summaryrefslogtreecommitdiffstats
path: root/src/pamldapd.go
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/pamldapd.go32
1 files changed, 30 insertions, 2 deletions
diff --git a/src/pamldapd.go b/src/pamldapd.go
index e90b646..a50fed1 100644
--- a/src/pamldapd.go
+++ b/src/pamldapd.go
@@ -125,9 +125,13 @@ func (b Backend) Search(bindDN string, req ldap.SearchRequest, conn net.Conn) (r
if err != nil {
return ldap.ServerSearchResult{ResultCode: ldap.LDAPResultOperationsError}, fmt.Errorf("%s error find condition uid: %s", logger_title, req.Filter)
}
- username = filterUid
+ if binddn_username, err := b.getUserNameFromBaseDN(req.BaseDN); err == nil {
+ username = binddn_username
+ } else {
+ username = filterUid
+ }
} else {
- if username, err = b.getUserNameFromBindDN(bindDN); err != nil {
+ if username, err = b.getUserNameFromBindDN(req.BaseDN); err != nil {
return ldap.ServerSearchResult{ResultCode: ldap.LDAPResultOperationsError}, err
}
}
@@ -202,6 +206,30 @@ func (b Backend) getUserNameFromBindDN(bindDN string) (username string, err erro
return username, nil
}
+func (b Backend) getUserNameFromBaseDN(baseDN string) (username string, err error) {
+ if baseDN == "" {
+ return "", errors.New("baseDN not specified")
+ }
+ if !strings.HasSuffix(baseDN, ","+b.PeopleDN) {
+ return "", errors.New("baseDN not matched")
+ }
+ rest := strings.TrimSuffix(baseDN, ","+b.PeopleDN)
+ if rest == "" {
+ return "", errors.New("baseDN format error")
+ }
+ if strings.Contains(rest, ",") {
+ return "", errors.New("baseDN has too much entities")
+ }
+ if strings.HasPrefix(rest, "uid=") {
+ username = strings.TrimPrefix(rest, "uid=")
+ } else if strings.HasPrefix(rest, "cn=") {
+ username = strings.TrimPrefix(rest, "cn=")
+ } else {
+ return "", errors.New("baseDN contains no cn/uid entry")
+ }
+ return username, nil
+}
+
func (b Backend) makeSearchEntryAccount(dn string, username string) (entry *ldap.Entry, err error) {
attrs := []*ldap.EntryAttribute{}
var u *user.User