More work on ldap, gotten ldap search (read attributes) to work

2025-02-25 18:55:37 -06:00 · 2015-07-10 15:29:34 +02:00 · 2015-07-10 15:29:34 +02:00 · db1847bc1d
commit db1847bc1d
parent 0ef7271326
3 changed files with 33 additions and 11 deletions
--- a/conf/defaults.ini
+++ b/conf/defaults.ini
@ -184,8 +184,7 @@ auto_sign_up = true
 enabled = true
 hosts = ldap://127.0.0.1:389
 use_ssl = false
-base_dn = dc=grafana,dc=org
-bind_path = cn=%username%,dc=grafana,dc=org
+bind_path = cn=%s,dc=grafana,dc=org
 attr_username = cn
 attr_name = cn
 attr_surname = sn
--- a/pkg/auth/ldap.go
+++ b/pkg/auth/ldap.go
@ -17,7 +17,6 @@ func loginUsingLdap(query *AuthenticateUserQuery) error {
 		return err
 	}

-	log.Info("Host: %v", url.Host)
 	conn, err := ldap.Dial("tcp", url.Host)
 	if err != nil {
 		return err
@ -25,10 +24,8 @@ func loginUsingLdap(query *AuthenticateUserQuery) error {

 	defer conn.Close()

-	bindFormat := "cn=%s,dc=grafana,dc=org"
-
-	nx := fmt.Sprintf(bindFormat, query.Username)
-	err = conn.Bind(nx, query.Password)
+	bindPath := fmt.Sprintf(setting.LdapBindPath, query.Username)
+	err = conn.Bind(bindPath, query.Password)

 	if err != nil {
 		if ldapErr, ok := err.(*ldap.Error); ok {
@ -39,12 +36,31 @@ func loginUsingLdap(query *AuthenticateUserQuery) error {
 		return err
 	}

-	userQuery := m.GetUserByLoginQuery{LoginOrEmail: "admin"}
+	searchReq := ldap.SearchRequest{
+		BaseDN:       "dc=grafana,dc=org",
+		Scope:        ldap.ScopeWholeSubtree,
+		DerefAliases: ldap.NeverDerefAliases,
+		Attributes:   []string{"cn", "sn", "email"},
+		Filter:       fmt.Sprintf("(cn=%s)", query.Username),
+	}
+
+	result, err := conn.Search(&searchReq)
+	if err != nil {
+		return err
+	}
+
+	log.Info("Search result: %v, error: %v", result, err)
+
+	for _, entry := range result.Entries {
+		log.Info("cn: %s", entry.Attributes[0].Values[0])
+		log.Info("email: %s", entry.Attributes[2].Values[0])
+	}
+
+	userQuery := m.GetUserByLoginQuery{LoginOrEmail: query.Username}
 	err = bus.Dispatch(&userQuery)

 	if err != nil {
 		if err == m.ErrUserNotFound {
-			return ErrInvalidCredentials
 		}
 		return err
 	}
@ -53,3 +69,8 @@ func loginUsingLdap(query *AuthenticateUserQuery) error {

 	return nil
 }
+
+func createUserFromLdapInfo() error {
+	return nil
+
+}
--- a/pkg/setting/setting.go
+++ b/pkg/setting/setting.go
@ -118,8 +118,9 @@ var (
 	GoogleAnalyticsId string

 	// LDAP
-	LdapEnabled bool
-	LdapHosts   []string
+	LdapEnabled  bool
+	LdapHosts    []string
+	LdapBindPath string

 	// SMTP email settings
 	Smtp SmtpSettings
@ -419,6 +420,7 @@ func NewConfigContext(args *CommandLineArgs) {
 	ldapSec := Cfg.Section("auth.ldap")
 	LdapEnabled = ldapSec.Key("enabled").MustBool(false)
 	LdapHosts = ldapSec.Key("hosts").Strings(" ")
+	LdapBindPath = ldapSec.Key("bind_path").String()

 	readSessionConfig()
 	readSmtpSettings()