OpenI
/
aiforge
Not watched
1
0
Fork 0
Code
Releases 128 Wiki Activity
Issues 0 Pull Requests 0 Datasets Model Cloudbrain
You can not select more than 25 topics Topics must start with a chinese character,a letter or number, can include dashes ('-') and can be up to 35 characters long.
8806 Commits
197 Branches
392 MB
3500 Download
Tree: b882a665c2
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'b882a665c2'
${ noResults }
aiforge/modules/auth/ldap/ldap.go

ldap.go 11 kB
Raw Normal View History

Merge branch 'develop' of https://github.com/SergioBenitez/gogs into develop # Conflicts: # modules/bindata/bindata.go
9 years ago
initial support for LDAP authentication/MSAD
11 years ago
Merge branch 'develop' of https://github.com/SergioBenitez/gogs into develop # Conflicts: # modules/bindata/bindata.go
9 years ago
initial support for LDAP authentication/MSAD
11 years ago
#1637 able to skip verify for LDAP
9 years ago
initial support for LDAP authentication/MSAD
11 years ago
Sanitizing input to LDAP authentication module.
9 years ago
ldap support
11 years ago
Update import paths from github.com/go-gitea to code.gitea.io (#135) - Update import paths from github.com/go-gitea to code.gitea.io - Fix import path for travis See https://docs.travis-ci.com/user/languages/go#Go-Import-Path
8 years ago
Move to ldap.v3 to fix #5928 (#6105) Signed-off-by: Andrew Thornton <art27@cantab.net>
6 years ago
initial support for LDAP authentication/MSAD
11 years ago
golint fixed for modules/auth
8 years ago
Use SecurityProtocol to replace UseSSL in LDAP config Initially proposed by #2376 and fixes #3068 as well.
9 years ago
Security protocols
8 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
Use SecurityProtocol to replace UseSSL in LDAP config Initially proposed by #2376 and fixes #3068 as well.
9 years ago
golint fixed for modules/auth
8 years ago
#1637 able to skip verify for LDAP
9 years ago
LDAP Public SSH Keys synchronization (#1844) * Add LDAP Key Synchronization feature Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Add migration: add login source id column for public_key table * Only update keys if needed * Add function to only list pubkey synchronized from ldap * Only list pub ssh keys synchronized from ldap. Do not sort strings as ExistsInSlice does it. * Only get keys belonging to current login source id * Set default login source id to 0 * Some minor cleanup. Add integration tests (updete dep testify)
7 years ago
Add option to prevent LDAP from deactivating everything on empty search (#9879) * Add option to prevent LDAP from deactivating everything on empty search * Update options/locale/locale_en-US.ini Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com> Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
5 years ago
initial support for LDAP authentication/MSAD
11 years ago
LDAP user synchronization (#1478)
8 years ago
LDAP Public SSH Keys synchronization (#1844) * Add LDAP Key Synchronization feature Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Add migration: add login source id column for public_key table * Only update keys if needed * Add function to only list pubkey synchronized from ldap * Only list pub ssh keys synchronized from ldap. Do not sort strings as ExistsInSlice does it. * Only get keys belonging to current login source id * Set default login source id to 0 * Some minor cleanup. Add integration tests (updete dep testify)
7 years ago
LDAP user synchronization (#1478)
8 years ago
Sanitizing input to LDAP authentication module.
9 years ago
Correct ldap username validation. (#2880) PR #342 was only partially applied. Spaces should not be at the start and end of a username but they can be inside.
7 years ago
Sanitizing input to LDAP authentication module.
9 years ago
LDAP: Use single connection in BindDN mode auth According to RFC 4511 4.2.1. Processing of the Bind Request "Clients may send multiple Bind requests to change the authentication and/or security associations or to complete a multi-stage Bind process. Authentication from earlier binds is subsequently ignored." Therefore we should not use 2 connections, but single one just sending two bind requests.
9 years ago
Significantly enhanced LDAP support in Gogs.
9 years ago
Sanitizing input to LDAP authentication module.
9 years ago
LDAP: Make a bit more detailed log traces This is useful especially to check whether we fetch right attributes, using right LDAP search base and in right order.
9 years ago
Significantly enhanced LDAP support in Gogs.
