mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-12-24 16:16:35 -05:00
Get username, name, surname and e-mail from LDAP server
This commit is contained in:
parent
ba77a3b0b4
commit
00653e52ee
6 changed files with 75 additions and 44 deletions
|
@ -592,7 +592,10 @@ auths.domain = Domain
|
||||||
auths.host = Host
|
auths.host = Host
|
||||||
auths.port = Port
|
auths.port = Port
|
||||||
auths.base_dn = Base DN
|
auths.base_dn = Base DN
|
||||||
auths.attributes = Search Attributes
|
auths.attribute_username = Username attribute
|
||||||
|
auths.attribute_name = First name attribute
|
||||||
|
auths.attribute_surname = Surname attribute
|
||||||
|
auths.attribute_mail = E-mail attribute
|
||||||
auths.filter = Search Filter
|
auths.filter = Search Filter
|
||||||
auths.ms_ad_sa = Ms Ad SA
|
auths.ms_ad_sa = Ms Ad SA
|
||||||
auths.smtp_auth = SMTP Authorization Type
|
auths.smtp_auth = SMTP Authorization Type
|
||||||
|
|
|
@ -231,7 +231,7 @@ func UserSignIn(uname, passwd string) (*User, error) {
|
||||||
// Return the same LoginUserPlain semantic
|
// Return the same LoginUserPlain semantic
|
||||||
// FIXME: https://github.com/gogits/gogs/issues/672
|
// FIXME: https://github.com/gogits/gogs/issues/672
|
||||||
func LoginUserLdapSource(u *User, name, passwd string, sourceId int64, cfg *LDAPConfig, autoRegister bool) (*User, error) {
|
func LoginUserLdapSource(u *User, name, passwd string, sourceId int64, cfg *LDAPConfig, autoRegister bool) (*User, error) {
|
||||||
mail, logged := cfg.Ldapsource.SearchEntry(name, passwd)
|
name, fn, sn, mail, logged := cfg.Ldapsource.SearchEntry(name, passwd)
|
||||||
if !logged {
|
if !logged {
|
||||||
// User not in LDAP, do nothing
|
// User not in LDAP, do nothing
|
||||||
return nil, ErrUserNotExist
|
return nil, ErrUserNotExist
|
||||||
|
@ -247,6 +247,7 @@ func LoginUserLdapSource(u *User, name, passwd string, sourceId int64, cfg *LDAP
|
||||||
|
|
||||||
u = &User{
|
u = &User{
|
||||||
Name: name,
|
Name: name,
|
||||||
|
FullName: fn + " " + sn,
|
||||||
LoginType: LDAP,
|
LoginType: LDAP,
|
||||||
LoginSource: sourceId,
|
LoginSource: sourceId,
|
||||||
LoginName: name,
|
LoginName: name,
|
||||||
|
|
|
@ -18,7 +18,10 @@ type AuthenticationForm struct {
|
||||||
Port int `form:"port"`
|
Port int `form:"port"`
|
||||||
UseSSL bool `form:"usessl"`
|
UseSSL bool `form:"usessl"`
|
||||||
BaseDN string `form:"base_dn"`
|
BaseDN string `form:"base_dn"`
|
||||||
Attributes string `form:"attributes"`
|
AttributeUsername string `form:"attribute_username"`
|
||||||
|
AttributeName string `form:"attribute_name"`
|
||||||
|
AttributeSurname string `form:"attribute_surname"`
|
||||||
|
AttributeMail string `form:"attribute_mail"`
|
||||||
Filter string `form:"filter"`
|
Filter string `form:"filter"`
|
||||||
MsAdSA string `form:"ms_ad_sa"`
|
MsAdSA string `form:"ms_ad_sa"`
|
||||||
IsActived bool `form:"is_actived"`
|
IsActived bool `form:"is_actived"`
|
||||||
|
|
|
@ -15,15 +15,18 @@ import (
|
||||||
|
|
||||||
// Basic LDAP authentication service
|
// Basic LDAP authentication service
|
||||||
type Ldapsource struct {
|
type Ldapsource struct {
|
||||||
Name string // canonical name (ie. corporate.ad)
|
Name string // canonical name (ie. corporate.ad)
|
||||||
