fix ldap issue

This commit is contained in:
Tan Jiang 2017-04-24 20:06:03 +08:00
parent 5a7fba7b1d
commit e17526a495
4 changed files with 34 additions and 11 deletions

View File

@ -31,6 +31,7 @@ type LdapUser struct {
Username string `json:"ldap_username"`
Email string `json:"ldap_email"`
Realname string `json:"ldap_realname"`
DN string `json:"-"`
}
//LdapImportUser ...

View File

@ -151,7 +151,7 @@ func ConnectTest(ldapConfs models.LdapConf) error {
var ldapConn *goldap.Conn
var err error
ldapConn, err = dialLDAP(ldapConfs, ldapConn)
ldapConn, err = dialLDAP(ldapConfs)
if err != nil {
return err
@ -175,7 +175,7 @@ func SearchUser(ldapConfs models.LdapConf) ([]models.LdapUser, error) {
var ldapConn *goldap.Conn
var err error
ldapConn, err = dialLDAP(ldapConfs, ldapConn)
ldapConn, err = dialLDAP(ldapConfs)
if err != nil {
return nil, err
@ -217,6 +217,7 @@ func SearchUser(ldapConfs models.LdapConf) ([]models.LdapUser, error) {
u.Email = val
}
}
u.DN = ldapEntry.DN
ldapUsers = append(ldapUsers, u)
}
@ -312,11 +313,25 @@ func ImportUser(user models.LdapUser) (int64, error) {
return UserID, nil
}
func dialLDAP(ldapConfs models.LdapConf, ldap *goldap.Conn) (*goldap.Conn, error) {
// Bind establish a connection to ldap based on ldapConfs and bind the user with given parameters.
func Bind(ldapConfs models.LdapConf, dn string, password string) error {
conn, err := dialLDAP(ldapConfs)
if err != nil {
return err
}
defer conn.Close()
if ldapConfs.LdapSearchDn != "" {
if err := bindLDAPSearchDN(ldapConfs, conn); err != nil {
return err
}
}
return conn.Bind(dn, password)
}
func dialLDAP(ldapConfs models.LdapConf) (*goldap.Conn, error) {
var err error
//log.Debug("ldapConfs.LdapURL:", ldapConfs.LdapURL)
var ldap *goldap.Conn
splitLdapURL := strings.Split(ldapConfs.LdapURL, "://")
protocol, hostport := splitLdapURL[0], splitLdapURL[1]

View File

@ -75,6 +75,12 @@ func (l *Auth) Authenticate(m models.AuthModel) (*models.User, error) {
u.Email = ldapUsers[0].Email
u.Realname = ldapUsers[0].Realname
dn := ldapUsers[0].DN
log.Debugf("username: %s, dn: %s", u.Username, dn)
if err := ldapUtils.Bind(ldapConfs, dn, m.Password); err != nil {
return nil, fmt.Errorf("Failed to bind user, username: %s, dn: %s, error: %v", u.Username, dn, err)
}
exist, err := dao.UserExists(u, "username")
if err != nil {
return nil, err
@ -87,11 +93,6 @@ func (l *Auth) Authenticate(m models.AuthModel) (*models.User, error) {
}
u.UserID = currentUser.UserID
} else {
// u.Password = "12345678AbC"
// u.Comment = "from LDAP."
// if u.Email == "" {
// u.Email = u.Username + "@placeholder.com"
// }
userID, err := ldapUtils.ImportUser(ldapUsers[0])
if err != nil {
log.Errorf("Can't import user %s, error: %v", ldapUsers[0].Username, err)

View File

@ -122,4 +122,10 @@ func TestAuthenticate(t *testing.T) {
if user.Username != "test" {
t.Errorf("unexpected ldap user authenticate fail: %s = %s", "user.Username", user.Username)
}
person.Principal = "test"
person.Password = "1"
_, err = auth.Authenticate(person)
if err == nil {
t.Errorf("Expected error for wrong password")
}
}