首頁 探索 說明
註冊 登入
oscarleiva
/
energylink
1
0
複刻 0
Files 問題管理 0 合併請求 0 Wiki
瀏覽代碼

More work on ldap, gotten ldap search (read attributes) to work

Torkel Ödegaard 10 年之前
父節點
0ef7271326
當前提交
db1847bc1d
共有 3 個文件被更改,包括 33 次插入11 次删除
統一視圖 顯示文件統計
  1. 1 2
      conf/defaults.ini
  2. 28 7
      pkg/auth/ldap.go
  3. 4 2
      pkg/setting/setting.go

+ 1 - 2
conf/defaults.ini
查看文件 

@@ -184,8 +184,7 @@ auto_sign_up = true
 
 enabled = true
 
 enabled = true
 
 hosts = ldap://127.0.0.1:389
 
 hosts = ldap://127.0.0.1:389
 
 use_ssl = false
 
 use_ssl = false
 
-base_dn = dc=grafana,dc=org
 
-bind_path = cn=%username%,dc=grafana,dc=org
 
+bind_path = cn=%s,dc=grafana,dc=org
 
 attr_username = cn
 
 attr_username = cn
 
 attr_name = cn
 
 attr_name = cn
 
 attr_surname = sn
 
 attr_surname = sn

+ 28 - 7
pkg/auth/ldap.go
查看文件 

@@ -17,7 +17,6 @@ func loginUsingLdap(query *AuthenticateUserQuery) error {
 
 		return err
 
 		return err
 
 	}
 
 	}
 
 
 
-	log.Info("Host: %v", url.Host)
 
 	conn, err := ldap.Dial("tcp", url.Host)
 
 	conn, err := ldap.Dial("tcp", url.Host)
 
 	if err != nil {
 
 	if err != nil {
 
 		return err
 
 		return err
 
@@ -25,10 +24,8 @@ func loginUsingLdap(query *AuthenticateUserQuery) error {
 
 
 
 	defer conn.Close()
 
 	defer conn.Close()
 
 
 
-	bindFormat := "cn=%s,dc=grafana,dc=org"
 
-
 
-	nx := fmt.Sprintf(bindFormat, query.Username)
 
-	err = conn.Bind(nx, query.Password)
 
+	bindPath := fmt.Sprintf(setting.LdapBindPath, query.Username)
 
+	err = conn.Bind(bindPath, query.Password)
 
 
 
 	if err != nil {
 
 	if err != nil {
 
 		if ldapErr, ok := err.(*ldap.Error); ok {
 
 		if ldapErr, ok := err.(*ldap.Error); ok {
 
@@ -39,12 +36,31 @@ func loginUsingLdap(query *AuthenticateUserQuery) error {
 
 		return err
 
 		return err
 
 	}
 
 	}
 
 
 
-	userQuery := m.GetUserByLoginQuery{LoginOrEmail: "admin"}
 
+	searchReq := ldap.SearchRequest{
 
+		BaseDN:       "dc=grafana,dc=org",
 
+		Scope:        ldap.ScopeWholeSubtree,
 
+		DerefAliases: ldap.NeverDerefAliases,
 
+		Attributes:   []string{"cn", "sn", "email"},
 
+		Filter:       fmt.Sprintf("(cn=%s)", query.Username),
 
+	}
 
+
 
+	result, err := conn.Search(&searchReq)
 
+	if err != nil {
 
+		return err
 
+	}
 
+
 
+	log.Info("Search result: %v, error: %v", result, err)
 
+
 
+	for _, entry := range result.Entries {
 
+		log.Info("cn: %s", entry.Attributes[0].Values[0])
 
+		log.Info("email: %s", entry.Attributes[2].Values[0])
 
+	}
 
+
 
+	userQuery := m.GetUserByLoginQuery{LoginOrEmail: query.Username}
 
 	err = bus.Dispatch(&userQuery)
 
 	err = bus.Dispatch(&userQuery)
 
 
 
 	if err != nil {
 
 	if err != nil {
 
 		if err == m.ErrUserNotFound {
 
 		if err == m.ErrUserNotFound {
 
-			return ErrInvalidCredentials
 
 		}
 
 		}
 
 		return err
 
 		return err
 
 	}
 
 	}
 
@@ -53,3 +69,8 @@ func loginUsingLdap(query *AuthenticateUserQuery) error {
 
 
 
 	return nil
 
 	return nil
 
 }
 
 }
 
+
 
+func createUserFromLdapInfo() error {
 
+	return nil
 
+
 
+}

+ 4 - 2
pkg/setting/setting.go
查看文件 

@@ -118,8 +118,9 @@ var (
 
 	GoogleAnalyticsId string
 
 	GoogleAnalyticsId string
 
 
 
 	// LDAP
 
 	// LDAP
 
-	LdapEnabled bool
 
-	LdapHosts   []string
 
+	LdapEnabled  bool
 
+	LdapHosts    []string
 
+	LdapBindPath string
 
 
 
 	// SMTP email settings
 
 	// SMTP email settings
 
 	Smtp SmtpSettings
 
 	Smtp SmtpSettings
 
@@ -419,6 +420,7 @@ func NewConfigContext(args *CommandLineArgs) {
 
 	ldapSec := Cfg.Section("auth.ldap")
 
 	ldapSec := Cfg.Section("auth.ldap")
 
 	LdapEnabled = ldapSec.Key("enabled").MustBool(false)
 
 	LdapEnabled = ldapSec.Key("enabled").MustBool(false)
 
 	LdapHosts = ldapSec.Key("hosts").Strings(" ")
 
 	LdapHosts = ldapSec.Key("hosts").Strings(" ")
 
+	LdapBindPath = ldapSec.Key("bind_path").String()
 
 
 
 	readSessionConfig()
 
 	readSessionConfig()
 
 	readSmtpSettings()
 
 	readSmtpSettings()