diff options
| -rw-r--r-- | conf/locale/locale_en-US.ini | 5 | ||||
| -rw-r--r-- | models/login.go | 3 | ||||
| -rw-r--r-- | modules/auth/auth_form.go | 5 | ||||
| -rw-r--r-- | modules/auth/ldap/ldap.go | 48 | ||||
| -rw-r--r-- | routers/admin/auths.go | 42 | ||||
| -rw-r--r-- | templates/admin/auth/edit.tmpl | 16 |
6 files changed, 75 insertions, 44 deletions
diff --git a/conf/locale/locale_en-US.ini b/conf/locale/locale_en-US.ini index 4b8325ef4e..2e83025ecf 100644 --- a/conf/locale/locale_en-US.ini +++ b/conf/locale/locale_en-US.ini @@ -592,7 +592,10 @@ auths.domain = Domain auths.host = Host auths.port = Port auths.base_dn = Base DN -auths.attributes = Search Attributes +auths.attribute_username = Username attribute +auths.attribute_name = First name attribute +auths.attribute_surname = Surname attribute +auths.attribute_mail = E-mail attribute auths.filter = Search Filter auths.ms_ad_sa = Ms Ad SA auths.smtp_auth = SMTP Authorization Type diff --git a/models/login.go b/models/login.go index 125e110a40..1dc1b6cad3 100644 --- a/models/login.go +++ b/models/login.go @@ -231,7 +231,7 @@ func UserSignIn(uname, passwd string) (*User, error) { // Return the same LoginUserPlain semantic // FIXME: https://github.com/gogits/gogs/issues/672 func LoginUserLdapSource(u *User, name, passwd string, sourceId int64, cfg *LDAPConfig, autoRegister bool) (*User, error) { - mail, logged := cfg.Ldapsource.SearchEntry(name, passwd) + name, fn, sn, mail, logged := cfg.Ldapsource.SearchEntry(name, passwd) if !logged { // User not in LDAP, do nothing return nil, ErrUserNotExist @@ -247,6 +247,7 @@ func LoginUserLdapSource(u *User, name, passwd string, sourceId int64, cfg *LDAP u = &User{ Name: name, + FullName: fn + " " + sn, LoginType: LDAP, LoginSource: sourceId, LoginName: name, diff --git a/modules/auth/auth_form.go b/modules/auth/auth_form.go index e9789634c9..c7b9389600 100644 --- a/modules/auth/auth_form.go +++ b/modules/auth/auth_form.go @@ -18,7 +18,10 @@ type AuthenticationForm struct { Port int `form:"port"` UseSSL bool `form:"usessl"` BaseDN string `form:"base_dn"` - Attributes string `form:"attributes"` + AttributeUsername string `form:"attribute_username"` + AttributeName string `form:"attribute_name"` + AttributeSurname string `form:"attribute_surname"` + AttributeMail string `form:"attribute_mail"` Filter string `form:"filter"` MsAdSA string `form:"ms_ad_sa"` IsActived bool `form:"is_actived"` diff --git a/modules/auth/ldap/ldap.go b/modules/auth/ldap/ldap.go index 44c130a104..c78e241d37 100644 --- a/modules/auth/ldap/ldap.go +++ b/modules/auth/ldap/ldap.go @@ -15,15 +15,18 @@ import ( // Basic LDAP authentication service type Ldapsource struct { - Name string // canonical name (ie. corporate.ad) - Host string // LDAP host - Port int // port number - UseSSL bool // Use SSL - BaseDN string // Base DN - Attributes string // Attribute to search - Filter string // Query filter to validate entry - MsAdSAFormat string // in the case of MS AD Simple Authen, the format to use (see: http://msdn.microsoft.com/en-us/library/cc223499.aspx) - Enabled bool // if this source is disabled + Name string // canonical name (ie. corporate.ad) + Host string // LDAP host + Port int // port number + UseSSL bool // Use SSL + BaseDN string // Base DN + AttributeUsername string // Username attribute + AttributeName string // First name attribute + AttributeSurname string // Surname attribute + AttributeMail string // E-mail attribute + Filter string // Query filter to validate entry + MsAdSAFormat string // in the case of MS AD Simple Authen, the format to use (see: http://msdn.microsoft.com/en-us/library/cc223499.aspx) + Enabled bool // if this source is disabled } //Global LDAP directory pool @@ -32,18 +35,18 @@ var ( ) // Add a new source (LDAP directory) to the global pool -func AddSource(name string, host string, port int, usessl bool, basedn string, attributes string, filter string, msadsaformat string) { - ldaphost := Ldapsource{name, host, port, usessl, basedn, attributes, filter, msadsaformat, true} +func AddSource(name string, host string, port int, usessl bool, basedn string, attribcn string, attribname string, attribsn string, attribmail string, filter string, msadsaformat string) { + ldaphost := Ldapsource{name, host, port, usessl, basedn, attribcn, attribname, attribsn, attribmail, filter, msadsaformat, true} Authensource = append(Authensource, ldaphost) } //LoginUser : try to login an user to LDAP sources, return requested (attribute,true) if ok, ("",false) other wise //First match wins //Returns first attribute if exists -func LoginUser(name, passwd string) (a string, r bool) { +func LoginUser(name, passwd string) (cn, fn, sn, mail string, r bool) { r = false for _, ls := range Authensource { - a, r = ls.SearchEntry(name, passwd) + cn, fn, sn, mail, r = ls.SearchEntry(name, passwd) if r { return } @@ -52,12 +55,12 @@ func LoginUser(name, passwd string) (a string, r bool) { } // searchEntry : search an LDAP source if an entry (name, passwd) is valide and in the specific filter -func (ls Ldapsource) SearchEntry(name, passwd string) (string, bool) { +func (ls Ldapsource) SearchEntry(name, passwd string) (string, string, string, string, bool) { l, err := ldapDial(ls) if err != nil { log.Error(4, "LDAP Connect error, %s:%v", ls.Host, err) ls.Enabled = false - return "", false + return "", "", "", "", false } defer l.Close() @@ -65,26 +68,29 @@ func (ls Ldapsource) SearchEntry(name, passwd string) (string, bool) { err = l.Bind(nx, passwd) if err != nil { log.Debug("LDAP Authan failed for %s, reason: %s", nx, err.Error()) - return "", false + return "", "", "", "", false } search := ldap.NewSearchRequest( ls.BaseDN, ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, fmt.Sprintf(ls.Filter, name), - []string{ls.Attributes}, + []string{ls.AttributeUsername, ls.AttributeName, ls.AttributeSurname, ls.AttributeMail}, nil) sr, err := l.Search(search) if err != nil { log.Debug("LDAP Authen OK but not in filter %s", name) - return "", false + return "", "", "", "", false } log.Debug("LDAP Authen OK: %s", name) if len(sr.Entries) > 0 { - r := sr.Entries[0].GetAttributeValue(ls.Attributes) - return r, true + cn := sr.Entries[0].GetAttributeValue(ls.AttributeUsername) + name := sr.Entries[0].GetAttributeValue(ls.AttributeName) + sn := sr.Entries[0].GetAttributeValue(ls.AttributeSurname) + mail := sr.Entries[0].GetAttributeValue(ls.AttributeMail) + return cn, name, sn, mail, true } - return "", true + return "", "", "", "", true } func ldapDial(ls Ldapsource) (*ldap.Conn, error) { diff --git a/routers/admin/auths.go b/routers/admin/auths.go index e537572b41..dcb98d3303 100644 --- a/routers/admin/auths.go +++ b/routers/admin/auths.go @@ -63,15 +63,18 @@ func NewAuthSourcePost(ctx *middleware.Context, form auth.AuthenticationForm) { case models.LDAP: u = &models.LDAPConfig{ Ldapsource: ldap.Ldapsource{ - Host: form.Host, - Port: form.Port, - UseSSL: form.UseSSL, - BaseDN: form.BaseDN, - Attributes: form.Attributes, - Filter: form.Filter, - MsAdSAFormat: form.MsAdSA, - Enabled: true, - Name: form.AuthName, + Host: form.Host, + Port: form.Port, + UseSSL: form.UseSSL, + BaseDN: form.BaseDN, + AttributeUsername: form.AttributeUsername, + AttributeName: form.AttributeName, + AttributeSurname: form.AttributeSurname, + AttributeMail: form.AttributeMail, + Filter: form.Filter, + MsAdSAFormat: form.MsAdSA, + Enabled: true, + Name: form.AuthName, }, } case models.SMTP: @@ -142,15 +145,18 @@ func EditAuthSourcePost(ctx *middleware.Context, form auth.AuthenticationForm) { case models.LDAP: config = &models.LDAPConfig{ Ldapsource: ldap.Ldapsource{ - Host: form.Host, - Port: form.Port, - UseSSL: form.UseSSL, - BaseDN: form.BaseDN, - Attributes: form.Attributes, - Filter: form.Filter, - MsAdSAFormat: form.MsAdSA, - Enabled: true, - Name: form.AuthName, + Host: form.Host, + Port: form.Port, + UseSSL: form.UseSSL, + BaseDN: form.BaseDN, + AttributeUsername: form.AttributeUsername, + AttributeName: form.AttributeName, + AttributeSurname: form.AttributeSurname, + AttributeMail: form.AttributeMail, + Filter: form.Filter, + MsAdSAFormat: form.MsAdSA, + Enabled: true, + Name: form.AuthName, }, } case models.SMTP: diff --git a/templates/admin/auth/edit.tmpl b/templates/admin/auth/edit.tmpl index 77d28f6269..e1bbd23d03 100644 --- a/templates/admin/auth/edit.tmpl +++ b/templates/admin/auth/edit.tmpl @@ -48,8 +48,20 @@ <input class="ipt ipt-large ipt-radius {{if .Err_BaseDN}}ipt-error{{end}}" id="base_dn" name="base_dn" value="{{.Source.LDAP.BaseDN}}" /> </div> <div class="field"> - <label class="req" for="attributes">{{.i18n.Tr "admin.auths.attributes"}}</label> - <input class="ipt ipt-large ipt-radius {{if .Err_Attributes}}ipt-error{{end}}" id="attributes" name="attributes" value="{{.Source.LDAP.Attributes}}" /> + <label class="req" for="attribute_username">{{.i18n.Tr "admin.auths.attribute_username"}}</label> + <input class="ipt ipt-large ipt-radius {{if .Err_Attributes}}ipt-error{{end}}" id="attribute_username" name="attribute_username" value="{{.Source.LDAP.AttributeUsername}}" /> + </div> + <div class="field"> + <label class="req" for="attribute_name">{{.i18n.Tr "admin.auths.attribute_name"}}</label> + <input class="ipt ipt-large ipt-radius {{if .Err_Attributes}}ipt-error{{end}}" id="attribute_name" name="attribute_name" value="{{.Source.LDAP.AttributeName}}" /> + </div> + <div class="field"> + <label class="req" for="attribute_surname">{{.i18n.Tr "admin.auths.attribute_surname"}}</label> + <input class="ipt ipt-large ipt-radius {{if .Err_Attributes}}ipt-error{{end}}" id="attribute_surname" name="attribute_surname" value="{{.Source.LDAP.AttributeSurname}}" /> + </div> + <div class="field"> + <label class="req" for="attribute_mail">{{.i18n.Tr "admin.auths.attribute_mail"}}</label> + <input class="ipt ipt-large ipt-radius {{if .Err_Attributes}}ipt-error{{end}}" id="attribute_mail" name="attribute_mail" value="{{.Source.LDAP.AttributeMail}}" /> </div> <div class="field"> <label class="req" for="filter">{{.i18n.Tr "admin.auths.filter"}}</label> |