Host string // LDAP host
|
Host string // LDAP host
|
||||||
Port int // port number
|
Port int // port number
|
||||||
UseSSL bool // Use SSL
|
UseSSL bool // Use SSL
|
||||||
BaseDN string // Base DN
|
BaseDN string // Base DN
|
||||||
Attributes string // Attribute to search
|
AttributeUsername string // Username attribute
|
||||||
Filter string // Query filter to validate entry
|
AttributeName string // First name attribute
|
||||||
MsAdSAFormat string // in the case of MS AD Simple Authen, the format to use (see: http://msdn.microsoft.com/en-us/library/cc223499.aspx)
|
AttributeSurname string // Surname attribute
|
||||||
Enabled bool // if this source is disabled
|
AttributeMail string // E-mail attribute
|
||||||
|
Filter string // Query filter to validate entry
|
||||||
|
MsAdSAFormat string // in the case of MS AD Simple Authen, the format to use (see: http://msdn.microsoft.com/en-us/library/cc223499.aspx)
|
||||||
|
Enabled bool // if this source is disabled
|
||||||
}
|
}
|
||||||
|
|
||||||
//Global LDAP directory pool
|
//Global LDAP directory pool
|
||||||
|
@ -32,18 +35,18 @@ var (
|
||||||
)
|
)
|
||||||
|
|
||||||
// Add a new source (LDAP directory) to the global pool
|
// Add a new source (LDAP directory) to the global pool
|
||||||
func AddSource(name string, host string, port int, usessl bool, basedn string, attributes string, filter string, msadsaformat string) {
|
func AddSource(name string, host string, port int, usessl bool, basedn string, attribcn string, attribname string, attribsn string, attribmail string, filter string, msadsaformat string) {
|
||||||
ldaphost := Ldapsource{name, host, port, usessl, basedn, attributes, filter, msadsaformat, true}
|
ldaphost := Ldapsource{name, host, port, usessl, basedn, attribcn, attribname, attribsn, attribmail, filter, msadsaformat, true}
|
||||||
Authensource = append(Authensource, ldaphost)
|
Authensource = append(Authensource, ldaphost)
|
||||||
}
|
}
|
||||||
|
|
||||||
//LoginUser : try to login an user to LDAP sources, return requested (attribute,true) if ok, ("",false) other wise
|
//LoginUser : try to login an user to LDAP sources, return requested (attribute,true) if ok, ("",false) other wise
|
||||||
//First match wins
|
//First match wins
|
||||||
//Returns first attribute if exists
|
//Returns first attribute if exists
|
||||||
func LoginUser(name, passwd string) (a string, r bool) {
|
func LoginUser(name, passwd string) (cn, fn, sn, mail string, r bool) {
|
||||||
r = false
|
r = false
|
||||||
for _, ls := range Authensource {
|
for _, ls := range Authensource {
|
||||||
a, r = ls.SearchEntry(name, passwd)
|
cn, fn, sn, mail, r = ls.SearchEntry(name, passwd)
|
||||||
if r {
|
if r {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -52,12 +55,12 @@ func LoginUser(name, passwd string) (a string, r bool) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// searchEntry : search an LDAP source if an entry (name, passwd) is valide and in the specific filter
|
// searchEntry : search an LDAP source if an entry (name, passwd) is valide and in the specific filter
|
||||||
func (ls Ldapsource) SearchEntry(name, passwd string) (string, bool) {
|
func (ls Ldapsource) SearchEntry(name, passwd string) (string, string, string, string, bool) {
|
||||||
