support LDAP aliases
This commit is contained in:
parent
188e54f893
commit
9bb084f0a7
1 changed files with 15 additions and 5 deletions
|
|
@ -115,7 +115,7 @@ impl ValidateLogin for LdapBackend {
|
|||
&self.config.search_base,
|
||||
Scope::Subtree,
|
||||
&filter,
|
||||
["dn", "uid"],
|
||||
["dn", "uid", "aliasedObjectName"],
|
||||
)
|
||||
.await?
|
||||
.success()?
|
||||
|
|
@ -138,6 +138,16 @@ impl ValidateLogin for LdapBackend {
|
|||
}
|
||||
};
|
||||
|
||||
let real_dn = search_entry
|
||||
.attrs
|
||||
.get("aliasedObjectName")
|
||||
.map(|aliased_objects| {
|
||||
let aliased_object = &aliased_objects[0];
|
||||
event!(Level::INFO, dn = aliased_object, "LDAP entry is alias to");
|
||||
aliased_object
|
||||
})
|
||||
.unwrap_or(&search_entry.dn);
|
||||
|
||||
let uid = {
|
||||
let uids = search_entry.attrs.get("uid").ok_or_else(|| {
|
||||
event!(
|
||||
|
|
@ -161,7 +171,7 @@ impl ValidateLogin for LdapBackend {
|
|||
|
||||
event!(
|
||||
Level::TRACE,
|
||||
dn = search_entry.dn,
|
||||
dn = real_dn,
|
||||
uid,
|
||||
"Found LDAP user, attempting to bind"
|
||||
);
|
||||
|
|
@ -171,13 +181,13 @@ impl ValidateLogin for LdapBackend {
|
|||
let (conn, mut ldap) = start_ldap_connection(&self.config).await?;
|
||||
drive!(conn);
|
||||
if let Err(ldap_error) = ldap
|
||||
.simple_bind(&search_entry.dn, password.0.expose_secret())
|
||||
.simple_bind(real_dn, password.0.expose_secret())
|
||||
.await?
|
||||
.success()
|
||||
{
|
||||
event!(
|
||||
Level::TRACE,
|
||||
dn = search_entry.dn,
|
||||
dn = real_dn,
|
||||
ldap_error = ldap_error.to_string(),
|
||||
"LDAP bind failed"
|
||||
);
|
||||
|
|
@ -185,7 +195,7 @@ impl ValidateLogin for LdapBackend {
|
|||
}
|
||||
}
|
||||
|
||||
event!(Level::INFO, dn = search_entry.dn, "LDAP bind succeeded");
|
||||
event!(Level::INFO, dn = real_dn, "LDAP bind succeeded");
|
||||
Ok(uid)
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue