This commit is contained in:
@@ -233,7 +233,7 @@ func GetLdapGroupMembership(username string, password string) ([]string, error)
|
||||
defer ldaps.Close()
|
||||
|
||||
// try an authenticated bind to AD to verify credentials
|
||||
log.Printf("Attempting LDAP bind with user '%s' and password length '%d'\n", username, len(password))
|
||||
log.Printf("GetLdapGroupMembership Attempting LDAP bind with user '%s' and password length '%d'\n", username, len(password))
|
||||
err = ldaps.Bind(username, password)
|
||||
if err != nil {
|
||||
if ldapErr, ok := err.(*ldap.Error); ok && ldapErr.ResultCode == ldap.LDAPResultInvalidCredentials {
|
||||
@@ -241,17 +241,17 @@ func GetLdapGroupMembership(username string, password string) ([]string, error)
|
||||
log.Print(errString)
|
||||
return nil, errors.New(errString)
|
||||
} else {
|
||||
errString := fmt.Sprintf("VerifyLdapCreds error binding to LDAP with supplied credentials : '%s'\n", err)
|
||||
errString := fmt.Sprintf("GetLdapGroupMembership error binding to LDAP with supplied credentials : '%s'\n", err)
|
||||
log.Print(errString)
|
||||
return nil, errors.New(errString)
|
||||
}
|
||||
} else {
|
||||
log.Printf("VerifyLdapCreds successfully bound to LDAP\n")
|
||||
log.Printf("GetLdapGroupMembership successfully bound to LDAP\n")
|
||||
}
|
||||
|
||||
groups, err := GetGroupsOfUser(username, LdapBaseDn, ldaps)
|
||||
if err != nil {
|
||||
errString := fmt.Sprintf("VerifyLdapCreds group search error : '%s'\n", err)
|
||||
errString := fmt.Sprintf("GetLdapGroupMembership group search error : '%s'\n", err)
|
||||
log.Print(errString)
|
||||
return nil, errors.New(errString)
|
||||
}
|
||||
@@ -259,8 +259,8 @@ func GetLdapGroupMembership(username string, password string) ([]string, error)
|
||||
return groups, nil
|
||||
}
|
||||
|
||||
// Deprecated
|
||||
func VerifyLdapCreds(username string, password string) bool {
|
||||
// No need to check group memberships, just validate that we can bind successfully
|
||||
func VerifyLdapCreds(username string, password string) error {
|
||||
var err error
|
||||
username = CheckUsername(username)
|
||||
|
||||
@@ -271,46 +271,19 @@ func VerifyLdapCreds(username string, password string) bool {
|
||||
err = ldaps.Bind(username, password)
|
||||
if err != nil {
|
||||
if ldapErr, ok := err.(*ldap.Error); ok && ldapErr.ResultCode == ldap.LDAPResultInvalidCredentials {
|
||||
log.Printf("VerifyLdapCreds user credentials are incorrect : '%s'\n", err)
|
||||
return false
|
||||
errString := "invalid user credentials"
|
||||
log.Print(errString)
|
||||
return errors.New(errString)
|
||||
} else {
|
||||
log.Printf("VerifyLdapCreds error binding to LDAP with supplied credentials : '%s'\n", err)
|
||||
return false
|
||||
errString := fmt.Sprintf("VerifyLdapCreds error binding to LDAP with supplied credentials : '%s'\n", err)
|
||||
log.Print(errString)
|
||||
return errors.New(errString)
|
||||
}
|
||||
} else {
|
||||
log.Printf("VerifyLdapCreds successfully bound to LDAP\n")
|
||||
}
|
||||
|
||||
/*
|
||||
log.Printf("Attempting LDAP search request from base DN '%s'\n", LdapBaseDn)
|
||||
searchReq := ldap.NewSearchRequest(
|
||||
LdapBaseDn,
|
||||
ldap.ScopeWholeSubtree, // you can also use ldap.ScopeWholeSubtree
|
||||
ldap.NeverDerefAliases,
|
||||
0,
|
||||
0,
|
||||
false,
|
||||
"(objectClass=*)",
|
||||
[]string{},
|
||||
nil,
|
||||
)
|
||||
result, err := ldaps.Search(searchReq)
|
||||
if err != nil {
|
||||
log.Printf("VerifyLdapCreds search error : '%s'\n", err)
|
||||
return false
|
||||
}
|
||||
|
||||
log.Printf("result: %v\n", result)
|
||||
*/
|
||||
|
||||
groups, err := GetGroupsOfUser(username, LdapBaseDn, ldaps)
|
||||
if err != nil {
|
||||
log.Printf("VerifyLdapCreds group search error : '%s'\n", err)
|
||||
return false
|
||||
}
|
||||
log.Printf("groups: %v\n", groups)
|
||||
|
||||
return true
|
||||
return nil
|
||||
}
|
||||
|
||||
// GetGroupsOfUser returns the group for a user.
|
||||
|
||||
Reference in New Issue
Block a user