Merge pull request #1507 from cloudron-io/develop
Set IsAdmin using LDAP
This commit is contained in:
commit
2b393f5b03
7 changed files with 38 additions and 8 deletions
|
@ -761,6 +761,7 @@ auths.attribute_name = First name attribute
|
|||
auths.attribute_surname = Surname attribute
|
||||
auths.attribute_mail = E-mail attribute
|
||||
auths.filter = User Filter
|
||||
auths.admin_filter = Admin Filter
|
||||
auths.ms_ad_sa = Ms Ad SA
|
||||
auths.smtp_auth = SMTP Authorization Type
|
||||
auths.smtphost = SMTP Host
|
||||
|
|
|
@ -257,7 +257,7 @@ func UserSignIn(uname, passwd string) (*User, error) {
|
|||
// Return the same LoginUserPlain semantic
|
||||
// FIXME: https://github.com/gogits/gogs/issues/672
|
||||
func LoginUserLdapSource(u *User, name, passwd string, sourceId int64, cfg *LDAPConfig, autoRegister bool) (*User, error) {
|
||||
fn, sn, mail, logged := cfg.Ldapsource.SearchEntry(name, passwd)
|
||||
fn, sn, mail, admin, logged := cfg.Ldapsource.SearchEntry(name, passwd)
|
||||
if !logged {
|
||||
// User not in LDAP, do nothing
|
||||
return nil, ErrUserNotExist{0, name}
|
||||
|
@ -281,6 +281,7 @@ func LoginUserLdapSource(u *User, name, passwd string, sourceId int64, cfg *LDAP
|
|||
LoginName: name,
|
||||
Passwd: passwd,
|
||||
Email: mail,
|
||||
IsAdmin: admin,
|
||||
IsActive: true,
|
||||
}
|
||||
return u, CreateUser(u)
|
||||
|
|
|
@ -23,6 +23,7 @@ type AuthenticationForm struct {
|
|||
AttributeSurname string
|
||||
AttributeMail string
|
||||
Filter string
|
||||
AdminFilter string
|
||||
IsActived bool
|
||||
SMTPAuth string `form:"smtp_auth"`
|
||||
SMTPHost string `form:"smtp_host"`
|
||||
|
|
|
@ -26,6 +26,7 @@ type Ldapsource struct {
|
|||
AttributeSurname string // Surname attribute
|
||||
AttributeMail string // E-mail attribute
|
||||
Filter string // Query filter to validate entry
|
||||
AdminFilter string // Query filter to check if user is admin
|
||||
Enabled bool // if this source is disabled
|
||||
}
|
||||
|
||||
|
@ -77,17 +78,17 @@ func (ls Ldapsource) FindUserDN(name string) (string, bool) {
|
|||
}
|
||||
|
||||
// searchEntry : search an LDAP source if an entry (name, passwd) is valid and in the specific filter
|
||||
func (ls Ldapsource) SearchEntry(name, passwd string) (string, string, string, bool) {
|
||||
func (ls Ldapsource) SearchEntry(name, passwd string) (string, string, string, bool, bool) {
|
||||
userDN, found := ls.FindUserDN(name)
|
||||
if !found {
|
||||
return "", "", "", false
|
||||
return "", "", "", false, false
|
||||
}
|
||||
|
||||
l, err := ldapDial(ls)
|
||||
if err != nil {
|
||||
log.Error(4, "LDAP Connect error, %s:%v", ls.Host, err)
|
||||
ls.Enabled = false
|
||||
return "", "", "", false
|
||||
return "", "", "", false, false
|
||||
}
|
||||
|
||||
defer l.Close()
|
||||
|
@ -96,7 +97,7 @@ func (ls Ldapsource) SearchEntry(name, passwd string) (string, string, string, b
|
|||
err = l.Bind(userDN, passwd)
|
||||
if err != nil {
|
||||
log.Debug("LDAP auth. failed for %s, reason: %v", userDN, err)
|
||||
return "", "", "", false
|
||||
return "", "", "", false, false
|
||||
}
|
||||
|
||||
log.Trace("Bound successfully with userDN: %s", userDN)
|
||||
|
@ -109,16 +110,32 @@ func (ls Ldapsource) SearchEntry(name, passwd string) (string, string, string, b
|
|||
sr, err := l.Search(search)
|
||||
if err != nil {
|
||||
log.Error(4, "LDAP Search failed unexpectedly! (%v)", err)
|
||||
return "", "", "", false
|
||||
return "", "", "", false, false