9 years ago
work on #986 and fix a LDAP crash
9 years ago
Merge branch 'develop' of https://github.com/SergioBenitez/gogs into develop # Conflicts: # modules/bindata/bindata.go
9 years ago
Significantly enhanced LDAP support in Gogs.
9 years ago
Merge branch 'develop' of https://github.com/SergioBenitez/gogs into develop # Conflicts: # modules/bindata/bindata.go
9 years ago
initial support for LDAP authentication/MSAD
11 years ago
Significantly enhanced LDAP support in Gogs.
9 years ago
Merge branch 'develop' of https://github.com/SergioBenitez/gogs into develop # Conflicts: # modules/bindata/bindata.go
9 years ago
Significantly enhanced LDAP support in Gogs.
9 years ago
Better logging (#6038) (#6095) * Panic don't fatal on create new logger Fixes #5854 Signed-off-by: Andrew Thornton <art27@cantab.net> * partial broken * Update the logging infrastrcture Signed-off-by: Andrew Thornton <art27@cantab.net> * Reset the skip levels for Fatal and Error Signed-off-by: Andrew Thornton <art27@cantab.net> * broken ncsa * More log.Error fixes Signed-off-by: Andrew Thornton <art27@cantab.net> * Remove nal * set log-levels to lowercase * Make console_test test all levels * switch to lowercased levels * OK now working * Fix vetting issues * Fix lint * Fix tests * change default logging to match current gitea * Improve log testing Signed-off-by: Andrew Thornton <art27@cantab.net> * reset error skip levels to 0 * Update documentation and access logger configuration * Redirect the router log back to gitea if redirect macaron log but also allow setting the log level - i.e. TRACE * Fix broken level caching * Refactor the router log * Add Router logger * Add colorizing options * Adjust router colors * Only create logger if they will be used * update app.ini.sample * rename Attribute ColorAttribute * Change from white to green for function * Set fatal/error levels * Restore initial trace logger * Fix Trace arguments in modules/auth/auth.go * Properly handle XORMLogger * Improve admin/config page * fix fmt * Add auto-compression of old logs * Update error log levels * Remove the unnecessary skip argument from Error, Fatal and Critical * Add stacktrace support * Fix tests * Remove x/sync from vendors? * Add stderr option to console logger * Use filepath.ToSlash to protect against Windows in tests * Remove prefixed underscores from names in colors.go * Remove not implemented database logger This was removed from Gogs on 4 Mar 2016 but left in the configuration since then. * Ensure that log paths are relative to ROOT_PATH * use path.Join * rename jsonConfig to logConfig * Rename "config" to "jsonConfig" to make it clearer * Requested changes * Requested changes: XormLogger * Try to color the windows terminal If successful default to colorizing the console logs * fixup * Colorize initially too * update vendor * Colorize logs on default and remove if this is not a colorizing logger * Fix documentation * fix test * Use go-isatty to detect if on windows we are on msys or cygwin * Fix spelling mistake * Add missing vendors * More changes * Rationalise the ANSI writer protection * Adjust colors on advice from @0x5c * Make Flags a comma separated list * Move to use the windows constant for ENABLE_VIRTUAL_TERMINAL_PROCESSING * Ensure matching is done on the non-colored message - to simpify EXPRESSION
6 years ago
Merge branch 'develop' of https://github.com/SergioBenitez/gogs into develop # Conflicts: # modules/bindata/bindata.go
9 years ago
Significantly enhanced LDAP support in Gogs.
9 years ago
Merge branch 'develop' of https://github.com/SergioBenitez/gogs into develop # Conflicts: # modules/bindata/bindata.go
9 years ago
initial support for LDAP authentication/MSAD
11 years ago
Use SecurityProtocol to replace UseSSL in LDAP config Initially proposed by #2376 and fixes #3068 as well.
9 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
Use SecurityProtocol to replace UseSSL in LDAP config Initially proposed by #2376 and fixes #3068 as well.
9 years ago
Fix type in unused constant name (#111) * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
8 years ago
Use SecurityProtocol to replace UseSSL in LDAP config Initially proposed by #2376 and fixes #3068 as well.
