Match aliases as groups
This commit is contained in:
Yohann D'ANELLO
parent
8d2adad509
commit
7e0ee7aba5
GPG Key ID:
3A75C55819C8CF85
|
|
@ -4,11 +4,12 @@ package ldap
|
||||||
import (
|
import (
|
||||||
"github.com/go-ldap/ldap/v3"
|
"github.com/go-ldap/ldap/v3"
|
||||||
"log"
|
"log"
|
||||||
|
"strings"
|
||||||
)
|
)
|
||||||
|
|
||||||
// Options holds package configuration
|
// Options holds package configuration
|
||||||
type Options struct {
|
type Options struct {
|
||||||
Aliases map[string]string
|
Aliases map[string]map[string]string
|
||||||
URI string
|
URI string
|
||||||
UserDn string
|
UserDn string
|
||||||
}
|
}
|
||||||
|
|
@ -22,17 +23,33 @@ type LDAP struct {
|
||||||
// Login tries to bind to LDAP
|
// Login tries to bind to LDAP
|
||||||
// Returns (true, nil) if success
|
// Returns (true, nil) if success
|
||||||
func (a LDAP) Login(username string, password string) (bool, error) {
|
func (a LDAP) Login(username string, password string) (bool, error) {
|
||||||
// Resolve stream alias if necessary
|
aliasSplit := strings.SplitN(username, "__", 2)
|
||||||
for aliasFor, ok := a.Cfg.Aliases[username]; ok; aliasFor, ok = a.Cfg.Aliases[username] {
|
potentialUsernames := []string{username}
|
||||||
log.Printf("[LDAP] Use stream alias %s for username %s", username, aliasFor)
|
|
||||||
username = aliasFor
|
for len(aliasSplit) == 2 {
|
||||||
|
alias := aliasSplit[0]
|
||||||
|
trueUsername := aliasSplit[1]
|
||||||
|
// Resolve stream alias if necessary
|
||||||
|
if aliases, ok := a.Cfg.Aliases[alias]; ok {
|
||||||
|
if _, ok := aliases[trueUsername]; ok {
|
||||||
|
log.Printf("[LDAP] Use stream alias %s for username %s", alias, trueUsername)
|
||||||
|
potentialUsernames = append(potentialUsernames, trueUsername)
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Try to bind as user
|
var err error = nil
|
||||||
bindDn := "cn=" + username + "," + a.Cfg.UserDn
|
for _, username := range potentialUsernames {
|
||||||
err := a.Conn.Bind(bindDn, password)
|
// Try to bind as user
|
||||||
|
bindDn := "cn=" + username + "," + a.Cfg.UserDn
|
||||||
|
err = a.Conn.Bind(bindDn, password)
|
||||||
|
if err == nil {
|
||||||
|
// Login succeeded if no error
|
||||||
|
return true, nil
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// Login succeeded if no error
|
// Unable to log in
|
||||||
return err == nil, err
|
return err == nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -36,8 +36,10 @@ auth:
|
||||||
# userdn: cn=users,dc=example,dc=com
|
# userdn: cn=users,dc=example,dc=com
|
||||||
#
|
#
|
||||||
# # You can define aliases, to stream on stream.example.com/example with the credentials of the demo account.
|
# # You can define aliases, to stream on stream.example.com/example with the credentials of the demo account.
|
||||||
|
# # You will have to use the streamid example__demo:password
|
||||||
# aliases:
|
# aliases:
|
||||||
# example: demo
|
# example:
|
||||||
|
# demo: ignored
|
||||||
#
|
#
|
||||||
|
|
||||||
## Stream forwarding ##
|
## Stream forwarding ##
|
||||||
|
|
|
||||||
|
|
@ -42,7 +42,7 @@ func New() *Config {
|
||||||
Credentials: make(map[string]string),
|
Credentials: make(map[string]string),
|
||||||
},
|
},
|
||||||
LDAP: ldap.Options{
|
LDAP: ldap.Options{
|
||||||
Aliases: make(map[string]string),
|
Aliases: make(map[string]map[string]string),
|
||||||
URI: "ldap://127.0.0.1:389",
|
URI: "ldap://127.0.0.1:389",
|
||||||
UserDn: "cn=users,dc=example,dc=com",
|
UserDn: "cn=users,dc=example,dc=com",
|
||||||
},
|
},
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue