support LDAP aliases
This commit is contained in:
parent
188e54f893
commit
9bb084f0a7
1 changed files with 15 additions and 5 deletions
|
|
@ -115,7 +115,7 @@ impl ValidateLogin for LdapBackend {
|
||||||
&self.config.search_base,
|
&self.config.search_base,
|
||||||
Scope::Subtree,
|
Scope::Subtree,
|
||||||
&filter,
|
&filter,
|
||||||
["dn", "uid"],
|
["dn", "uid", "aliasedObjectName"],
|
||||||
)
|
)
|
||||||
.await?
|
.await?
|
||||||
.success()?
|
.success()?
|
||||||
|
|
@ -138,6 +138,16 @@ impl ValidateLogin for LdapBackend {
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
|
let real_dn = search_entry
|
||||||
|
.attrs
|
||||||
|
.get("aliasedObjectName")
|
||||||
|
.map(|aliased_objects| {
|
||||||
|
let aliased_object = &aliased_objects[0];
|
||||||
|
event!(Level::INFO, dn = aliased_object, "LDAP entry is alias to");
|
||||||
|
aliased_object
|
||||||
|
})
|
||||||
|
.unwrap_or(&search_entry.dn);
|
||||||
|
|
||||||
let uid = {
|
let uid = {
|
||||||
let uids = search_entry.attrs.get("uid").ok_or_else(|| {
|
let uids = search_entry.attrs.get("uid").ok_or_else(|| {
|
||||||
event!(
|
event!(
|
||||||
|
|
@ -161,7 +171,7 @@ impl ValidateLogin for LdapBackend {
|
||||||
|
|
||||||
event!(
|
event!(
|
||||||
Level::TRACE,
|
Level::TRACE,
|
||||||
dn = search_entry.dn,
|
dn = real_dn,
|
||||||
uid,
|
uid,
|
||||||
"Found LDAP user, attempting to bind"
|
"Found LDAP user, attempting to bind"
|
||||||
);
|
);
|
||||||
|
|
@ -171,13 +181,13 @@ impl ValidateLogin for LdapBackend {
|
||||||
let (conn, mut ldap) = start_ldap_connection(&self.config).await?;
|
let (conn, mut ldap) = start_ldap_connection(&self.config).await?;
|
||||||
drive!(conn);
|
drive!(conn);
|
||||||
if let Err(ldap_error) = ldap
|
if let Err(ldap_error) = ldap
|
||||||
.simple_bind(&search_entry.dn, password.0.expose_secret())
|
.simple_bind(real_dn, password.0.expose_secret())
|
||||||
.await?
|
.await?
|
||||||
.success()
|
.success()
|
||||||
{
|
{
|
||||||
event!(
|
event!(
|
||||||
Level::TRACE,
|
Level::TRACE,
|
||||||
dn = search_entry.dn,
|
dn = real_dn,
|
||||||
ldap_error = ldap_error.to_string(),
|
ldap_error = ldap_error.to_string(),
|
||||||
"LDAP bind failed"
|
"LDAP bind failed"
|
||||||
);
|
);
|
||||||
|
|
@ -185,7 +195,7 @@ impl ValidateLogin for LdapBackend {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
event!(Level::INFO, dn = search_entry.dn, "LDAP bind succeeded");
|
event!(Level::INFO, dn = real_dn, "LDAP bind succeeded");
|
||||||
Ok(uid)
|
Ok(uid)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue