Merge pull request #2125 from reasonerjt/fix-ldap-1.1.0

Fix ldap 1.1.0
2024-09-21 05:39:55 +00:00 · 2017-04-25 17:52:42 +08:00 · 2017-04-25 17:52:42 +08:00 · f2d71a6f2b
commit f2d71a6f2b
parent 5a7fba7b1d e17526a495
4 changed files with 34 additions and 11 deletions
--- a/src/common/models/ldap.go
+++ b/src/common/models/ldap.go
@ -31,6 +31,7 @@ type LdapUser struct {
 	Username string `json:"ldap_username"`
 	Email    string `json:"ldap_email"`
 	Realname string `json:"ldap_realname"`
+	DN       string `json:"-"`
 }

 //LdapImportUser ...
--- a/src/common/utils/ldap/ldap.go
+++ b/src/common/utils/ldap/ldap.go
@ -151,7 +151,7 @@ func ConnectTest(ldapConfs models.LdapConf) error {
 	var ldapConn *goldap.Conn
 	var err error

-	ldapConn, err = dialLDAP(ldapConfs, ldapConn)
+	ldapConn, err = dialLDAP(ldapConfs)

 	if err != nil {
 		return err
@ -175,7 +175,7 @@ func SearchUser(ldapConfs models.LdapConf) ([]models.LdapUser, error) {
 	var ldapConn *goldap.Conn
 	var err error

-	ldapConn, err = dialLDAP(ldapConfs, ldapConn)
+	ldapConn, err = dialLDAP(ldapConfs)

 	if err != nil {
 		return nil, err
@ -217,6 +217,7 @@ func SearchUser(ldapConfs models.LdapConf) ([]models.LdapUser, error) {
 				u.Email = val
 			}
 		}
+		u.DN = ldapEntry.DN
 		ldapUsers = append(ldapUsers, u)
 	}

@ -312,11 +313,25 @@ func ImportUser(user models.LdapUser) (int64, error) {
 	return UserID, nil
 }

-func dialLDAP(ldapConfs models.LdapConf, ldap *goldap.Conn) (*goldap.Conn, error) {
+// Bind establish a connection to ldap based on ldapConfs and bind the user with given parameters.
+func Bind(ldapConfs models.LdapConf, dn string, password string) error {
+	conn, err := dialLDAP(ldapConfs)
+	if err != nil {
+		return err
+	}
+	defer conn.Close()
+	if ldapConfs.LdapSearchDn != "" {
+		if err := bindLDAPSearchDN(ldapConfs, conn); err != nil {
+			return err
+		}
+	}
+	return conn.Bind(dn, password)
+}
+
+func dialLDAP(ldapConfs models.LdapConf) (*goldap.Conn, error) {
+
 	var err error
-
-	//log.Debug("ldapConfs.LdapURL:", ldapConfs.LdapURL)
-
+	var ldap *goldap.Conn
 	splitLdapURL := strings.Split(ldapConfs.LdapURL, "://")
 	protocol, hostport := splitLdapURL[0], splitLdapURL[1]

--- a/src/ui/auth/ldap/ldap.go
+++ b/src/ui/auth/ldap/ldap.go
@ -75,6 +75,12 @@ func (l *Auth) Authenticate(m models.AuthModel) (*models.User, error) {
 	u.Email = ldapUsers[0].Email
 	u.Realname = ldapUsers[0].Realname

+	dn := ldapUsers[0].DN
+
+	log.Debugf("username: %s, dn: %s", u.Username, dn)
+	if err := ldapUtils.Bind(ldapConfs, dn, m.Password); err != nil {
+		return nil, fmt.Errorf("Failed to bind user, username: %s, dn: %s, error: %v", u.Username, dn, err)
+	}
 	exist, err := dao.UserExists(u, "username")
 	if err != nil {
 		return nil, err
@ -87,11 +93,6 @@ func (l *Auth) Authenticate(m models.AuthModel) (*models.User, error) {
 		}
 		u.UserID = currentUser.UserID
 	} else {
-		//		u.Password = "12345678AbC"
-		//		u.Comment = "from LDAP."
-		//		if u.Email == "" {
-		//			u.Email = u.Username + "@placeholder.com"
-		//		}
 		userID, err := ldapUtils.ImportUser(ldapUsers[0])
 		if err != nil {
 			log.Errorf("Can't import user %s, error: %v", ldapUsers[0].Username, err)
--- a/src/ui/auth/ldap/ldap_test.go
+++ b/src/ui/auth/ldap/ldap_test.go
@ -122,4 +122,10 @@ func TestAuthenticate(t *testing.T) {
 	if user.Username != "test" {
 		t.Errorf("unexpected ldap user authenticate fail: %s = %s", "user.Username", user.Username)
 	}
+	person.Principal = "test"
+	person.Password = "1"
+	_, err = auth.Authenticate(person)
+	if err == nil {
+		t.Errorf("Expected error for wrong password")
+	}
 }