// Return the same LoginUserPlain semantic
// FIXME: https://github.com/gogits/gogs/issues/672
func LoginUserLdapSource(u *User, name, passwd string, sourceId int64, cfg *LDAPConfig, autoRegister bool) (*User, error) {
- fn, sn, mail, logged := cfg.Ldapsource.SearchEntry(name, passwd)
+ fn, sn, mail, admin, logged := cfg.Ldapsource.SearchEntry(name, passwd)
if !logged {
// User not in LDAP, do nothing
return nil, ErrUserNotExist{0, name}
LoginName: name,
Passwd: passwd,
Email: mail,
+ IsAdmin: admin,
IsActive: true,
}
return u, CreateUser(u)
AttributeSurname string // Surname attribute
AttributeMail string // E-mail attribute
Filter string // Query filter to validate entry
+ AdminFilter string // Query filter to check if user is admin
Enabled bool // if this source is disabled
}
}
// searchEntry : search an LDAP source if an entry (name, passwd) is valid and in the specific filter
-func (ls Ldapsource) SearchEntry(name, passwd string) (string, string, string, bool) {
+func (ls Ldapsource) SearchEntry(name, passwd string) (string, string, string, bool, bool) {
userDN, found := ls.FindUserDN(name)
if !found {
- return "", "", "", false
+ return "", "", "", false, false
}
l, err := ldapDial(ls)
if err != nil {
log.Error(4, "LDAP Connect error, %s:%v", ls.Host, err)
ls.Enabled = false
- return "", "", "", false
+ return "", "", "", false, false
}
defer l.Close()
err = l.Bind(userDN, passwd)
if err != nil {
log.Debug("LDAP auth. failed for %s, reason: %v", userDN, err)
- return "", "", "", false
+ return "", "", "", false, false
}
log.Trace("Bound successfully with userDN: %s", userDN)
sr, err := l.Search(search)
if err != nil {
log.Error(4, "LDAP Search failed unexpectedly! (%v)", err)
- return "", "", "", false
+ return "", "", "", false, false
} else if len(sr.Entries) < 1 {
log.Error(4, "LDAP Search failed unexpectedly! (0 entries)")
- return "", "", "", false
+ return "", "", "", false, false
}
name_attr := sr.Entries[0].GetAttributeValue(ls.AttributeName)
sn_attr := sr.Entries[0].GetAttributeValue(ls.AttributeSurname)
mail_attr := sr.Entries[0].GetAttributeValue(ls.AttributeMail)
- return name_attr, sn_attr, mail_attr, true
+
+ search = ldap.NewSearchRequest(
+ userDN, ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, ls.AdminFilter,
+ []string{ls.AttributeName},
+ nil)
+
+ sr, err = l.Search(search)
+ admin_attr := false
+ if err != nil {
+ log.Error(4, "LDAP Admin Search failed unexpectedly! (%v)", err)
+ } else if len(sr.Entries) < 1 {
+ log.Error(4, "LDAP Admin Search failed")
+ } else {
+ admin_attr = true
+ }
+
+ return name_attr, sn_attr, mail_attr, admin_attr, true
}
func ldapDial(ls Ldapsource) (*ldap.Conn, error) {