diff options
author | Gwilherm Folliot <37798980+3l0w@users.noreply.github.com> | 2022-05-03 14:41:11 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-05-03 20:41:11 +0800 |
commit | b7abb31b7baeb2ee60d28b90354af3bef7f7a74a (patch) | |
tree | af81e894dd9d08eef3e42d29b26df1709202813e | |
parent | 772ad761eb4fa88e9912f6bf0eaed65ad3830292 (diff) | |
download | gitea-b7abb31b7baeb2ee60d28b90354af3bef7f7a74a.tar.gz gitea-b7abb31b7baeb2ee60d28b90354af3bef7f7a74a.zip |
Move user password verification after checking his groups on ldap auth (#19587)
In case the binded user can not access its own attributes.
Signed-off-by: Gwilherm Folliot <gwilherm55fo@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
-rw-r--r-- | services/auth/source/ldap/source_search.go | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/services/auth/source/ldap/source_search.go b/services/auth/source/ldap/source_search.go index f2b940cabe..d01fd14c8b 100644 --- a/services/auth/source/ldap/source_search.go +++ b/services/auth/source/ldap/source_search.go @@ -433,14 +433,6 @@ func (ls *Source) SearchEntry(name, passwd string, directBind bool) *SearchResul isRestricted = checkRestricted(l, ls, userDN) } - if !directBind && ls.AttributesInBind { - // binds user (checking password) after looking-up attributes in BindDN context - err = bindUser(l, userDN, passwd) - if err != nil { - return nil - } - } - if isAtributeAvatarSet { Avatar = sr.Entries[0].GetRawAttributeValue(ls.AttributeAvatar) } @@ -451,6 +443,14 @@ func (ls *Source) SearchEntry(name, passwd string, directBind bool) *SearchResul teamsToAdd, teamsToRemove = ls.getMappedMemberships(l, uid) } + if !directBind && ls.AttributesInBind { + // binds user (checking password) after looking-up attributes in BindDN context + err = bindUser(l, userDN, passwd) + if err != nil { + return nil + } + } + return &SearchResult{ LowerName: strings.ToLower(username), Username: username, |