internal/ldap: Add option to bind anonmyously
This commit is contained in:
Michael Aldridge
parent
b8cd3bb4bc
commit
9cc9e6e986
|
|
@ -22,6 +22,11 @@ func (s *server) handleBind(w ldap.ResponseWriter, m *ldap.Message) {
|
||||||
|
|
||||||
s.l.Debug("Bind from dn", "dn", r.Name())
|
s.l.Debug("Bind from dn", "dn", r.Name())
|
||||||
|
|
||||||
|
if s.allowAnon && r.Name() == "" {
|
||||||
|
res := ldap.NewBindResponse(ldap.LDAPResultSuccess)
|
||||||
|
w.Write(res)
|
||||||
|
}
|
||||||
|
|
||||||
entityID, err := s.entityIDFromDN(r.Name())
|
entityID, err := s.entityIDFromDN(r.Name())
|
||||||
if err != nil {
|
if err != nil {
|
||||||
res := ldap.NewBindResponse(ldap.LDAPResultInvalidDNSyntax)
|
res := ldap.NewBindResponse(ldap.LDAPResultInvalidDNSyntax)
|
||||||
|
|
|
||||||
|
|
@ -12,3 +12,8 @@ func WithLogger(l hclog.Logger) Option { return func(s *server) { s.l = l.Named(
|
||||||
|
|
||||||
// WithNetAuth sets the NetAuth client for the server.
|
// WithNetAuth sets the NetAuth client for the server.
|
||||||
func WithNetAuth(n naClient) Option { return func(s *server) { s.c = n } }
|
func WithNetAuth(n naClient) Option { return func(s *server) { s.c = n } }
|
||||||
|
|
||||||
|
// WithAnonBind enables anonymous bind support which is necessary in
|
||||||
|
// some cases that the client wishes to do an initial anonymous bind,
|
||||||
|
// followed by an immediate rebind as a real entity.
|
||||||
|
func WithAnonBind(a bool) Option { return func(s *server) { s.allowAnon = a } }
|
||||||
|
|
|
||||||
|
|
@ -27,4 +27,6 @@ type server struct {
|
||||||
l hclog.Logger
|
l hclog.Logger
|
||||||
|
|
||||||
nc []string
|
nc []string
|
||||||
|
|
||||||
|
allowAnon bool
|
||||||
}
|
}
|
||||||
|
|
|
||||||
10
main.go
10
main.go
|
|
@ -18,6 +18,7 @@ func init() {
|
||||||
viper.SetDefault("ldap.tls", false)
|
viper.SetDefault("ldap.tls", false)
|
||||||
viper.SetDefault("ldap.key", "/var/lib/netauth/keys/ldap.key")
|
viper.SetDefault("ldap.key", "/var/lib/netauth/keys/ldap.key")
|
||||||
viper.SetDefault("ldap.cert", "/var/lib/netauth/keys/ldap.cert")
|
viper.SetDefault("ldap.cert", "/var/lib/netauth/keys/ldap.cert")
|
||||||
|
viper.SetDefault("ldap.allow_anon", false)
|
||||||
}
|
}
|
||||||
|
|
||||||
func main() {
|
func main() {
|
||||||
|
|
@ -51,6 +52,9 @@ func main() {
|
||||||
viper.AddConfigPath("/etc/netauth/")
|
viper.AddConfigPath("/etc/netauth/")
|
||||||
viper.AddConfigPath("$HOME/.netauth/")
|
viper.AddConfigPath("$HOME/.netauth/")
|
||||||
viper.AddConfigPath(".")
|
viper.AddConfigPath(".")
|
||||||
|
viper.SetEnvKeyReplacer(strings.NewReplacer(".", "_"))
|
||||||
|
viper.SetEnvPrefix("NETAUTH")
|
||||||
|
viper.AutomaticEnv()
|
||||||
if err := viper.ReadInConfig(); err != nil {
|
if err := viper.ReadInConfig(); err != nil {
|
||||||
appLogger.Error("Error loading config", "error", err)
|
appLogger.Error("Error loading config", "error", err)
|
||||||
os.Exit(5)
|
os.Exit(5)
|
||||||
|
|
@ -62,7 +66,11 @@ func main() {
|
||||||
os.Exit(2)
|
os.Exit(2)
|
||||||
}
|
}
|
||||||
|
|
||||||
ls := ldap.New(ldap.WithLogger(appLogger), ldap.WithNetAuth(nacl))
|
ls := ldap.New(
|
||||||
|
ldap.WithLogger(appLogger),
|
||||||
|
ldap.WithNetAuth(nacl),
|
||||||
|
ldap.WithAnonBind(viper.GetBool("ldap.allow_anon")),
|
||||||
|
)
|
||||||
|
|
||||||
ls.SetDomain(viper.GetString("ldap.domain"))
|
ls.SetDomain(viper.GetString("ldap.domain"))
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue