Get username, name, surname and e-mail from LDAP server

diff --git a/conf/locale/locale_en-US.ini b/conf/locale/locale_en-US.ini
index 4b8325ef4e886fd318b7b3221890ee6df311d819..2e83025ecf4486e7f43cd0ca9922a5c4161487d2 100644 (file)
--- a/conf/locale/locale_en-US.ini
+++ b/conf/locale/locale_en-US.ini
@@ -592,7 +592,10 @@ auths.domain = Domain
 auths.host = Host
 auths.port = Port
 auths.base_dn = Base DN
-auths.attributes = Search Attributes
+auths.attribute_username = Username attribute
+auths.attribute_name = First name attribute
+auths.attribute_surname = Surname attribute
+auths.attribute_mail = E-mail attribute
 auths.filter = Search Filter
 auths.ms_ad_sa = Ms Ad SA
 auths.smtp_auth = SMTP Authorization Type

diff --git a/models/login.go b/models/login.go
index 125e110a4049b73bcb0fb3d9e602508007722c64..1dc1b6cad3acb36e40e1df7bbf7c8f9e05c17990 100644 (file)
--- a/models/login.go
+++ b/models/login.go
@@ -231,7 +231,7 @@ func UserSignIn(uname, passwd string) (*User, error) {
 // Return the same LoginUserPlain semantic
 // FIXME: https://github.com/gogits/gogs/issues/672
 func LoginUserLdapSource(u *User, name, passwd string, sourceId int64, cfg *LDAPConfig, autoRegister bool) (*User, error) {
-       mail, logged := cfg.Ldapsource.SearchEntry(name, passwd)
+       name, fn, sn, mail, logged := cfg.Ldapsource.SearchEntry(name, passwd)
        if !logged {
                // User not in LDAP, do nothing
                return nil, ErrUserNotExist
@@ -247,6 +247,7 @@ func LoginUserLdapSource(u *User, name, passwd string, sourceId int64, cfg *LDAP
 
        u = &User{
                Name:        name,
+               FullName:    fn + " " + sn,
                LoginType:   LDAP,
                LoginSource: sourceId,
                LoginName:   name,

diff --git a/modules/auth/auth_form.go b/modules/auth/auth_form.go
index e9789634c9487573945c10adcc7281ecc3910811..c7b93896000452492e626958a48c441afe55f6f4 100644 (file)
--- a/modules/auth/auth_form.go
+++ b/modules/auth/auth_form.go
@@ -18,7 +18,10 @@ type AuthenticationForm struct {
        Port              int    `form:"port"`
        UseSSL            bool   `form:"usessl"`
        BaseDN            string `form:"base_dn"`
-       Attributes        string `form:"attributes"`
+       AttributeUsername string `form:"attribute_username"`
+       AttributeName     string `form:"attribute_name"`
+       AttributeSurname  string `form:"attribute_surname"`
+       AttributeMail     string `form:"attribute_mail"`
        Filter            string `form:"filter"`
        MsAdSA            string `form:"ms_ad_sa"`
        IsActived         bool   `form:"is_actived"`

diff --git a/modules/auth/ldap/ldap.go b/modules/auth/ldap/ldap.go
index 44c130a1048301b1622ce97819b343c56d2f8ce5..c78e241d371e5d97402158bdb4d815adf8094e20 100644 (file)
--- a/modules/auth/ldap/ldap.go
+++ b/modules/auth/ldap/ldap.go
@@ -15,15 +15,18 @@ import (
 
 // Basic LDAP authentication service
 type Ldapsource struct {
-       Name         string // canonical name (ie. corporate.ad)
-       Host         string // LDAP host
-       Port         int    // port number
-       UseSSL       bool   // Use SSL
-       BaseDN       string // Base DN
-       Attributes   string // Attribute to search
-       Filter       string // Query filter to validate entry
-       MsAdSAFormat string // in the case of MS AD Simple Authen, the format to use (see: http://msdn.microsoft.com/en-us/library/cc223499.aspx)
-       Enabled      bool   // if this source is disabled
+       Name              string // canonical name (ie. corporate.ad)
+       Host              string // LDAP host
+       Port              int    // port number
+       UseSSL            bool   // Use SSL
+       BaseDN            string // Base DN
+       AttributeUsername string // Username attribute
+       AttributeName     string // First name attribute
+       AttributeSurname  string // Surname attribute
+       AttributeMail     string // E-mail attribute
+       Filter            string // Query filter to validate entry
+       MsAdSAFormat      string // in the case of MS AD Simple Authen, the format to use (see: http://msdn.microsoft.com/en-us/library/cc223499.aspx)
+       Enabled           bool   // if this source is disabled
 }
 
 //Global LDAP directory pool
@@ -32,18 +35,18 @@ var (
 )
 
 // Add a new source (LDAP directory) to the global pool
-func AddSource(name string, host string, port int, usessl bool, basedn string, attributes string, filter string, msadsaformat string) {
-       ldaphost := Ldapsource{name, host, port, usessl, basedn, attributes, filter, msadsaformat, true}
+func AddSource(name string, host string, port int, usessl bool, basedn string, attribcn string, attribname string, attribsn string, attribmail string, filter string, msadsaformat string) {
+       ldaphost := Ldapsource{name, host, port, usessl, basedn, attribcn, attribname, attribsn, attribmail, filter, msadsaformat, true}
        Authensource = append(Authensource, ldaphost)
 }
 
 //LoginUser : try to login an user to LDAP sources, return requested (attribute,true) if ok, ("",false) other wise
 //First match wins
 //Returns first attribute if exists
-func LoginUser(name, passwd string) (a string, r bool) {
+func LoginUser(name, passwd string) (cn, fn, sn, mail string, r bool) {
        r = false
        for _, ls := range Authensource {
-               a, r = ls.SearchEntry(name, passwd)
+               cn, fn, sn, mail, r = ls.SearchEntry(name, passwd)
                if r {
                        return
                }
@@ -52,12 +55,12 @@ func LoginUser(name, passwd string) (a string, r bool) {
 }
 
 // searchEntry : search an LDAP source if an entry (name, passwd) is valide and in the specific filter
-func (ls Ldapsource) SearchEntry(name, passwd string) (string, bool) {
+func (ls Ldapsource) SearchEntry(name, passwd string) (string, string, string, string, bool) {
        l, err := ldapDial(ls)
        if err != nil {
                log.Error(4, "LDAP Connect error, %s:%v", ls.Host, err)
                ls.Enabled = false
-               return "", false
+               return "", "", "", "", false
        }
        defer l.Close()
 
@@ -65,26 +68,29 @@ func (ls Ldapsource) SearchEntry(name, passwd string) (string, bool) {
        err = l.Bind(nx, passwd)
        if err != nil {
                log.Debug("LDAP Authan failed for %s, reason: %s", nx, err.Error())
-               return "", false
+               return "", "", "", "", false
        }
 
        search := ldap.NewSearchRequest(
                ls.BaseDN,
                ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
                fmt.Sprintf(ls.Filter, name),
-               []string{ls.Attributes},
+               []string{ls.AttributeUsername, ls.AttributeName, ls.AttributeSurname, ls.AttributeMail},
                nil)
        sr, err := l.Search(search)
        if err != nil {
                log.Debug("LDAP Authen OK but not in filter %s", name)
-               return "", false
+               return "", "", "", "", false
        }
        log.Debug("LDAP Authen OK: %s", name)
        if len(sr.Entries) > 0 {
-               r := sr.Entries[0].GetAttributeValue(ls.Attributes)
-               return r, true
+               cn := sr.Entries[0].GetAttributeValue(ls.AttributeUsername)
+               name := sr.Entries[0].GetAttributeValue(ls.AttributeName)
+               sn := sr.Entries[0].GetAttributeValue(ls.AttributeSurname)
+               mail := sr.Entries[0].GetAttributeValue(ls.AttributeMail)
+               return cn, name, sn, mail, true
        }
-       return "", true
+       return "", "", "", "", true
 }
 
