchEntry(name, passwd)
if !logged {
// User not in LDAP, do nothing
return nil, ErrUserNotExist
@ -247,6 +247,7 @@ func LoginUserLdapSource(u *User, name, passwd string, sourceId int64, cfg *LDAP
u = &User{
Name: name,
FullName: fn + " " + sn,
LoginType: LDAP,
LoginSource: sourceId,
LoginName: name,

5
modules/auth/auth_form.go
Unescape View File

@ -18,7 +18,10 @@ type AuthenticationForm struct {
Port int `form:"port"`
UseSSL bool `form:"usessl"`
BaseDN string `form:"base_dn"`
Attributes string `form:"attributes"`
AttributeUsername string `form:"attribute_username"`
AttributeName string `form:"attribute_name"`
AttributeSurname string `form:"attribute_surname"`
AttributeMail string `form:"attribute_mail"`
Filter string `form:"filter"`
MsAdSA string `form:"ms_ad_sa"`
IsActived bool `form:"is_actived"`

48
modules/auth/ldap/ldap.go
Unescape View File

@ -15,15 +15,18 @@ import (
// Basic LDAP authentication service
type Ldapsource struct {
Name string // canonical name (ie. corporate.ad)
Host string // LDAP host
Port int // port number
UseSSL bool // Use SSL
BaseDN string // Base DN
Attributes string // Attribute to search
Filter string // Query filter to validate entry
MsAdSAFormat string // in the case of MS AD Simple Authen, the format to use (see: http://msdn.microsoft.com/en-us/library/cc223499.aspx)
Enabled bool // if this source is disabled
Name string // canonical name (ie. corporate.ad)
Host string // LDAP host
Port int // port number
UseSSL bool // Use SSL
BaseDN string // Base DN
AttributeUsername string // Username attribute
AttributeName string // First name attribute
AttributeSurname string // Surname attribute
AttributeMail string // E-mail attribute
Filter string // Query filter to validate entry
MsAdSAFormat string // in the case of MS AD Simple Authen, the format to use (see: http://msdn.microsoft.com/en-us/library/cc223499.aspx)
Enabled bool // if this source is disabled
}
//Global LDAP directory pool
@ -32,18 +35,18 @@ var (
)
// Add a new source (LDAP directory) to the global pool
func AddSource(name string, host string, port int, usessl bool, basedn string, attributes string, filter string, msadsaformat string) {
ldaphost := Ldapsource{name, host, port, usessl, basedn, attributes, filter, msadsaformat, true}
func AddSource(name string, host string, port int, usessl bool, basedn string, attribcn string, attribname string, attribsn string, attribmail string, filter string, msadsaformat string) {
ldaphost := Ldapsource{name, host, port, usessl, basedn, attribcn, attribname, attribsn, attribmail, filter, msadsaformat, true}
Authensource = append(Authensource, ldaphost)
}
//LoginUser : try to login an user to LDAP sources, return requested (attribute,true) if ok, ("",false) other wise
//First match wins
//Returns first attribute if exists
func LoginUser(name, passwd string) (a string, r bool) {
func LoginUser(name, passwd string) (cn, fn, sn, mail string, r bool) {
r = false
for _, ls := range Authensource {
a, r = ls.SearchEntry(name, passwd)
cn, fn, sn, mail, r = ls.SearchEntry(name, passwd)
if r {
return
}
@ -52,12 +55,12 @@ func LoginUser(name, passwd string) (a string, r bool) {
}
// searchEntry : search an LDAP source if an entry (name, passwd) is valide and in the specific filter
func (ls Ldapsource) SearchEntry(name, passwd string) (string, bool) {
func (ls Ldapsource) SearchEntry(name, passwd string) (string, string, string, string, bool) {
l, err := ldapDial(ls)
if err != nil {
log.Error(4, "LDAP Connect error, %s:%v", ls.Host, err)
ls.Enabled = false
return "", false
return "", "", "", "", false
}
defer l.Close()
@ -65,26 +68,29 @@ func (ls Ldapsource) SearchEntry(name, passwd string) (string, bool) {
err = l.Bind(nx, passwd)
if err != nil {
log.Debug("LDAP Authan failed for %s, reason: %s", nx, err.Error())
return "", false
return "", "", "", "", false
}
search := ldap.NewSearchRequest(
ls.BaseDN,
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
fmt.Sprintf(ls.Filter, name),
[]string{ls.Attributes},
[]string{ls.AttributeUsername, ls.AttributeName, ls.AttributeSurname, ls.AttributeMail},
nil)
sr, err := l.Search(search)
if err != nil {
log.Debug("LDAP Authen OK but not in filter %s", name)
return "", false
return "", "", "", "", false
}
log.Debug("LDAP Authen OK: %s", name)
if len(sr.Entries) > 0 {
r := sr.Entries[0].GetAttributeValue(ls.Attributes)
return r, true
cn := sr.Entries[0].GetAttributeValue(ls.AttributeUsername)
name := sr.Entries[0].GetAttributeValue(ls.AttributeName)
sn := sr.Entries[0].GetAttributeValue(ls.AttributeSurname)
mail := sr.Entries[0].GetAttributeValue(ls.AttributeMail)
return cn, name, sn, mail, true
}
return "", true
return "", "", "", "", true
}
func ldapDial(ls Ldapsource) (*ldap.Conn, error) {

42
routers/admin/auths.go
Unescape View File

@ -63,15 +63,18 @@ func NewAuthSourcePost(ctx *middleware.Context, form auth.AuthenticationForm) {
case models.LDAP:
u = &models.LDAPConfig{
Ldapsource: ldap.Ldapsource{
Host: form.Host,
Port: form.Port,
UseSSL: form.UseSSL,
BaseDN: form.BaseDN,
Attributes: form.Attributes,
Filter: form.Filter,
MsAdSAFormat: form.MsAdSA,
Enabled: true,
Name: form.AuthName,
Host: form.Host,
Port: form.Port,
UseSSL: form.UseSSL,
BaseDN: form.BaseDN,
AttributeUsername: form.AttributeUsername,
AttributeName: form.AttributeName,
AttributeSurname: form.AttributeSurname,
AttributeMail: form.AttributeMail,
Filter: form.Filter,
MsAdSAFormat: form.MsAdSA,
Enabled: true,
Name: form.AuthName,
},
}
case models.SMTP:
@ -142,15 +145,18 @@ func EditAuthSourcePost(ctx *middleware.Context, form auth.AuthenticationForm) {
case models.LDAP:
config = &models.LDAPConfig{
Ldapsource: ldap.Ldapsource{
Host: form.Host,
Port: form.Port,
UseSSL: form.UseSSL,
BaseDN: form.BaseDN,
Attributes: form.Attributes,
Filter: form.Filter,
MsAdSAFormat: form.MsAdSA,
Enabled: true,
Name: form.AuthName,
Host: form.Host,
Port: form.Port,
UseSSL: form.UseSSL,
BaseDN: form.BaseDN,
AttributeUsername: form.AttributeUsername,
AttributeName: form.AttributeName,
AttributeSurname: form.AttributeSurname,
AttributeMail: form.AttributeMail,
Filter: form.Filter,
MsAdSAFormat: form.MsAdSA,
Enabled: true,
Name: form.AuthName,
},
}
case models.SMTP:

16
templates/admin/auth/edit.tmpl
Unescape View File

@ -48,8 +48,20 @@
<input class="ipt ipt-large ipt-radius {{if .Err_BaseDN}}ipt-error{{end}}" id="base_dn" name="base_dn" value="{{.Source.LDAP.BaseDN}}" />
</div>
<div class="field">
<label class="req" for="attributes">{{.i18n.Tr "admin.auths.attributes"}}</label>
<input class="ipt ipt-large ipt-radius {{if .Err_Attributes}}ipt-error{{end}}" id="attributes" name="attributes" value="{{.Source.LDAP.Attributes}}" />
<label class="req" for="attribute_username">{{.i18n.Tr "admin.auths.attribute_username"}}</label>
<input class="ipt ipt-large ipt-radius {{if .Err_Attributes}}ipt-error{{end}}" id="attribute_username" name="attribute_username" value="{{.Source.LDAP.AttributeUsername}}" />
</div>
<div class="field">
<label class="req" for="attribute_name">{{.i18n.Tr "admin.auths.attribute_name"}}</label>
<input class="ipt ipt-large ipt-radius {{if .Err_Attributes}}ipt-error{{end}}" id="attribute_name" name="attribute_name" value="{{.Source.LDAP.AttributeName}}" />
</div>
<div class="field">
<label class="req" for="attribute_surname">{{.i18n.Tr "admin.auths.attribute_surname"}}</label>
<input class="ipt ipt-large ipt-radius {{if .Err_Attributes}}ipt-error{{end}}" id="attribute_surname" name="attribute_surname" value="{{.Source.LDAP.AttributeSurname}}" />
</div>
<div class="field">
<label class="req" for="attribute_mail">{{.i18n.Tr "admin.auths.attribute_mail"}}</label>
<input class="ipt ipt-large ipt-radius {{if .Err_Attributes}}ipt-error{{end}}" id="attribute_mail" name="attribute_mail" value="{{.Source.LDAP.AttributeMail}}" />
</div>
<div class="field">
<label class="req" for="filter">{{.i18n.Tr "admin.auths.filter"}}</label>

Write Preview
Loading…
Cancel
Save