internal/ldap: Add option to bind anonmyously
This commit is contained in:
Michael Aldridge
parent
b8cd3bb4bc
commit
9cc9e6e986
|
|
@ -22,6 +22,11 @@ func (s *server) handleBind(w ldap.ResponseWriter, m *ldap.Message) {
|
|||
|
||||
s.l.Debug("Bind from dn", "dn", r.Name())
|
||||
|
||||
if s.allowAnon && r.Name() == "" {
|
||||
res := ldap.NewBindResponse(ldap.LDAPResultSuccess)
|
||||
w.Write(res)
|
||||
}
|
||||
|
||||
entityID, err := s.entityIDFromDN(r.Name())
|
||||
if err != nil {
|
||||
res := ldap.NewBindResponse(ldap.LDAPResultInvalidDNSyntax)
|
||||
|
|
|
|||
|
|
@ -12,3 +12,8 @@ func WithLogger(l hclog.Logger) Option { return func(s *server) { s.l = l.Named(
|
|||
|
||||
// WithNetAuth sets the NetAuth client for the server.
|
||||
func WithNetAuth(n naClient) Option { return func(s *server) { s.c = n } }
|
||||
|
||||
// WithAnonBind enables anonymous bind support which is necessary in
|
||||
// some cases that the client wishes to do an initial anonymous bind,
|
||||
// followed by an immediate rebind as a real entity.
|
||||
func WithAnonBind(a bool) Option { return func(s *server) { s.allowAnon = a } }
|
||||
|
|
|
|||
|
|
@ -27,4 +27,6 @@ type server struct {
|
|||
l hclog.Logger
|
||||
|
||||
nc []string
|
||||
|
||||
allowAnon bool
|
||||
}
|
||||
|
|
|
|||
10
main.go
10
main.go
|
|
@ -18,6 +18,7 @@ func init() {
|
|||
viper.SetDefault("ldap.tls", false)
|
||||
viper.SetDefault("ldap.key", "/var/lib/netauth/keys/ldap.key")
|
||||
viper.SetDefault("ldap.cert", "/var/lib/netauth/keys/ldap.cert")
|
||||
viper.SetDefault("ldap.allow_anon", false)
|
||||
}
|
||||
|
||||
func main() {
|
||||
|
|
@ -51,6 +52,9 @@ func main() {
|
|||
viper.AddConfigPath("/etc/netauth/")
|
||||
viper.AddConfigPath("$HOME/.netauth/")
|
||||
viper.AddConfigPath(".")
|
||||
viper.SetEnvKeyReplacer(strings.NewReplacer(".", "_"))
|
||||
viper.SetEnvPrefix("NETAUTH")
|
||||
viper.AutomaticEnv()
|
||||
if err := viper.ReadInConfig(); err != nil {
|
||||
appLogger.Error("Error loading config", "error", err)
|
||||
os.Exit(5)
|
||||
|
|
@ -62,7 +66,11 @@ func main() {
|
|||
os.Exit(2)
|
||||
}
|
||||
|
||||
ls := ldap.New(ldap.WithLogger(appLogger), ldap.WithNetAuth(nacl))
|
||||
ls := ldap.New(
|
||||
ldap.WithLogger(appLogger),
|
||||
ldap.WithNetAuth(nacl),
|
||||
ldap.WithAnonBind(viper.GetBool("ldap.allow_anon")),
|
||||
)
|
||||
|
||||
ls.SetDomain(viper.GetString("ldap.domain"))
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue