summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authoreisin <eisin@users.noreply.github.com>2018-12-24 18:10:25 +0100
committerGitHub <noreply@github.com>2018-12-24 18:10:25 +0100
commit309bd0179488e5b38f53b440f7603a5656075ca1 (patch)
tree2113017c866f9ed80455ba0e7ac08b010f4b3dd4
parentresponds without error if basedn is blank (diff)
downloadpamldapd-309bd0179488e5b38f53b440f7603a5656075ca1.tar
pamldapd-309bd0179488e5b38f53b440f7603a5656075ca1.tar.gz
pamldapd-309bd0179488e5b38f53b440f7603a5656075ca1.tar.bz2
pamldapd-309bd0179488e5b38f53b440f7603a5656075ca1.tar.lz
pamldapd-309bd0179488e5b38f53b440f7603a5656075ca1.tar.xz
pamldapd-309bd0179488e5b38f53b440f7603a5656075ca1.tar.zst
pamldapd-309bd0179488e5b38f53b440f7603a5656075ca1.zip
-rw-r--r--src/pamldapd.go32
1 files changed, 30 insertions, 2 deletions
diff --git a/src/pamldapd.go b/src/pamldapd.go
index e90b646..a50fed1 100644
--- a/src/pamldapd.go
+++ b/src/pamldapd.go
@@ -125,9 +125,13 @@ func (b Backend) Search(bindDN string, req ldap.SearchRequest, conn net.Conn) (r
if err != nil {
return ldap.ServerSearchResult{ResultCode: ldap.LDAPResultOperationsError}, fmt.Errorf("%s error find condition uid: %s", logger_title, req.Filter)
}
- username = filterUid
+ if binddn_username, err := b.getUserNameFromBaseDN(req.BaseDN); err == nil {
+ username = binddn_username
+ } else {
+ username = filterUid
+ }
} else {
- if username, err = b.getUserNameFromBindDN(bindDN); err != nil {
+ if username, err = b.getUserNameFromBindDN(req.BaseDN); err != nil {
return ldap.ServerSearchResult{ResultCode: ldap.LDAPResultOperationsError}, err
}
}
@@ -202,6 +206,30 @@ func (b Backend) getUserNameFromBindDN(bindDN string) (username string, err erro
return username, nil
}
+func (b Backend) getUserNameFromBaseDN(baseDN string) (username string, err error) {
+ if baseDN == "" {
+ return "", errors.New("baseDN not specified")
+ }
+ if !strings.HasSuffix(baseDN, ","+b.PeopleDN) {
+ return "", errors.New("baseDN not matched")
+ }
+ rest := strings.TrimSuffix(baseDN, ","+b.PeopleDN)
+ if rest == "" {
+ return "", errors.New("baseDN format error")
+ }
+ if strings.Contains(rest, ",") {
+ return "", errors.New("baseDN has too much entities")
+ }
+ if strings.HasPrefix(rest, "uid=") {
+ username = strings.TrimPrefix(rest, "uid=")
+ } else if strings.HasPrefix(rest, "cn=") {
+ username = strings.TrimPrefix(rest, "cn=")
+ } else {
+ return "", errors.New("baseDN contains no cn/uid entry")
+ }
+ return username, nil
+}
+
func (b Backend) makeSearchEntryAccount(dn string, username string) (entry *ldap.Entry, err error) {
attrs := []*ldap.EntryAttribute{}
var u *user.User