aboutsummaryrefslogtreecommitdiffstats
path: root/modules
diff options
context:
space:
mode:
authorAdam Strzelecki <ono@java.pl>2016-02-16 11:58:00 +0100
committerAdam Strzelecki <ono@java.pl>2016-02-20 14:01:47 +0100
commite2f95c284570271267a6239faa944c381960a3d9 (patch)
treecc0ec27d4f1abf7c8bdbc1f20126033c1c3de5e8 /modules
parentb7f3d94cd048cbad6bc406bcbd79b490ccd416a9 (diff)
downloadgitea-e2f95c284570271267a6239faa944c381960a3d9.tar.gz
gitea-e2f95c284570271267a6239faa944c381960a3d9.zip
LDAP: Use single connection in BindDN mode auth
According to RFC 4511 4.2.1. Processing of the Bind Request "Clients may send multiple Bind requests to change the authentication and/or security associations or to complete a multi-stage Bind process. Authentication from earlier binds is subsequently ignored." Therefore we should not use 2 connections, but single one just sending two bind requests.
Diffstat (limited to 'modules')
-rw-r--r--modules/auth/ldap/ldap.go30
1 files changed, 11 insertions, 19 deletions
diff --git a/modules/auth/ldap/ldap.go b/modules/auth/ldap/ldap.go
index 7f36c8bd57..8fbefb4341 100644
--- a/modules/auth/ldap/ldap.go
+++ b/modules/auth/ldap/ldap.go
@@ -58,18 +58,10 @@ func (ls *Source) sanitizedUserDN(username string) (string, bool) {
return fmt.Sprintf(ls.UserDN, username), true
}
-func (ls *Source) FindUserDN(name string) (string, bool) {
- l, err := ldapDial(ls)
- if err != nil {
- log.Error(4, "LDAP Connect error, %s:%v", ls.Host, err)
- ls.Enabled = false
- return "", false
- }
- defer l.Close()
-
+func (ls *Source) findUserDN(l *ldap.Conn, name string) (string, bool) {
log.Trace("Search for LDAP user: %s", name)
if ls.BindDN != "" && ls.BindPassword != "" {
- err = l.Bind(ls.BindDN, ls.BindPassword)
+ err := l.Bind(ls.BindDN, ls.BindPassword)
if err != nil {
log.Debug("Failed to bind as BindDN[%s]: %v", ls.BindDN, err)
return "", false
@@ -111,6 +103,14 @@ func (ls *Source) FindUserDN(name string) (string, bool) {
// searchEntry : search an LDAP source if an entry (name, passwd) is valid and in the specific filter
func (ls *Source) SearchEntry(name, passwd string, directBind bool) (string, string, string, string, bool, bool) {
+ l, err := ldapDial(ls)
+ if err != nil {
+ log.Error(4, "LDAP Connect error, %s:%v", ls.Host, err)
+ ls.Enabled = false
+ return "", "", "", "", false, false
+ }
+ defer l.Close()
+
var userDN string
if directBind {
log.Trace("LDAP will bind directly via UserDN template: %s", ls.UserDN)
@@ -124,20 +124,12 @@ func (ls *Source) SearchEntry(name, passwd string, directBind bool) (string, str
log.Trace("LDAP will use BindDN.")
var found bool
- userDN, found = ls.FindUserDN(name)
+ userDN, found = ls.findUserDN(l, name)
if !found {
return "", "", "", "", false, false
}
}
- l, err := ldapDial(ls)
- if err != nil {
- log.Error(4, "LDAP Connect error (%s): %v", ls.Host, err)
- ls.Enabled = false
- return "", "", "", "", false, false
- }
- defer l.Close()
-
log.Trace("Binding with userDN: %s", userDN)
err = l.Bind(userDN, passwd)
if err != nil {