Skip to content

Commit 38a0323

Browse files
lafrikslafriks
committed
Optimize dublicate code
1 parent 9ef5a6f commit 38a0323

File tree

1 file changed

+23
-34
lines changed

1 file changed

+23
-34
lines changed

modules/auth/ldap/ldap.go

Lines changed: 23 additions & 34 deletions
Original file line numberDiff line numberDiff line change
@@ -158,6 +158,27 @@ func bindUser(l *ldap.Conn, userDN, passwd string) error {
158158
return err
159159
}
160160

161+
func checkAdmin(l *ldap.Conn, ls *Source, userDN string) bool {
162+
if len(ls.AdminFilter) > 0 {
163+
log.Trace("Checking admin with filter %s and base %s", ls.AdminFilter, userDN)
164+
search := ldap.NewSearchRequest(
165+
userDN, ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, ls.AdminFilter,
166+
[]string{ls.AttributeName},
167+
nil)
168+
169+
sr, err := l.Search(search)
170+
171+
if err != nil {
172+
log.Error(4, "LDAP Admin Search failed unexpectedly! (%v)", err)
173+
} else if len(sr.Entries) < 1 {
174+
log.Error(4, "LDAP Admin Search failed")
175+
} else {
176+
return true
177+
}
178+
}
179+
return false
180+
}
181+
161182
// SearchEntry : search an LDAP source if an entry (name, passwd) is valid and in the specific filter
162183
func (ls *Source) SearchEntry(name, passwd string, directBind bool) *SearchResult {
163184
// See https://tools.ietf.org/search/rfc4513#section-5.1.2
@@ -229,24 +250,7 @@ func (ls *Source) SearchEntry(name, passwd string, directBind bool) *SearchResul
229250
firstname := sr.Entries[0].GetAttributeValue(ls.AttributeName)
230251
surname := sr.Entries[0].GetAttributeValue(ls.AttributeSurname)
231252
mail := sr.Entries[0].GetAttributeValue(ls.AttributeMail)
232-
233-
isAdmin := false
234-
if len(ls.AdminFilter) > 0 {
235-
log.Trace("Checking admin with filter %s and base %s", ls.AdminFilter, userDN)
236-
search = ldap.NewSearchRequest(
237-
userDN, ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, ls.AdminFilter,
238-
[]string{ls.AttributeName},
239-
nil)
240-
241-
sr, err = l.Search(search)
242-
if err != nil {
243-
log.Error(4, "LDAP Admin Search failed unexpectedly! (%v)", err)
244-
} else if len(sr.Entries) < 1 {
245-
log.Error(4, "LDAP Admin Search failed")
246-
} else {
247-
isAdmin = true
248-
}
249-
}
253+
isAdmin := checkAdmin(l, ls, userDN)
250254

251255
if !directBind && ls.AttributesInBind {
252256
// binds user (checking password) after looking-up attributes in BindDN context
@@ -308,22 +312,7 @@ func (ls *Source) SearchEntries() []*SearchResult {
308312
Name: v.GetAttributeValue(ls.AttributeName),
309313
Surname: v.GetAttributeValue(ls.AttributeSurname),
310314
Mail: v.GetAttributeValue(ls.AttributeMail),
311-
IsAdmin: false,
312-
}
313-
314-
if len(ls.AdminFilter) > 0 {
315-
log.Trace("Checking admin with filter %s and base %s", ls.AdminFilter, v.DN)
316-
adminSearch := ldap.NewSearchRequest(
317-
v.DN, ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, ls.AdminFilter,
318-
[]string{ls.AttributeName},
319-
nil)
320-
321-
asr, err := l.Search(adminSearch)
322-
if err != nil {
323-
log.Error(4, "LDAP Admin Search failed unexpectedly! (%v)", err)
324-
} else if len(asr.Entries) == 1 {
325-
result[i].IsAdmin = true
326-
}
315+
IsAdmin: checkAdmin(l, ls, v.DN),
327316
}
328317
}
329318

0 commit comments

Comments
 (0)