ldap-proxy/internal/ldap/bind.go
2022-08-27 17:35:45 -05:00

49 lines
1.2 KiB
Go

package ldap
import (
"context"
ldap "github.com/ps78674/ldapserver"
)
func (s *server) handleBind(w ldap.ResponseWriter, m *ldap.Message) {
ctx := context.Background()
r := m.GetBindRequest()
// The server only supports simple auth, no SASL or anything
// fancy because we are after all just fronting another
// protocol.
if r.AuthenticationChoice() != "simple" {
res := ldap.NewBindResponse(ldap.LDAPResultUnwillingToPerform)
res.SetDiagnosticMessage("Authentication choice not supported")
w.Write(res)
return
}
s.l.Debug("Bind from dn", "dn", r.Name())
if s.allowAnon && r.Name() == "" {
res := ldap.NewBindResponse(ldap.LDAPResultSuccess)
w.Write(res)
}
entityID, err := s.entityIDFromDN(r.Name())
if err != nil {
res := ldap.NewBindResponse(ldap.LDAPResultInvalidDNSyntax)
res.SetDiagnosticMessage(err.Error())
s.l.Warn("Request with invalid DN", "dn", r.Name())
w.Write(res)
return
}
if err := s.c.AuthEntity(ctx, entityID, string(r.AuthenticationSimple())); err != nil {
res := ldap.NewBindResponse(ldap.LDAPResultInvalidCredentials)
res.SetDiagnosticMessage("invalid credentials")
w.Write(res)
return
}
res := ldap.NewBindResponse(ldap.LDAPResultSuccess)
w.Write(res)
}