|
||||
} else if len(sr.Entries) < 1 {
|
||||
log.Error(4, "LDAP Search failed unexpectedly! (0 entries)")
|
||||
return "", "", "", false
|
||||
return "", "", "", false, false
|
||||
}
|
||||
|
||||
name_attr := sr.Entries[0].GetAttributeValue(ls.AttributeName)
|
||||
sn_attr := sr.Entries[0].GetAttributeValue(ls.AttributeSurname)
|
||||
mail_attr := sr.Entries[0].GetAttributeValue(ls.AttributeMail)
|
||||
return name_attr, sn_attr, mail_attr, true
|
||||
|
||||
search = ldap.NewSearchRequest(
|
||||
userDN, ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, ls.AdminFilter,
|
||||
[]string{ls.AttributeName},
|
||||
nil)
|
||||
|
||||
sr, err = l.Search(search)
|
||||
admin_attr := false
|
||||
if err != nil {
|
||||
log.Error(4, "LDAP Admin Search failed unexpectedly! (%v)", err)
|
||||
} else if len(sr.Entries) < 1 {
|
||||
log.Error(4, "LDAP Admin Search failed")
|
||||
} else {
|
||||
admin_attr = true
|
||||
}
|
||||
|
||||
return name_attr, sn_attr, mail_attr, admin_attr, true
|
||||
}
|
||||
|
||||
func ldapDial(ls Ldapsource) (*ldap.Conn, error) {
|
||||
|
|
|
@ -71,6 +71,7 @@ func NewAuthSourcePost(ctx *middleware.Context, form auth.AuthenticationForm) {
|
|||
BindPassword: form.BindPassword,
|
||||
UserBase: form.UserBase,
|
||||
Filter: form.Filter,
|
||||
AdminFilter: form.AdminFilter,
|
||||
AttributeName: form.AttributeName,
|
||||
AttributeSurname: form.AttributeSurname,
|
||||
AttributeMail: form.AttributeMail,
|
||||
|
@ -160,6 +161,7 @@ func EditAuthSourcePost(ctx *middleware.Context, form auth.AuthenticationForm) {
|
|||
AttributeSurname: form.AttributeSurname,
|
||||
AttributeMail: form.AttributeMail,
|
||||
Filter: form.Filter,
|
||||
AdminFilter: form.AdminFilter,
|
||||
Enabled: true,
|
||||
},
|
||||
}
|
||||
|
|
|
@ -59,6 +59,10 @@
|
|||
<label class="req" for="filter">{{.i18n.Tr "admin.auths.filter"}}</label>
|
||||
<input class="ipt ipt-large ipt-radius {{if .Err_Filter}}ipt-error{{end}}" id="filter" name="filter" value="{{.Source.LDAP.Filter}}" />
|
||||
</div>
|
||||
<div class="field">
|
||||
<label class="req" for="filter">{{.i18n.Tr "admin.auths.admin_filter"}}</label>
|
||||
<input class="ipt ipt-large ipt-radius {{if .Err_AdminFilter}}ipt-error{{end}}" id="admin_filter" name="admin_filter" value="{{.Source.LDAP.AdminFilter}}" />
|
||||
</div>
|
||||
<div class="field">
|
||||
<label for="attribute_name">{{.i18n.Tr "admin.auths.attribute_name"}}</label>
|
||||
<input class="ipt ipt-large ipt-radius {{if .Err_Attributes}}ipt-error{{end}}" id="attribute_name" name="attribute_name" value="{{.Source.LDAP.AttributeName}}" />
|
||||
|
|
|
@ -55,6 +55,10 @@
|
|||
<label class="req" for="filter">{{.i18n.Tr "admin.auths.filter"}}</label>
|
||||
<input class="ipt ipt-large ipt-radius {{if .Err_Filter}}ipt-error{{end}}" id="filter" name="filter" value="{{.filter}}" />
|
||||
</div>
|
||||
<div class="field">
|
||||
<label class="req" for="filter">{{.i18n.Tr "admin.auths.admin_filter"}}</label>
|
||||
<input class="ipt ipt-large ipt-radius {{if .Err_AdminFilter}}ipt-error{{end}}" id="admin_filter" name="admin_filter" value="{{.admin_filter}}" />
|
||||
</div>
|
||||
<div class="field">
|
||||
<label for="attribute_name">{{.i18n.Tr "admin.auths.attribute_name"}}</label>
|
||||
<input class="ipt ipt-large ipt-radius {{if .Err_AttributeName}}ipt-error{{end}}" id="attribute_name" name="attribute_name" value="{{.attribute_name}}" />
|
||||
|
|
Loading…
Reference in a new issue