Skip to content

Commit

Permalink
allow to search using bind dn instead of auth bind connection when bi…
Browse files Browse the repository at this point in the history 
…nd auth is enabled (#873)
  • Loading branch information
@SinnySupernova
SinnySupernova authored Oct 21, 2024
1 parent c9cd44b commit db8b536
Show file tree
Hide file tree
Showing 3 changed files with 22 additions and 10 deletions.
8 changes: 6 additions & 2 deletions crates/directory/src/backend/ldap/config.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ use utils::config::{utils::AsKey, Config};

use crate::core::config::build_pool;

use super::{Bind, LdapConnectionManager, LdapDirectory, LdapFilter, LdapMappings};
use super::{AuthBind, Bind, LdapConnectionManager, LdapDirectory, LdapFilter, LdapMappings};

impl LdapDirectory {
pub fn from_config(config: &mut Config, prefix: impl AsKey, data_store: Store) -> Option<Self> {
Expand Down Expand Up @@ -107,7 +107,11 @@ impl LdapDirectory {
.property_or_default::<bool>((&prefix, "bind.auth.enable"), "false")
.unwrap_or_default()
{
LdapFilter::from_config(config, (&prefix, "bind.auth.dn")).into()
let filter = LdapFilter::from_config(config, (&prefix, "bind.auth.dn"));
let search = config
.property_or_default::<bool>((&prefix, "bind.auth.search"), "true")
.unwrap_or(true);
Some(AuthBind { filter, search })
} else {
None
};
Expand Down
17 changes: 10 additions & 7 deletions crates/directory/src/backend/ldap/lookup.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,16 +70,16 @@ impl LdapDirectory {
};

if let Some(auth_bind) = &self.auth_bind {
let (conn, mut ldap) = LdapConnAsync::with_settings(
let (auth_bind_conn, mut ldap) = LdapConnAsync::with_settings(
self.pool.manager().settings.clone(),
&self.pool.manager().address,
)
.await
.map_err(|err| err.into_error().caused_by(trc::location!()))?;

ldap3::drive!(conn);
ldap3::drive!(auth_bind_conn);

let dn = auth_bind.build(username);
let dn = auth_bind.filter.build(username);

trc::event!(Store(trc::StoreEvent::LdapBind), Details = dn.clone());

Expand All @@ -93,10 +93,13 @@ impl LdapDirectory {
return Ok(None);
}

match self
.find_principal(&mut ldap, &self.mappings.filter_name.build(username))
.await
{
let filter = &self.mappings.filter_name.build(username);
let principal = if auth_bind.search {
self.find_principal(&mut ldap, filter).await
} else {
self.find_principal(&mut conn, filter).await
};
match principal {
Ok(Some(principal)) => (
principal.with_field(PrincipalField::Name, username.to_string()),
None,
Expand Down
7 changes: 6 additions & 1 deletion crates/directory/src/backend/ldap/mod.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ pub mod pool;
pub struct LdapDirectory {
pool: Pool<LdapConnectionManager>,
mappings: LdapMappings,
auth_bind: Option<LdapFilter>,
auth_bind: Option<AuthBind>,
pub(crate) data_store: Store,
}

Expand Down Expand Up @@ -76,3 +76,8 @@ impl Bind {
Self { dn, password }
}
}

pub(crate) struct AuthBind {
filter: LdapFilter,
search: bool,
}

0 comments on commit db8b536

Please sign in to comment.