fix(ldap): another fix for ldap and empty bindDN and bind password, #2339

f62d7434 · Torkel Ödegaard · 9dc77992 · f62d7434
Commit f62d7434 authored Aug 05, 2015 by Torkel Ödegaard
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 4 deletions

pkg/login/ldap.go
+6 -4

No files found.
--- a/pkg/login/ldap.go
+++ b/pkg/login/ldap.go
@@ -14,8 +14,9 @@ import (
 )

 type ldapAuther struct {
-	server *LdapServerConf
-	conn   *ldap.Conn
+	server            *LdapServerConf
+	conn              *ldap.Conn
+	requireSecondBind bool
 }

 func NewLdapAuthenticator(server *LdapServerConf) *ldapAuther {
@@ -58,7 +59,7 @@ func (a *ldapAuther) login(query *LoginUserQuery) error {
 		}

 		// check if a second user bind is needed
-		if a.server.BindPassword != "" {
+		if a.requireSecondBind {
 			if err := a.secondBind(ldapUser, query.Password); err != nil {
 				return err
 			}
@@ -204,8 +205,9 @@ func (a *ldapAuther) secondBind(ldapUser *ldapUserInfo, userPassword string) err
 }

 func (a *ldapAuther) initialBind(username, userPassword string) error {
-	if a.server.BindPassword != "" {
+	if a.server.BindPassword != "" || a.server.BindDN == "" {
 		userPassword = a.server.BindPassword
+		a.requireSecondBind = true
 	}

 	bindPath := a.server.BindDN