 func ldapDial(ls Ldapsource) (*ldap.Conn, error) {

diff --git a/routers/admin/auths.go b/routers/admin/auths.go
index e537572b41bf94208a97cc78d3d6584d391d4285..dcb98d330345d8a610276a6e0090f87d2ca4d2d9 100644 (file)
--- a/routers/admin/auths.go
+++ b/routers/admin/auths.go
@@ -63,15 +63,18 @@ func NewAuthSourcePost(ctx *middleware.Context, form auth.AuthenticationForm) {
        case models.LDAP:
                u = &models.LDAPConfig{
                        Ldapsource: ldap.Ldapsource{
-                               Host:         form.Host,
-                               Port:         form.Port,
-                               UseSSL:       form.UseSSL,
-                               BaseDN:       form.BaseDN,
-                               Attributes:   form.Attributes,
-                               Filter:       form.Filter,
-                               MsAdSAFormat: form.MsAdSA,
-                               Enabled:      true,
-                               Name:         form.AuthName,
+                               Host:              form.Host,
+                               Port:              form.Port,
+                               UseSSL:            form.UseSSL,
+                               BaseDN:            form.BaseDN,
+                               AttributeUsername: form.AttributeUsername,
+                               AttributeName:     form.AttributeName,
+                               AttributeSurname:  form.AttributeSurname,
+                               AttributeMail:     form.AttributeMail,
+                               Filter:            form.Filter,
+                               MsAdSAFormat:      form.MsAdSA,
+                               Enabled:           true,
+                               Name:              form.AuthName,
                        },
                }
        case models.SMTP:
@@ -142,15 +145,18 @@ func EditAuthSourcePost(ctx *middleware.Context, form auth.AuthenticationForm) {
        case models.LDAP:
                config = &models.LDAPConfig{
                        Ldapsource: ldap.Ldapsource{
-                               Host:         form.Host,
-                               Port:         form.Port,
-                               UseSSL:       form.UseSSL,
-                               BaseDN:       form.BaseDN,
-                               Attributes:   form.Attributes,
-                               Filter:       form.Filter,
-                               MsAdSAFormat: form.MsAdSA,
-                               Enabled:      true,
-                               Name:         form.AuthName,
+                               Host:              form.Host,
+                               Port:              form.Port,
+                               UseSSL:            form.UseSSL,
+                               BaseDN:            form.BaseDN,
+                               AttributeUsername: form.AttributeUsername,
+                               AttributeName:     form.AttributeName,
+                               AttributeSurname:  form.AttributeSurname,
+                               AttributeMail:     form.AttributeMail,
+                               Filter:            form.Filter,
+                               MsAdSAFormat:      form.MsAdSA,
+                               Enabled:           true,
+                               Name:              form.AuthName,
                        },
                }
        case models.SMTP:

diff --git a/templates/admin/auth/edit.tmpl b/templates/admin/auth/edit.tmpl
index 77d28f6269476f0697bd066849e70a40738e534d..e1bbd23d0393c883aef7c8f3771f30256f0561d8 100644 (file)
--- a/templates/admin/auth/edit.tmpl
+++ b/templates/admin/auth/edit.tmpl
@@ -48,8 +48,20 @@
                                     <input class="ipt ipt-large ipt-radius {{if .Err_BaseDN}}ipt-error{{end}}" id="base_dn" name="base_dn" value="{{.Source.LDAP.BaseDN}}" />
                                 </div>
                                 <div class="field">
-                                    <label class="req" for="attributes">{{.i18n.Tr "admin.auths.attributes"}}</label>
-                                    <input class="ipt ipt-large ipt-radius {{if .Err_Attributes}}ipt-error{{end}}" id="attributes" name="attributes" value="{{.Source.LDAP.Attributes}}" />
+                                    <label class="req" for="attribute_username">{{.i18n.Tr "admin.auths.attribute_username"}}</label>
+                                    <input class="ipt ipt-large ipt-radius {{if .Err_Attributes}}ipt-error{{end}}" id="attribute_username" name="attribute_username" value="{{.Source.LDAP.AttributeUsername}}" />
+                                </div>
+                                <div class="field">
+                                    <label class="req" for="attribute_name">{{.i18n.Tr "admin.auths.attribute_name"}}</label>
+                                    <input class="ipt ipt-large ipt-radius {{if .Err_Attributes}}ipt-error{{end}}" id="attribute_name" name="attribute_name" value="{{.Source.LDAP.AttributeName}}" />
+                                </div>
+                                <div class="field">
+                                    <label class="req" for="attribute_surname">{{.i18n.Tr "admin.auths.attribute_surname"}}</label>
+                                    <input class="ipt ipt-large ipt-radius {{if .Err_Attributes}}ipt-error{{end}}" id="attribute_surname" name="attribute_surname" value="{{.Source.LDAP.AttributeSurname}}" />
+                                </div>
+                                <div class="field">
+                                    <label class="req" for="attribute_mail">{{.i18n.Tr "admin.auths.attribute_mail"}}</label>
+                                    <input class="ipt ipt-large ipt-radius {{if .Err_Attributes}}ipt-error{{end}}" id="attribute_mail" name="attribute_mail" value="{{.Source.LDAP.AttributeMail}}" />
                                 </div>
                                 <div class="field">
                                     <label class="req" for="filter">{{.i18n.Tr "admin.auths.filter"}}</label>