diff options
author | eisin <eisin@users.noreply.github.com> | 2018-12-24 18:10:25 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-12-24 18:10:25 +0100 |
commit | 309bd0179488e5b38f53b440f7603a5656075ca1 (patch) | |
tree | 2113017c866f9ed80455ba0e7ac08b010f4b3dd4 /src/pamldapd.go | |
parent | responds without error if basedn is blank (diff) | |
download | pamldapd-309bd0179488e5b38f53b440f7603a5656075ca1.tar pamldapd-309bd0179488e5b38f53b440f7603a5656075ca1.tar.gz pamldapd-309bd0179488e5b38f53b440f7603a5656075ca1.tar.bz2 pamldapd-309bd0179488e5b38f53b440f7603a5656075ca1.tar.lz pamldapd-309bd0179488e5b38f53b440f7603a5656075ca1.tar.xz pamldapd-309bd0179488e5b38f53b440f7603a5656075ca1.tar.zst pamldapd-309bd0179488e5b38f53b440f7603a5656075ca1.zip |
Diffstat (limited to 'src/pamldapd.go')
-rw-r--r-- | src/pamldapd.go | 32 |
1 files changed, 30 insertions, 2 deletions
diff --git a/src/pamldapd.go b/src/pamldapd.go index e90b646..a50fed1 100644 --- a/src/pamldapd.go +++ b/src/pamldapd.go @@ -125,9 +125,13 @@ func (b Backend) Search(bindDN string, req ldap.SearchRequest, conn net.Conn) (r if err != nil { return ldap.ServerSearchResult{ResultCode: ldap.LDAPResultOperationsError}, fmt.Errorf("%s error find condition uid: %s", logger_title, req.Filter) } - username = filterUid + if binddn_username, err := b.getUserNameFromBaseDN(req.BaseDN); err == nil { + username = binddn_username + } else { + username = filterUid + } } else { - if username, err = b.getUserNameFromBindDN(bindDN); err != nil { + if username, err = b.getUserNameFromBindDN(req.BaseDN); err != nil { return ldap.ServerSearchResult{ResultCode: ldap.LDAPResultOperationsError}, err } } @@ -202,6 +206,30 @@ func (b Backend) getUserNameFromBindDN(bindDN string) (username string, err erro return username, nil } +func (b Backend) getUserNameFromBaseDN(baseDN string) (username string, err error) { + if baseDN == "" { + return "", errors.New("baseDN not specified") + } + if !strings.HasSuffix(baseDN, ","+b.PeopleDN) { + return "", errors.New("baseDN not matched") + } + rest := strings.TrimSuffix(baseDN, ","+b.PeopleDN) + if rest == "" { + return "", errors.New("baseDN format error") + } + if strings.Contains(rest, ",") { + return "", errors.New("baseDN has too much entities") + } + if strings.HasPrefix(rest, "uid=") { + username = strings.TrimPrefix(rest, "uid=") + } else if strings.HasPrefix(rest, "cn=") { + username = strings.TrimPrefix(rest, "cn=") + } else { + return "", errors.New("baseDN contains no cn/uid entry") + } + return username, nil +} + func (b Backend) makeSearchEntryAccount(dn string, username string) (entry *ldap.Entry, err error) { attrs := []*ldap.EntryAttribute{} var u *user.User |