Home Explore Help
Register Sign In
oscarleiva
/
energylink
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

fix allow anonymous server bind for ldap search

Marcus Efraimsson 6 years ago
parent
f9e3c33ebd
commit
c242d38301
2 changed files with 74 additions and 1 deletions
Split View Show Diff Stats
  1. 11 1
      pkg/login/ldap.go
  2. 63 0
      pkg/login/ldap_test.go

+ 11 - 1
pkg/login/ldap.go
View File 

@@ -219,8 +219,18 @@ func (a *ldapAuther) GetGrafanaUserFor(ctx *m.ReqContext, ldapUser *LdapUserInfo
 
 }
 
 
 func (a *ldapAuther) serverBind() error {
 
+	bindFn := func() error {
 
+		return a.conn.Bind(a.server.BindDN, a.server.BindPassword)
 
+	}
 
+
 
+	if a.server.BindPassword == "" {
 
+		bindFn = func() error {
 
+			return a.conn.UnauthenticatedBind(a.server.BindDN)
 
+		}
 
+	}
 
+
 
 	// bind_dn and bind_password to bind
 
-	if err := a.conn.Bind(a.server.BindDN, a.server.BindPassword); err != nil {
 
+	if err := bindFn(); err != nil {
 
 		a.log.Info("LDAP initial bind failed, %v", err)
 
 
 		if ldapErr, ok := err.(*ldap.Error); ok {

+ 63 - 0
pkg/login/ldap_test.go
View File 

@@ -78,6 +78,69 @@ func TestLdapAuther(t *testing.T) {
 
 		})
 
 	})
 
 
+	Convey("serverBind", t, func() {
 
+		Convey("Given bind dn and password configured", func() {
 
+			conn := &mockLdapConn{}
 
+			var actualUsername, actualPassword string
 
+			conn.bindProvider = func(username, password string) error {
 
+				actualUsername = username
 
+				actualPassword = password
 
+				return nil
 
+			}
 
+			ldapAuther := &ldapAuther{
 
+				conn: conn,
 
+				server: &LdapServerConf{
 
+					BindDN:       "o=users,dc=grafana,dc=org",
 
+					BindPassword: "bindpwd",
 
+				},
 
+			}
 
+			err := ldapAuther.serverBind()
 
+			So(err, ShouldBeNil)
 
+			So(actualUsername, ShouldEqual, "o=users,dc=grafana,dc=org")
 
+			So(actualPassword, ShouldEqual, "bindpwd")
 
+		})
 
+
 
+		Convey("Given bind dn configured", func() {
 
+			conn := &mockLdapConn{}
 
+			unauthenticatedBindWasCalled := false
 
+			var actualUsername string
 
+			conn.unauthenticatedBindProvider = func(username string) error {
 
+				unauthenticatedBindWasCalled = true
 
+				actualUsername = username
 
+				return nil
 
+			}
 
+			ldapAuther := &ldapAuther{
 
+				conn: conn,
 
+				server: &LdapServerConf{
 
+					BindDN: "o=users,dc=grafana,dc=org",
 
+				},
 
+			}
 
+			err := ldapAuther.serverBind()
 
+			So(err, ShouldBeNil)
 
+			So(unauthenticatedBindWasCalled, ShouldBeTrue)
 
+			So(actualUsername, ShouldEqual, "o=users,dc=grafana,dc=org")
 
+		})
 
+
 
+		Convey("Given empty bind dn and password", func() {
 
+			conn := &mockLdapConn{}
 
+			unauthenticatedBindWasCalled := false
 
+			var actualUsername string
 
+			conn.unauthenticatedBindProvider = func(username string) error {
 
+				unauthenticatedBindWasCalled = true
 
+				actualUsername = username
 
+				return nil
 
+			}
 
+			ldapAuther := &ldapAuther{
 
+				conn:   conn,
 
+				server: &LdapServerConf{},
 
+			}
 
+			err := ldapAuther.serverBind()
 
+			So(err, ShouldBeNil)
 
+			So(unauthenticatedBindWasCalled, ShouldBeTrue)
 
+			So(actualUsername, ShouldBeEmpty)
 
+		})
 
+	})
 
+
 
 	Convey("When translating ldap user to grafana user", t, func() {
 
 
 		var user1 = &m.User{}