49 lines
1.2 KiB
Go
49 lines
1.2 KiB
Go
package ldap
|
|
|
|
import (
|
|
"context"
|
|
|
|
ldap "github.com/ps78674/ldapserver"
|
|
)
|
|
|
|
func (s *server) handleBind(w ldap.ResponseWriter, m *ldap.Message) {
|
|
ctx := context.Background()
|
|
|
|
r := m.GetBindRequest()
|
|
// The server only supports simple auth, no SASL or anything
|
|
// fancy because we are after all just fronting another
|
|
// protocol.
|
|
if r.AuthenticationChoice() != "simple" {
|
|
res := ldap.NewBindResponse(ldap.LDAPResultUnwillingToPerform)
|
|
res.SetDiagnosticMessage("Authentication choice not supported")
|
|
w.Write(res)
|
|
return
|
|
}
|
|
|
|
s.l.Debug("Bind from dn", "dn", r.Name())
|
|
|
|
if s.allowAnon && r.Name() == "" {
|
|
res := ldap.NewBindResponse(ldap.LDAPResultSuccess)
|
|
w.Write(res)
|
|
}
|
|
|
|
entityID, err := s.entityIDFromDN(r.Name())
|
|
if err != nil {
|
|
res := ldap.NewBindResponse(ldap.LDAPResultInvalidDNSyntax)
|
|
res.SetDiagnosticMessage(err.Error())
|
|
s.l.Warn("Request with invalid DN", "dn", r.Name())
|
|
w.Write(res)
|
|
return
|
|
}
|
|
|
|
if err := s.c.AuthEntity(ctx, entityID, string(r.AuthenticationSimple())); err != nil {
|
|
res := ldap.NewBindResponse(ldap.LDAPResultInvalidCredentials)
|
|
res.SetDiagnosticMessage("invalid credentials")
|
|
w.Write(res)
|
|
return
|
|
}
|
|
|
|
res := ldap.NewBindResponse(ldap.LDAPResultSuccess)
|
|
w.Write(res)
|
|
}
|