Browse Source

ldap: fix group membership search handling when the group members are listed by 'dn' (#4684) (#4688)

Also, fixed typo in group member list return size check.
master
aboron 6 years ago committed by 无闻
parent
commit
43bca4df40
  1. 12
      pkg/auth/ldap/ldap.go

12
pkg/auth/ldap/ldap.go

@ -268,12 +268,21 @@ func (ls *Source) SearchEntry(name, passwd string, directBind bool) (string, str
if err != nil { if err != nil {
log.Error(2, "LDAP: Group search failed: %v", err) log.Error(2, "LDAP: Group search failed: %v", err)
return "", "", "", "", false, false return "", "", "", "", false, false
} else if len(sr.Entries) < 1 { } else if len(srg.Entries) < 1 {
log.Error(2, "LDAP: Group search failed: 0 entries") log.Error(2, "LDAP: Group search failed: 0 entries")
return "", "", "", "", false, false return "", "", "", "", false, false
} }
isMember := false isMember := false
if ls.UserUID == "dn" {
for _, group := range srg.Entries {
for _, member := range group.GetAttributeValues(ls.GroupMemberUID) {
if member == sr.Entries[0].DN {
isMember = true
}
}
}
} else {
for _, group := range srg.Entries { for _, group := range srg.Entries {
for _, member := range group.GetAttributeValues(ls.GroupMemberUID) { for _, member := range group.GetAttributeValues(ls.GroupMemberUID) {
if member == uid { if member == uid {
@ -281,6 +290,7 @@ func (ls *Source) SearchEntry(name, passwd string, directBind bool) (string, str
} }
} }
} }
}
if !isMember { if !isMember {
log.Trace("LDAP: Group membership test failed [username: %s, group_member_uid: %s, user_uid: %s", username, ls.GroupMemberUID, uid) log.Trace("LDAP: Group membership test failed [username: %s, group_member_uid: %s, user_uid: %s", username, ls.GroupMemberUID, uid)

Loading…
Cancel
Save