l, err := ldapDial(ls)
|
l, err := ldapDial(ls)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Error(4, "LDAP Connect error, %s:%v", ls.Host, err)
|
log.Error(4, "LDAP Connect error, %s:%v", ls.Host, err)
|
||||||
ls.Enabled = false
|
ls.Enabled = false
|
||||||
return "", false
|
return "", "", "", "", false
|
||||||
}
|
}
|
||||||
defer l.Close()
|
defer l.Close()
|
||||||
|
|
||||||
|
@ -65,26 +68,29 @@ func (ls Ldapsource) SearchEntry(name, passwd string) (string, bool) {
|
||||||
err = l.Bind(nx, passwd)
|
err = l.Bind(nx, passwd)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Debug("LDAP Authan failed for %s, reason: %s", nx, err.Error())
|
log.Debug("LDAP Authan failed for %s, reason: %s", nx, err.Error())
|
||||||
return "", false
|
return "", "", "", "", false
|
||||||
}
|
}
|
||||||
|
|
||||||
search := ldap.NewSearchRequest(
|
search := ldap.NewSearchRequest(
|
||||||
ls.BaseDN,
|
ls.BaseDN,
|
||||||
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
|
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
|
||||||
fmt.Sprintf(ls.Filter, name),
|
fmt.Sprintf(ls.Filter, name),
|
||||||
[]string{ls.Attributes},
|
[]string{ls.AttributeUsername, ls.AttributeName, ls.AttributeSurname, ls.AttributeMail},
|
||||||
nil)
|
nil)
|
||||||
sr, err := l.Search(search)
|
sr, err := l.Search(search)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Debug("LDAP Authen OK but not in filter %s", name)
|
log.Debug("LDAP Authen OK but not in filter %s", name)
|
||||||
return "", false
|
return "", "", "", "", false
|
||||||
}
|
}
|
||||||
log.Debug("LDAP Authen OK: %s", name)
|
log.Debug("LDAP Authen OK: %s", name)
|
||||||
if len(sr.Entries) > 0 {
|
if len(sr.Entries) > 0 {
|
||||||
r := sr.Entries[0].GetAttributeValue(ls.Attributes)
|
cn := sr.Entries[0].GetAttributeValue(ls.AttributeUsername)
|
||||||
return r, true
|
name := sr.Entries[0].GetAttributeValue(ls.AttributeName)
|
||||||
|
sn := sr.Entries[0].GetAttributeValue(ls.AttributeSurname)
|
||||||
|
mail := sr.Entries[0].GetAttributeValue(ls.AttributeMail)
|
||||||
|
return cn, name, sn, mail, true
|
||||||
}
|
}
|
||||||
return "", true
|
return "", "", "", "", true
|
||||||
}
|
}
|
||||||
|
|
||||||
func ldapDial(ls Ldapsource) (*ldap.Conn, error) {
|
func ldapDial(ls Ldapsource) (*ldap.Conn, error) {
|
||||||
|
|
|
@ -63,15 +63,18 @@ func NewAuthSourcePost(ctx *middleware.Context, form auth.AuthenticationForm) {
|
||||||
case models.LDAP:
|
case models.LDAP:
|
||||||
u = &models.LDAPConfig{
|
u = &models.LDAPConfig{
|
||||||
Ldapsource: ldap.Ldapsource{
|
Ldapsource: ldap.Ldapsource{
|
||||||
Host: form.Host,
|
Host: form.Host,
|
||||||
Port: form.Port,
|
Port: form.Port,
|
||||||
UseSSL: form.UseSSL,
|
UseSSL: form.UseSSL,
|
||||||
BaseDN: form.BaseDN,
|
BaseDN: form.BaseDN,
|
||||||
Attributes: form.Attributes,
|
AttributeUsername: form.AttributeUsername,
|
||||||
Filter: form.Filter,
|
AttributeName: form.AttributeName,
|
||||||
MsAdSAFormat: form.MsAdSA,
|
AttributeSurname: form.AttributeSurname,
|
||||||
Enabled: true,
|
AttributeMail: form.AttributeMail,
|
||||||
Name: form.AuthName,
|
Filter: form.Filter,
|
||||||
|
MsAdSAFormat: form.MsAdSA,
|
||||||
|
Enabled: true,
|
||||||
|
Name: form.AuthName,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
