Skip to content

Commit 9ef5a6f

Browse files
lafrikslafriks
committed
Implememt method to search all LDAP users that match source user filter
1 parent 0defcb4 commit 9ef5a6f

File tree

1 file changed

+65
-0
lines changed

1 file changed

+65
-0
lines changed

modules/auth/ldap/ldap.go

Lines changed: 65 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -264,3 +264,68 @@ func (ls *Source) SearchEntry(name, passwd string, directBind bool) *SearchResul
264264
IsAdmin: isAdmin,
265265
}
266266
}
267+
268+
// SearchEntries : search an LDAP source for all users matching userFilter
269+
func (ls *Source) SearchEntries() []*SearchResult {
270+
l, err := dial(ls)
271+
if err != nil {
272+
log.Error(4, "LDAP Connect error, %s:%v", ls.Host, err)
273+
ls.Enabled = false
274+
return nil
275+
}
276+
defer l.Close()
277+
278+
if ls.BindDN != "" && ls.BindPassword != "" {
279+
err := l.Bind(ls.BindDN, ls.BindPassword)
280+
if err != nil {
281+
log.Debug("Failed to bind as BindDN[%s]: %v", ls.BindDN, err)
282+
return nil
283+
}
284+
log.Trace("Bound as BindDN %s", ls.BindDN)
285+
} else {
286+
log.Trace("Proceeding with anonymous LDAP search.")
287+
}
288+
289+
userFilter := fmt.Sprintf(ls.Filter, "*")
290+
291+
log.Trace("Fetching attributes '%v', '%v', '%v', '%v' with filter %s and base %s", ls.AttributeUsername, ls.AttributeName, ls.AttributeSurname, ls.AttributeMail, userFilter, ls.UserBase)
292+
search := ldap.NewSearchRequest(
293+
ls.UserBase, ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, userFilter,
294+
[]string{ls.AttributeUsername, ls.AttributeName, ls.AttributeSurname, ls.AttributeMail},
295+
nil)
296+
297+
sr, err := l.Search(search)
298+
if err != nil {
299+
log.Error(4, "LDAP Search failed unexpectedly! (%v)", err)
300+
return nil
301+
}
302+
303+
result := make([]*SearchResult, len(sr.Entries))
304+
305+
for i, v := range sr.Entries {
306+
result[i] = &SearchResult{
307+
Username: v.GetAttributeValue(ls.AttributeUsername),
308+
Name: v.GetAttributeValue(ls.AttributeName),
309+
Surname: v.GetAttributeValue(ls.AttributeSurname),
310+
Mail: v.GetAttributeValue(ls.AttributeMail),
311+
IsAdmin: false,
312+
}
313+
314+
if len(ls.AdminFilter) > 0 {
315+
log.Trace("Checking admin with filter %s and base %s", ls.AdminFilter, v.DN)
316+
adminSearch := ldap.NewSearchRequest(
317+
v.DN, ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, ls.AdminFilter,
318+
[]string{ls.AttributeName},
319+
nil)
320+
321+
asr, err := l.Search(adminSearch)
322+
if err != nil {
323+
log.Error(4, "LDAP Admin Search failed unexpectedly! (%v)", err)
324+
} else if len(asr.Entries) == 1 {
325+
result[i].IsAdmin = true
326+
}
327+
}
328+
}
329+
330+
return result
331+
}

0 commit comments

Comments
 (0)