|
|
@@ -14,8 +14,9 @@ import (
|
|
|
)
|
|
|
|
|
|
type ldapAuther struct {
|
|
|
- server *LdapServerConf
|
|
|
- conn *ldap.Conn
|
|
|
+ server *LdapServerConf
|
|
|
+ conn *ldap.Conn
|
|
|
+ requireSecondBind bool
|
|
|
}
|
|
|
|
|
|
func NewLdapAuthenticator(server *LdapServerConf) *ldapAuther {
|
|
|
@@ -58,7 +59,7 @@ func (a *ldapAuther) login(query *LoginUserQuery) error {
|
|
|
}
|
|
|
|
|
|
// check if a second user bind is needed
|
|
|
- if a.server.BindPassword != "" {
|
|
|
+ if a.requireSecondBind {
|
|
|
if err := a.secondBind(ldapUser, query.Password); err != nil {
|
|
|
return err
|
|
|
}
|
|
|
@@ -204,8 +205,9 @@ func (a *ldapAuther) secondBind(ldapUser *ldapUserInfo, userPassword string) err
|
|
|
}
|
|
|
|
|
|
func (a *ldapAuther) initialBind(username, userPassword string) error {
|
|
|
- if a.server.BindPassword != "" {
|
|
|
+ if a.server.BindPassword != "" || a.server.BindDN == "" {
|
|
|
userPassword = a.server.BindPassword
|
|
|
+ a.requireSecondBind = true
|
|
|
}
|
|
|
|
|
|
bindPath := a.server.BindDN
|
Torkel Ödegaard