case models.SMTP:
|
case models.SMTP:
|
||||||
|
@ -142,15 +145,18 @@ func EditAuthSourcePost(ctx *middleware.Context, form auth.AuthenticationForm) {
|
||||||
case models.LDAP:
|
case models.LDAP:
|
||||||
config = &models.LDAPConfig{
|
config = &models.LDAPConfig{
|
||||||
Ldapsource: ldap.Ldapsource{
|
Ldapsource: ldap.Ldapsource{
|
||||||
Host: form.Host,
|
Host: form.Host,
|
||||||
Port: form.Port,
|
Port: form.Port,
|
||||||
UseSSL: form.UseSSL,
|
UseSSL: form.UseSSL,
|
||||||
BaseDN: form.BaseDN,
|
BaseDN: form.BaseDN,
|
||||||
Attributes: form.Attributes,
|
AttributeUsername: form.AttributeUsername,
|
||||||
Filter: form.Filter,
|
AttributeName: form.AttributeName,
|
||||||
MsAdSAFormat: form.MsAdSA,
|
AttributeSurname: form.AttributeSurname,
|
||||||
Enabled: true,
|
AttributeMail: form.AttributeMail,
|
||||||
Name: form.AuthName,
|
Filter: form.Filter,
|
||||||
|
MsAdSAFormat: form.MsAdSA,
|
||||||
|
Enabled: true,
|
||||||
|
Name: form.AuthName,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
case models.SMTP:
|
case models.SMTP:
|
||||||
|
|
|
@ -48,8 +48,20 @@
|
||||||
<input class="ipt ipt-large ipt-radius {{if .Err_BaseDN}}ipt-error{{end}}" id="base_dn" name="base_dn" value="{{.Source.LDAP.BaseDN}}" />
|
<input class="ipt ipt-large ipt-radius {{if .Err_BaseDN}}ipt-error{{end}}" id="base_dn" name="base_dn" value="{{.Source.LDAP.BaseDN}}" />
|
||||||
</div>
|
</div>
|
||||||
<div class="field">
|
<div class="field">
|
||||||
<label class="req" for="attributes">{{.i18n.Tr "admin.auths.attributes"}}</label>
|
<label class="req" for="attribute_username">{{.i18n.Tr "admin.auths.attribute_username"}}</label>
|
||||||
<input class="ipt ipt-large ipt-radius {{if .Err_Attributes}}ipt-error{{end}}" id="attributes" name="attributes" value="{{.Source.LDAP.Attributes}}" />
|
<input class="ipt ipt-large ipt-radius {{if .Err_Attributes}}ipt-error{{end}}" id="attribute_username" name="attribute_username" value="{{.Source.LDAP.AttributeUsername}}" />
|
||||||
|
</div>
|
||||||
|
<div class="field">
|
||||||
|
<label class="req" for="attribute_name">{{.i18n.Tr "admin.auths.attribute_name"}}</label>
|
||||||
|
<input class="ipt ipt-large ipt-radius {{if .Err_Attributes}}ipt-error{{end}}" id="attribute_name" name="attribute_name" value="{{.Source.LDAP.AttributeName}}" />
|
||||||
|
</div>
|
||||||
|
<div class="field">
|
||||||
|
<label class="req" for="attribute_surname">{{.i18n.Tr "admin.auths.attribute_surname"}}</label>
|
||||||
|
<input class="ipt ipt-large ipt-radius {{if .Err_Attributes}}ipt-error{{end}}" id="attribute_surname" name="attribute_surname" value="{{.Source.LDAP.AttributeSurname}}" />
|
||||||
|
</div>
|
||||||
|
<div class="field">
|
||||||
|
<label class="req" for="attribute_mail">{{.i18n.Tr "admin.auths.attribute_mail"}}</label>
|
||||||
|
<input class="ipt ipt-large ipt-radius {{if .Err_Attributes}}ipt-error{{end}}" id="attribute_mail" name="attribute_mail" value="{{.Source.LDAP.AttributeMail}}" />
|
||||||
</div>
|
</div>
|
||||||
<div class="field">
|
<div class="field">
|
||||||
<label class="req" for="filter">{{.i18n.Tr "admin.auths.filter"}}</label>
|
<label class="req" for="filter">{{.i18n.Tr "admin.auths.filter"}}</label>
|
||||||
|
|
Loading…
Reference in a new issue