summaryrefslogtreecommitdiffstats
path: root/modules/auth
diff options
context:
space:
mode:
Diffstat (limited to 'modules/auth')
-rw-r--r--modules/auth/auth_form.go1
-rw-r--r--modules/auth/ldap/ldap.go25
2 files changed, 21 insertions, 5 deletions
diff --git a/modules/auth/auth_form.go b/modules/auth/auth_form.go
index b2d427b4b8..c1d49f66fd 100644
--- a/modules/auth/auth_form.go
+++ b/modules/auth/auth_form.go
@@ -19,6 +19,7 @@ type AuthenticationForm struct {
BindDN string `form:"bind_dn"`
BindPassword string
UserBase string
+ UserDN string `form:"user_dn"`
AttributeName string
AttributeSurname string
AttributeMail string
diff --git a/modules/auth/ldap/ldap.go b/modules/auth/ldap/ldap.go
index de1108fd98..61cfca90b5 100644
--- a/modules/auth/ldap/ldap.go
+++ b/modules/auth/ldap/ldap.go
@@ -22,6 +22,7 @@ type Ldapsource struct {
BindDN string // DN to bind with
BindPassword string // Bind DN password
UserBase string // Base search path for users
+ UserDN string // Template for the DN of the user for simple auth
AttributeName string // First name attribute
AttributeSurname string // Surname attribute
AttributeMail string // E-mail attribute
@@ -78,10 +79,19 @@ func (ls Ldapsource) FindUserDN(name string) (string, bool) {
}
// searchEntry : search an LDAP source if an entry (name, passwd) is valid and in the specific filter
-func (ls Ldapsource) SearchEntry(name, passwd string) (string, string, string, bool, bool) {
- userDN, found := ls.FindUserDN(name)
- if !found {
- return "", "", "", false, false
+func (ls Ldapsource) SearchEntry(name, passwd string, directBind bool) (string, string, string, bool, bool) {
+ var userDN string
+ if directBind {
+ log.Trace("LDAP will bind directly via UserDN template: %s", ls.UserDN)
+ userDN = fmt.Sprintf(ls.UserDN, name)
+ } else {
+ log.Trace("LDAP will use BindDN.")
+
+ var found bool
+ userDN, found = ls.FindUserDN(name)
+ if !found {
+ return "", "", "", false, false
+ }
}
l, err := ldapDial(ls)
@@ -112,7 +122,12 @@ func (ls Ldapsource) SearchEntry(name, passwd string) (string, string, string, b
log.Error(4, "LDAP Search failed unexpectedly! (%v)", err)
return "", "", "", false, false
} else if len(sr.Entries) < 1 {
- log.Error(4, "LDAP Search failed unexpectedly! (0 entries)")
+ if directBind {
+ log.Error(4, "User filter inhibited user login.")
+ } else {
+ log.Error(4, "LDAP Search failed unexpectedly! (0 entries)")
+ }
+
return "", "", "", false, false
}