Allow login of simpleSecurityObjects
continuous-integration/drone/push Build is passing Details

This commit is contained in:
nemunaire 2021-09-15 12:13:09 +02:00
parent 5643713c54
commit e5046b108b
5 changed files with 28 additions and 10 deletions

View File

@ -35,7 +35,7 @@ func changePassword(w http.ResponseWriter, r *http.Request) {
} else if err := conn.ServiceBind(); err != nil {
log.Println(err)
displayTmplError(w, http.StatusInternalServerError, "change.html", map[string]interface{}{"error": err.Error()})
} else if dn, err := conn.SearchDN(r.PostFormValue("login")); err != nil {
} else if dn, err := conn.SearchDN(r.PostFormValue("login"), true); err != nil {
log.Println(err)
displayTmplError(w, http.StatusInternalServerError, "change.html", map[string]interface{}{"error": err.Error()})
} else if err := conn.Bind(dn, r.PostFormValue("password")); err != nil {

View File

@ -65,11 +65,16 @@ func (l LDAPConn) Bind(username string, password string) error {
return l.connection.Bind(username, password)
}
func (l LDAPConn) SearchDN(username string) (string, error) {
func (l LDAPConn) SearchDN(username string, person bool) (string, error) {
objectClass := "organizationalPerson"
if !person {
objectClass = "simpleSecurityObject"
}
searchRequest := ldap.NewSearchRequest(
l.BaseDN,
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
fmt.Sprintf("(&(objectClass=organizationalPerson)(uid=%s))", username),
fmt.Sprintf("(&(objectClass=%s)(uid=%s))", objectClass, username),
[]string{"dn"},
nil,
)

View File

@ -14,13 +14,26 @@ func login(login string, password string) ([]*ldap.EntryAttribute, error) {
conn, err := myLDAP.Connect()
if err != nil || conn == nil {
return nil, err
} else if err := conn.ServiceBind(); err != nil {
}
if err = conn.ServiceBind(); err != nil {
return nil, err
} else if dn, err := conn.SearchDN(login); err != nil {
}
var dn string
dn, err = conn.SearchDN(login, true)
if err != nil {
dn, err = conn.SearchDN(login, false)
if err != nil {
return nil, err
}
}
if err := conn.Bind(dn, password); err != nil {
return nil, err
} else if err := conn.Bind(dn, password); err != nil {
return nil, err
} else if entries, err := conn.GetEntry(dn); err != nil {
}
if entries, err := conn.GetEntry(dn); err != nil {
return nil, err
} else {
return entries, nil

View File

@ -74,7 +74,7 @@ func lostPassword(w http.ResponseWriter, r *http.Request) {
}
// Search the dn of the given user
dn, err := conn.SearchDN(r.PostFormValue("login"))
dn, err := conn.SearchDN(r.PostFormValue("login"), true)
if err != nil {
log.Println(err)
displayTmplError(w, http.StatusInternalServerError, "lost.html", map[string]interface{}{"error": err.Error()})

View File

@ -51,7 +51,7 @@ func resetPassword(w http.ResponseWriter, r *http.Request) {
}
// Search the dn of the given user
dn, err := conn.SearchDN(r.PostFormValue("login"))
dn, err := conn.SearchDN(r.PostFormValue("login"), true)
if err != nil {
log.Println(err)
base["error"] = err.Error()