Progress on ldap support, #1450

2025-02-25 18:55:37 -06:00 · 2015-07-13 16:45:47 +02:00 · 2015-07-13 16:45:47 +02:00 · 2fa9311eee
commit 2fa9311eee
parent 14f439f8ba
2 changed files with 63 additions and 11 deletions
--- a/pkg/auth/ldap.go
+++ b/pkg/auth/ldap.go
@ -5,7 +5,9 @@ import (
 	"fmt"

 	"github.com/go-ldap/ldap"
+	"github.com/grafana/grafana/pkg/bus"
 	"github.com/grafana/grafana/pkg/log"
+	m "github.com/grafana/grafana/pkg/models"
 	"github.com/grafana/grafana/pkg/setting"
 )

@ -40,6 +42,24 @@ type ldapUserInfo struct {
 	MemberOf  []string
 }

+func (u *ldapUserInfo) isMemberOfAny(groups []string) bool {
+	for _, group := range groups {
+		if u.isMemberOf(group) {
+			return true
+		}
+	}
+	return false
+}
+
+func (u *ldapUserInfo) isMemberOf(group string) bool {
+	for _, member := range u.MemberOf {
+		if member == group {
+			return true
+		}
+	}
+	return false
+}
+
 func NewLdapAuthenticator(server *setting.LdapServerConf) *ldapAuther {
 	return &ldapAuther{
 		server: server,
@ -70,16 +90,48 @@ func (a *ldapAuther) login(query *AuthenticateUserQuery) error {
 	}

 	// find user entry & attributes
-	if user, err := a.searchForUser(query.Username); err != nil {
+	if ldapUser, err := a.searchForUser(query.Username); err != nil {
 		return err
 	} else {
-		log.Info("Surname: %s", user.LastName)
-		log.Info("givenName: %s", user.FirstName)
-		log.Info("email: %s", user.Email)
-		log.Info("memberOf: %s", user.MemberOf)
+		log.Info("Surname: %s", ldapUser.LastName)
+		log.Info("givenName: %s", ldapUser.FirstName)
+		log.Info("email: %s", ldapUser.Email)
+		log.Info("memberOf: %s", ldapUser.MemberOf)
+
+		if grafanaUser, err := a.getGrafanaUserFor(ldapUser); err != nil {
+			return err
+		} else {
+			query.User = grafanaUser
+			return nil
+		}
+	}
+}
+
+func (a *ldapAuther) getGrafanaUserFor(ldapUser *ldapUserInfo) (*m.User, error) {
+	// get user from grafana db
+	userQuery := m.GetUserByLoginQuery{LoginOrEmail: ldapUser.Username}
+	if err := bus.Dispatch(&userQuery); err != nil {
+		if err == m.ErrUserNotFound {
+			return a.createGrafanaUser(ldapUser)
+		}
 	}

-	return errors.New("Aasd")
+	return userQuery.Result, nil
+}
+
+func (a *ldapAuther) createGrafanaUser(ldapUser *ldapUserInfo) (*m.User, error) {
+
+	cmd := m.CreateUserCommand{
+		Login: ldapUser.Username,
+		Email: ldapUser.Email,
+		Name:  fmt.Sprintf("%s %s", ldapUser.FirstName, ldapUser.LastName),
+	}
+
+	if err := bus.Dispatch(&cmd); err != nil {
+		return nil, err
+	}
+
+	return &cmd.Result, nil
 }

 func (a *ldapAuther) initialBind(username, userPassword string) error {
--- a/pkg/setting/setting_ldap.go
+++ b/pkg/setting/setting_ldap.go
@ -1,9 +1,9 @@
 package setting

-type LdapMemberToOrgRole struct {
-	LdapMemberPattern string
-	OrgId             int
-	OrgRole           string
+type LdapGroupToOrgRole struct {
+	LdapGroupPath string
+	OrgId         int
+	OrgRole       string
 }

 type LdapServerConf struct {
@ -21,5 +21,5 @@ type LdapServerConf struct {
 	SearchFilter  string
 	SearchBaseDNs []string

-	LdapMemberMap []LdapMemberToOrgRole
+	LdapGroups []LdapGroupToOrgRole
 }