Match aliases as groups

auth/ldap/ldap.go

@@ -4,11 +4,12 @@ package ldap
 import (
 	"github.com/go-ldap/ldap/v3"
 	"log"
+	"strings"
 )
 
 // Options holds package configuration
 type Options struct {
-	Aliases map[string]string
+	Aliases map[string]map[string]string
 	URI     string
 	UserDn  string
 }
@@ -22,17 +23,33 @@ type LDAP struct {
 // Login tries to bind to LDAP
 // Returns (true, nil) if success
 func (a LDAP) Login(username string, password string) (bool, error) {
-	// Resolve stream alias if necessary
-	for aliasFor, ok := a.Cfg.Aliases[username]; ok; aliasFor, ok = a.Cfg.Aliases[username] {
-		log.Printf("[LDAP] Use stream alias %s for username %s", username, aliasFor)
-		username = aliasFor
+	aliasSplit := strings.SplitN(username, "__", 2)
+	potentialUsernames := []string{username}
+
+	for len(aliasSplit) == 2 {
+		alias := aliasSplit[0]
+		trueUsername := aliasSplit[1]
+		// Resolve stream alias if necessary
+		if aliases, ok := a.Cfg.Aliases[alias]; ok {
+			if _, ok := aliases[trueUsername]; ok {
+				log.Printf("[LDAP] Use stream alias %s for username %s", alias, trueUsername)
+				potentialUsernames = append(potentialUsernames, trueUsername)
+			}
+		}
 	}
 
-	// Try to bind as user
-	bindDn := "cn=" + username + "," + a.Cfg.UserDn
-	err := a.Conn.Bind(bindDn, password)
+	var err error = nil
+	for _, username := range potentialUsernames {
+		// Try to bind as user
+		bindDn := "cn=" + username + "," + a.Cfg.UserDn
+		err = a.Conn.Bind(bindDn, password)
+		if err == nil {
+			// Login succeeded if no error
+			return true, nil
+		}
+	}
 
-	// Login succeeded if no error
+	// Unable to log in
 	return err == nil, err
 }