xiretza/factoriauth
1
0
Fork 0
Code Issues 2 Pull requests Releases Activity

actually validate that the LDAP bind succeeded

Browse source
This commit is contained in:
deneb 2024-10-21 14:58:27 +02:00
parent 63487af2a4
commit 691bebf6ba
1 changed files with 14 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
src/auth/backends.rs
View file

@ -170,10 +170,22 @@ impl ValidateLogin for LdapBackend {
{ {
let (conn, mut ldap) = start_ldap_connection(&self.config).await?; let (conn, mut ldap) = start_ldap_connection(&self.config).await?;
drive!(conn); drive!(conn);
ldap.simple_bind(&search_entry.dn, password.0.expose_secret()) if let Err(ldap_error) = ldap
.await?; .simple_bind(&search_entry.dn, password.0.expose_secret())
.await?
.success()
{
event!(
Level::TRACE,
dn = search_entry.dn,
ldap_error = ldap_error.to_string(),
"LDAP bind failed"
);
return Err(AuthenticationError::InvalidUserOrPassword);
}
} }
event!(Level::INFO, dn = search_entry.dn, "LDAP bind succeeded");
Ok(uid) Ok(uid)
} }
} }