Commit be2fa544 by Martin Molnar

feat(ldap): Allow use of DN in user attribute filter (#3132)

parent 9f4b7ac2
...@@ -408,6 +408,10 @@ func (a *ldapAuther) searchForUser(username string) (*LdapUserInfo, error) { ...@@ -408,6 +408,10 @@ func (a *ldapAuther) searchForUser(username string) (*LdapUserInfo, error) {
if a.server.GroupSearchFilterUserAttribute == "" { if a.server.GroupSearchFilterUserAttribute == "" {
filter_replace = getLdapAttr(a.server.Attr.Username, searchResult) filter_replace = getLdapAttr(a.server.Attr.Username, searchResult)
} }
if a.server.GroupSearchFilterUserAttribute == "dn" {
filter_replace = searchResult.Entries[0].DN
}
filter := strings.Replace(a.server.GroupSearchFilter, "%s", ldap.EscapeFilter(filter_replace), -1) filter := strings.Replace(a.server.GroupSearchFilter, "%s", ldap.EscapeFilter(filter_replace), -1)
a.log.Info("Searching for user's groups", "filter", filter) a.log.Info("Searching for user's groups", "filter", filter)
...@@ -430,8 +434,12 @@ func (a *ldapAuther) searchForUser(username string) (*LdapUserInfo, error) { ...@@ -430,8 +434,12 @@ func (a *ldapAuther) searchForUser(username string) (*LdapUserInfo, error) {
if len(groupSearchResult.Entries) > 0 { if len(groupSearchResult.Entries) > 0 {
for i := range groupSearchResult.Entries { for i := range groupSearchResult.Entries {
if a.server.Attr.MemberOf == "dn" {
memberOf = append(memberOf, groupSearchResult.Entries[i].DN)
} else {
memberOf = append(memberOf, getLdapAttrN(a.server.Attr.MemberOf, groupSearchResult, i)) memberOf = append(memberOf, getLdapAttrN(a.server.Attr.MemberOf, groupSearchResult, i))
} }
}
break break
} }
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment