From 023fdc22a6c22e167269acda1b8185fdd6c65ba8 Mon Sep 17 00:00:00 2001
From: Nathan Coad <nathan@thecoads.com>
Date: Thu, 4 Jan 2024 12:59:01 +1100
Subject: [PATCH] update

---
 .drone.yml     |  2 ++
 README.md      |  2 +-
 models/ldap.go | 10 ++++++++--
 test.env       |  4 ++--
 4 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/.drone.yml b/.drone.yml
index 5d6b7c8..319dd9c 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -22,6 +22,7 @@ steps:
   pull: true
   settings:
     backend: "filesystem"
+    debug: true
     restore: true
     cache_key: "volume"
     archive_format: "gzip"
@@ -46,6 +47,7 @@ steps:
   pull: true
   settings:
     backend: "filesystem"
+    debug: true
     rebuild: true
     cache_key: "volume"
     archive_format: "gzip"
diff --git a/README.md b/README.md
index 09a8148..ad03048 100644
--- a/README.md
+++ b/README.md
@@ -29,7 +29,7 @@ Written by Nathan Coad (nathan.coad@dell.com)
 | LOG_FILE | Specify the name/path of file to write log messages to | /var/log/smt.log | ./smt.log
 | BIND_IP | Specify the local IP address to bind to. | 127.0.0.1 | Primary IPv4 address |
 | BIND_PORT | Specify the TCP/IP port to bind to. | 443 | 8443 |
-| LDAP_BIND_ADDRESS | If LDAP integration is needed, specify the LDAP Bind address. Only LDAPS on port 636 is supported. Do not specify port 636 in the bind address | ldaps://dc.example.com | No default specified |
+| LDAP_BIND_ADDRESS | If LDAP integration is needed, specify the LDAP Bind address. Only LDAPS on port 636 is supported. Do not specify port 636 in the bind address | dc.example.com | No default specified |
 | LDAP_BASE_DN | If LDAP integration is needed, specify the base DN to use when binding to AD | "OU=Users,DC=example,DC=com" | No default specified |
 | LDAP_TRUST_CERT_FILE | If LDAP integration is needed, specify filepath to PEM format public certificate of Certificate Authority signing LDAPS communications | caroot.pem | No default specified, must define this value |
 | TLS_KEY_FILE | Specify the filename of the TLS certificate private key (must be unencrypted) in PEM format | key.pem | privkey.pem |
diff --git a/models/ldap.go b/models/ldap.go
index 98c8bea..6da6f0a 100644
--- a/models/ldap.go
+++ b/models/ldap.go
@@ -123,8 +123,14 @@ func VerifyLdapCreds(username string, password string) bool {
 	// try to bind to AD
 	err = ldaps.Bind(username, password)
 	if err != nil {
-		log.Printf("VerifyLdapCreds error binding to LDAP with supplied credentials : '%s'\n", err)
-		return false
+
+		if ldapErr, ok := err.(*ldap.Error); ok && ldapErr.ResultCode == ldap.LDAPResultInvalidCredentials {
+			log.Printf("VerifyLdapCreds user credentials are incorrect\n")
+			return false
+		} else {
+			log.Printf("VerifyLdapCreds error binding to LDAP with supplied credentials : '%s'\n", err)
+			return false
+		}
 	} else {
 		log.Printf("VerifyLdapCreds successfully bound to LDAP\n")
 	}
diff --git a/test.env b/test.env
index cd9d75a..03e6c61 100644
--- a/test.env
+++ b/test.env
@@ -4,8 +4,8 @@ INITIAL_PASSWORD=Password123
 TOKEN_HOUR_LIFESPAN=168
 BIND_IP=
 BIND_PORT=8443
-LDAP_BIND_ADDRESS=ldaps://dc.lab.local
-LDAP_BASE_DN=OU=Users,DC=lab,DC=local
+LDAP_BIND_ADDRESS=adcp12.cdc.home
+LDAP_BASE_DN=OU=Users,DC=cdc,DC=home
 LDAP_TRUST_CERT_FILE=
 TLS_KEY_FILE=key.pem
 TLS_CERT_FILE=cert.pem
\ No newline at end of file