Merge pull request #2125 from reasonerjt/fix-ldap-1.1.0

Fix ldap 1.1.0
2025-02-14 02:41:43 +01:00 · 2017-04-25 17:52:42 +08:00 · 2017-04-25 17:52:42 +08:00 · f2d71a6f2b
commit f2d71a6f2b
parent 5a7fba7b1d e17526a495
4 changed files with 34 additions and 11 deletions
--- a/src/common/models/ldap.go
+++ b/src/common/models/ldap.go
@ -31,6 +31,7 @@ type LdapUser struct {
 	Username string `json:"ldap_username"`
 	Email    string `json:"ldap_email"`
 	Realname string `json:"ldap_realname"`
 	DN       string `json:"-"`
 }
 //LdapImportUser ...
--- a/src/common/utils/ldap/ldap.go
+++ b/src/common/utils/ldap/ldap.go
@ -151,7 +151,7 @@ func ConnectTest(ldapConfs models.LdapConf) error {
 	var ldapConn *goldap.Conn
 	var err error
-	ldapConn, err = dialLDAP(ldapConfs, ldapConn)
+	ldapConn, err = dialLDAP(ldapConfs)
 	if err != nil {
 		return err
@ -175,7 +175,7 @@ func SearchUser(ldapConfs models.LdapConf) ([]models.LdapUser, error) {
 	var ldapConn *goldap.Conn
 	var err error
-	ldapConn, err = dialLDAP(ldapConfs, ldapConn)
+	ldapConn, err = dialLDAP(ldapConfs)
 	if err != nil {
 		return nil, err
@ -217,6 +217,7 @@ func SearchUser(ldapConfs models.LdapConf) ([]models.LdapUser, error) {
 				u.Email = val
 			}
 		}
 		u.DN = ldapEntry.DN
 		ldapUsers = append(ldapUsers, u)
 	}
@ -312,11 +313,25 @@ func ImportUser(user models.LdapUser) (int64, error) {
 	return UserID, nil
 }
-func dialLDAP(ldapConfs models.LdapConf, ldap *goldap.Conn) (*goldap.Conn, error) {
+// Bind establish a connection to ldap based on ldapConfs and bind the user with given parameters.
 func Bind(ldapConfs models.LdapConf, dn string, password string) error {
 	conn, err := dialLDAP(ldapConfs)
 	if err != nil {
 		return err
 	}
 	defer conn.Close()
 	if ldapConfs.LdapSearchDn != "" {
 		if err := bindLDAPSearchDN(ldapConfs, conn); err != nil {
 			return err
 		}
 	}
 	return conn.Bind(dn, password)
 }
 func dialLDAP(ldapConfs models.LdapConf) (*goldap.Conn, error) {
 	var err error
-
+	var ldap *goldap.Conn
 	//log.Debug("ldapConfs.LdapURL:", ldapConfs.LdapURL)
 	splitLdapURL := strings.Split(ldapConfs.LdapURL, "://")
 	protocol, hostport := splitLdapURL[0], splitLdapURL[1]
--- a/src/ui/auth/ldap/ldap.go
+++ b/src/ui/auth/ldap/ldap.go
@ -75,6 +75,12 @@ func (l *Auth) Authenticate(m models.AuthModel) (*models.User, error) {
 	u.Email = ldapUsers[0].Email
 	u.Realname = ldapUsers[0].Realname
 	dn := ldapUsers[0].DN
 	log.Debugf("username: %s, dn: %s", u.Username, dn)
 	if err := ldapUtils.Bind(ldapConfs, dn, m.Password); err != nil {
 		return nil, fmt.Errorf("Failed to bind user, username: %s, dn: %s, error: %v", u.Username, dn, err)
 	}
 	exist, err := dao.UserExists(u, "username")
 	if err != nil {
 		return nil, err
@ -87,11 +93,6 @@ func (l *Auth) Authenticate(m models.AuthModel) (*models.User, error) {
 		}
 		u.UserID = currentUser.UserID
 	} else {
 		//		u.Password = "12345678AbC"
 		//		u.Comment = "from LDAP."
 		//		if u.Email == "" {
 		//			u.Email = u.Username + "@placeholder.com"
 		//		}
 		userID, err := ldapUtils.ImportUser(ldapUsers[0])
 		if err != nil {
 			log.Errorf("Can't import user %s, error: %v", ldapUsers[0].Username, err)
--- a/src/ui/auth/ldap/ldap_test.go
+++ b/src/ui/auth/ldap/ldap_test.go
@ -122,4 +122,10 @@ func TestAuthenticate(t *testing.T) {
 	if user.Username != "test" {
 		t.Errorf("unexpected ldap user authenticate fail: %s = %s", "user.Username", user.Username)
 	}
 	person.Principal = "test"
 	person.Password = "1"
 	_, err = auth.Authenticate(person)
 	if err == nil {
 		t.Errorf("Expected error for wrong password")
 	}
 }