More work on ldap, gotten ldap search (read attributes) to work

2025-02-25 18:55:37 -06:00 · 2015-07-10 15:29:34 +02:00 · 2015-07-10 15:29:34 +02:00 · db1847bc1d
commit db1847bc1d
parent 0ef7271326
3 changed files with 33 additions and 11 deletions
--- a/conf/defaults.ini
+++ b/conf/defaults.ini
@ -184,8 +184,7 @@ auto_sign_up = true
 enabled = true
 hosts = ldap://127.0.0.1:389
 use_ssl = false
-base_dn = dc=grafana,dc=org
+bind_path = cn=%s,dc=grafana,dc=org
 bind_path = cn=%username%,dc=grafana,dc=org
 attr_username = cn
 attr_name = cn
 attr_surname = sn
--- a/pkg/auth/ldap.go
+++ b/pkg/auth/ldap.go
@ -17,7 +17,6 @@ func loginUsingLdap(query *AuthenticateUserQuery) error {
 		return err
 	}
 	log.Info("Host: %v", url.Host)
 	conn, err := ldap.Dial("tcp", url.Host)
 	if err != nil {
 		return err
@ -25,10 +24,8 @@ func loginUsingLdap(query *AuthenticateUserQuery) error {
 	defer conn.Close()
-	bindFormat := "cn=%s,dc=grafana,dc=org"
+	bindPath := fmt.Sprintf(setting.LdapBindPath, query.Username)
-
+	err = conn.Bind(bindPath, query.Password)
 	nx := fmt.Sprintf(bindFormat, query.Username)
 	err = conn.Bind(nx, query.Password)
 	if err != nil {
 		if ldapErr, ok := err.(*ldap.Error); ok {
@ -39,12 +36,31 @@ func loginUsingLdap(query *AuthenticateUserQuery) error {
 		return err
 	}
-	userQuery := m.GetUserByLoginQuery{LoginOrEmail: "admin"}
+	searchReq := ldap.SearchRequest{
 		BaseDN:       "dc=grafana,dc=org",
 		Scope:        ldap.ScopeWholeSubtree,
 		DerefAliases: ldap.NeverDerefAliases,
 		Attributes:   []string{"cn", "sn", "email"},
 		Filter:       fmt.Sprintf("(cn=%s)", query.Username),
 	}
 	result, err := conn.Search(&searchReq)
 	if err != nil {
 		return err
 	}
 	log.Info("Search result: %v, error: %v", result, err)
 	for _, entry := range result.Entries {
 		log.Info("cn: %s", entry.Attributes[0].Values[0])
 		log.Info("email: %s", entry.Attributes[2].Values[0])
 	}
 	userQuery := m.GetUserByLoginQuery{LoginOrEmail: query.Username}
 	err = bus.Dispatch(&userQuery)
 	if err != nil {
 		if err == m.ErrUserNotFound {
 			return ErrInvalidCredentials
 		}
 		return err
 	}
@ -53,3 +69,8 @@ func loginUsingLdap(query *AuthenticateUserQuery) error {
 	return nil
 }
 func createUserFromLdapInfo() error {
 	return nil
 }
--- a/pkg/setting/setting.go
+++ b/pkg/setting/setting.go
@ -120,6 +120,7 @@ var (
 	// LDAP
 	LdapEnabled  bool
 	LdapHosts    []string
 	LdapBindPath string
 	// SMTP email settings
 	Smtp SmtpSettings
@ -419,6 +420,7 @@ func NewConfigContext(args *CommandLineArgs) {
 	ldapSec := Cfg.Section("auth.ldap")
 	LdapEnabled = ldapSec.Key("enabled").MustBool(false)
 	LdapHosts = ldapSec.Key("hosts").Strings(" ")
 	LdapBindPath = ldapSec.Key("bind_path").String()
 	readSessionConfig()
 	readSmtpSettings()