improve ldap

internal/auth/ldap.go

@@ -26,7 +26,6 @@ type LDAPConfig struct {
 	BindAddress       string
 	BaseDN            string
 	UserBaseDN        string
-	GroupBaseDN       string
 	TrustCertFile     string
 	DisableValidation bool
 	Insecure          bool
@@ -48,7 +47,6 @@ type LDAPAuthenticator struct {
 	bindAddress       string
 	baseDN            string
 	userBaseDN        string
-	groupBaseDN       string
 	trustCertFile     string
 	disableValidation bool
 	insecure          bool
@@ -59,7 +57,6 @@ func NewLDAPAuthenticator(cfg LDAPConfig) (*LDAPAuthenticator, error) {
 	bindAddress := strings.TrimSpace(cfg.BindAddress)
 	baseDN := strings.TrimSpace(cfg.BaseDN)
 	userBaseDN := strings.TrimSpace(cfg.UserBaseDN)
-	groupBaseDN := strings.TrimSpace(cfg.GroupBaseDN)
 	trustCertFile := strings.TrimSpace(cfg.TrustCertFile)
 
 	if bindAddress == "" {
@@ -71,9 +68,6 @@ func NewLDAPAuthenticator(cfg LDAPConfig) (*LDAPAuthenticator, error) {
 	if userBaseDN == "" {
 		userBaseDN = baseDN
 	}
-	if groupBaseDN == "" {
-		groupBaseDN = baseDN
-	}
 	if _, err := url.ParseRequestURI(bindAddress); err != nil {
 		return nil, fmt.Errorf("%w: bind address must be a valid URL: %v", ErrInvalidLDAPConfig, err)
 	}
@@ -87,7 +81,6 @@ func NewLDAPAuthenticator(cfg LDAPConfig) (*LDAPAuthenticator, error) {
 		bindAddress:       bindAddress,
 		baseDN:            baseDN,
 		userBaseDN:        userBaseDN,
-		groupBaseDN:       groupBaseDN,
 		trustCertFile:     trustCertFile,
 		disableValidation: cfg.DisableValidation,
 		insecure:          cfg.Insecure,
@@ -135,7 +128,6 @@ func (a *LDAPAuthenticator) AuthenticateAndFetchGroups(ctx context.Context, user
 	}
 	identity.Diagnostics = append(identity.Diagnostics,
 		"user_lookup_base_dn="+a.userBaseDN,
-		"group_lookup_base_dn="+a.groupBaseDN,
 	)
 	if whoami, err := conn.WhoAmI(nil); err != nil {
 		identity.Diagnostics = append(identity.Diagnostics, fmt.Sprintf("whoami_failed:%v", err))