From 2fa9311eee0f1213533b2bfe4aad5fc004467336 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Torkel=20=C3=96degaard?= <torkel.odegaard@gmail.com>
Date: Mon, 13 Jul 2015 16:45:47 +0200
Subject: [PATCH] Progress on ldap support, #1450

---
 pkg/auth/ldap.go            | 64 +++++++++++++++++++++++++++++++++----
 pkg/setting/setting_ldap.go | 10 +++---
 2 files changed, 63 insertions(+), 11 deletions(-)

diff --git a/pkg/auth/ldap.go b/pkg/auth/ldap.go
index 8b84d379c29..b4c17f585fb 100644
--- a/pkg/auth/ldap.go
+++ b/pkg/auth/ldap.go
@@ -5,7 +5,9 @@ import (
 	"fmt"
 
 	"github.com/go-ldap/ldap"
+	"github.com/grafana/grafana/pkg/bus"
 	"github.com/grafana/grafana/pkg/log"
+	m "github.com/grafana/grafana/pkg/models"
 	"github.com/grafana/grafana/pkg/setting"
 )
 
@@ -40,6 +42,24 @@ type ldapUserInfo struct {
 	MemberOf  []string
 }
 
+func (u *ldapUserInfo) isMemberOfAny(groups []string) bool {
+	for _, group := range groups {
+		if u.isMemberOf(group) {
+			return true
+		}
+	}
+	return false
+}
+
+func (u *ldapUserInfo) isMemberOf(group string) bool {
+	for _, member := range u.MemberOf {
+		if member == group {
+			return true
+		}
+	}
+	return false
+}
+
 func NewLdapAuthenticator(server *setting.LdapServerConf) *ldapAuther {
 	return &ldapAuther{
 		server: server,
@@ -70,16 +90,48 @@ func (a *ldapAuther) login(query *AuthenticateUserQuery) error {
 	}
 
 	// find user entry & attributes
-	if user, err := a.searchForUser(query.Username); err != nil {
+	if ldapUser, err := a.searchForUser(query.Username); err != nil {
 		return err
 	} else {
-		log.Info("Surname: %s", user.LastName)
-		log.Info("givenName: %s", user.FirstName)
-		log.Info("email: %s", user.Email)
-		log.Info("memberOf: %s", user.MemberOf)
+		log.Info("Surname: %s", ldapUser.LastName)
+		log.Info("givenName: %s", ldapUser.FirstName)
+		log.Info("email: %s", ldapUser.Email)
+		log.Info("memberOf: %s", ldapUser.MemberOf)
+
+		if grafanaUser, err := a.getGrafanaUserFor(ldapUser); err != nil {
+			return err
+		} else {
+			query.User = grafanaUser
+			return nil
+		}
+	}
+}
+
+func (a *ldapAuther) getGrafanaUserFor(ldapUser *ldapUserInfo) (*m.User, error) {
+	// get user from grafana db
+	userQuery := m.GetUserByLoginQuery{LoginOrEmail: ldapUser.Username}
+	if err := bus.Dispatch(&userQuery); err != nil {
+		if err == m.ErrUserNotFound {
+			return a.createGrafanaUser(ldapUser)
+		}
 	}
 
-	return errors.New("Aasd")
+	return userQuery.Result, nil
+}
+
+func (a *ldapAuther) createGrafanaUser(ldapUser *ldapUserInfo) (*m.User, error) {
+
+	cmd := m.CreateUserCommand{
+		Login: ldapUser.Username,
+		Email: ldapUser.Email,
+		Name:  fmt.Sprintf("%s %s", ldapUser.FirstName, ldapUser.LastName),
+	}
+
+	if err := bus.Dispatch(&cmd); err != nil {
+		return nil, err
+	}
+
+	return &cmd.Result, nil
 }
 
 func (a *ldapAuther) initialBind(username, userPassword string) error {
diff --git a/pkg/setting/setting_ldap.go b/pkg/setting/setting_ldap.go
index bda7c09b143..1a3c195c085 100644
--- a/pkg/setting/setting_ldap.go
+++ b/pkg/setting/setting_ldap.go
@@ -1,9 +1,9 @@
 package setting
 
-type LdapMemberToOrgRole struct {
-	LdapMemberPattern string
-	OrgId             int
-	OrgRole           string
+type LdapGroupToOrgRole struct {
+	LdapGroupPath string
+	OrgId         int
+	OrgRole       string
 }
 
 type LdapServerConf struct {
@@ -21,5 +21,5 @@ type LdapServerConf struct {
 	SearchFilter  string
 	SearchBaseDNs []string
 
-	LdapMemberMap []LdapMemberToOrgRole
+	LdapGroups []LdapGroupToOrgRole
 }