habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

outpost/ldap: make users and groups OU instead of CN

Browse Source 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer
2021-05-07 11:46:26 +02:00
parent fabdb6448f
commit 9485f0b8cc
5 changed files with 14 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
outpost/pkg/ldap/instance_bind.go
View File

@ -29,7 +29,7 @@ type PasswordResponse struct {
}
func (pi *ProviderInstance) getUsername(dn string) (string, error) {
if !strings.HasSuffix(dn, pi.BaseDN) {
if !strings.HasSuffix(strings.ToLower(dn), strings.ToLower(pi.BaseDN)) {
return "", errors.New("invalid base DN")
}
dns, err := goldap.ParseDN(dn)
@ -38,12 +38,12 @@ func (pi *ProviderInstance) getUsername(dn string) (string, error) {
}
for _, part := range dns.RDNs {
for _, attribute := range part.Attributes {
if attribute.Type == "DN" {
if strings.ToLower(attribute.Type) == "cn" {
return attribute.Value, nil
}
}
}
return "", errors.New("failed to find dn")
return "", errors.New("failed to find cn")
}
func (pi *ProviderInstance) Bind(username string, bindPW string, conn net.Conn) (ldap.LDAPResultCode, error) {
@ -150,6 +150,8 @@ func (pi *ProviderInstance) solveFlowChallenge(bindDN string, password string, c
responseParams.Data = &UIDResponse{UIDFIeld: bindDN}
case "ak-stage-password":
responseParams.Data = &PasswordResponse{Password: password}
case "ak-stage-access-denied":
return false, errors.New("got ak-stage-access-denied")
default:
return false, fmt.Errorf("unsupported challenge type: %s", challenge.Payload.Component)
}