9 years ago
LDAP user synchronization (#1478)
8 years ago
Better logging (#6038) (#6095) * Panic don't fatal on create new logger Fixes #5854 Signed-off-by: Andrew Thornton <art27@cantab.net> * partial broken * Update the logging infrastrcture Signed-off-by: Andrew Thornton <art27@cantab.net> * Reset the skip levels for Fatal and Error Signed-off-by: Andrew Thornton <art27@cantab.net> * broken ncsa * More log.Error fixes Signed-off-by: Andrew Thornton <art27@cantab.net> * Remove nal * set log-levels to lowercase * Make console_test test all levels * switch to lowercased levels * OK now working * Fix vetting issues * Fix lint * Fix tests * change default logging to match current gitea * Improve log testing Signed-off-by: Andrew Thornton <art27@cantab.net> * reset error skip levels to 0 * Update documentation and access logger configuration * Redirect the router log back to gitea if redirect macaron log but also allow setting the log level - i.e. TRACE * Fix broken level caching * Refactor the router log * Add Router logger * Add colorizing options * Adjust router colors * Only create logger if they will be used * update app.ini.sample * rename Attribute ColorAttribute * Change from white to green for function * Set fatal/error levels * Restore initial trace logger * Fix Trace arguments in modules/auth/auth.go * Properly handle XORMLogger * Improve admin/config page * fix fmt * Add auto-compression of old logs * Update error log levels * Remove the unnecessary skip argument from Error, Fatal and Critical * Add stacktrace support * Fix tests * Remove x/sync from vendors? * Add stderr option to console logger * Use filepath.ToSlash to protect against Windows in tests * Remove prefixed underscores from names in colors.go * Remove not implemented database logger This was removed from Gogs on 4 Mar 2016 but left in the configuration since then. * Ensure that log paths are relative to ROOT_PATH * use path.Join * rename jsonConfig to logConfig * Rename "config" to "jsonConfig" to make it clearer * Requested changes * Requested changes: XormLogger * Try to color the windows terminal If successful default to colorizing the console logs * fixup * Colorize initially too * update vendor * Colorize logs on default and remove if this is not a colorizing logger * Fix documentation * fix test * Use go-isatty to detect if on windows we are on msys or cygwin * Fix spelling mistake * Add missing vendors * More changes * Rationalise the ANSI writer protection * Adjust colors on advice from @0x5c * Make Flags a comma separated list * Move to use the windows constant for ENABLE_VIRTUAL_TERMINAL_PROCESSING * Ensure matching is done on the non-colored message - to simpify EXPRESSION
6 years ago
LDAP user synchronization (#1478)
8 years ago
ldap: Adjust log settings when a user is not found. (#5771) Fixes: #3849.
6 years ago
LDAP user synchronization (#1478)
8 years ago
golint fixed for modules/auth
8 years ago
LDAP user synchronization (#1478)
8 years ago
Correction LDAP validation (#342) * Correction LDAP username validation As https://msdn.microsoft.com/en-us/library/aa366101(v=vs.85).aspx describe spaces should not be in start or at the end of username but they can be inside the username. So please check my solution for it. * Check for zero length passwords in LDAP module. According to https://tools.ietf.org/search/rfc4513#section-5.1.2 LDAP client should always check before bind whether a password is an empty value. There are at least one LDAP implementation which does not return error if you try to bind with DN set and empty password - AD. * Clearing the login/email spaces at the [start/end]
8 years ago
Better logging (#6038) (#6095) * Panic don't fatal on create new logger Fixes #5854 Signed-off-by: Andrew Thornton <art27@cantab.net> * partial broken * Update the logging infrastrcture Signed-off-by: Andrew Thornton <art27@cantab.net> * Reset the skip levels for Fatal and Error Signed-off-by: Andrew Thornton <art27@cantab.net> * broken ncsa * More log.Error fixes Signed-off-by: Andrew Thornton <art27@cantab.net> * Remove nal * set log-levels to lowercase * Make console_test test all levels * switch to lowercased levels * OK now working * Fix vetting issues * Fix lint * Fix tests * change default logging to match current gitea * Improve log testing Signed-off-by: Andrew Thornton <art27@cantab.net> * reset error skip levels to 0 * Update documentation and access logger configuration * Redirect the router log back to gitea if redirect macaron log but also allow setting the log level - i.e. TRACE * Fix broken level caching * Refactor the router log * Add Router logger * Add colorizing options * Adjust router colors * Only create logger if they will be used * update app.ini.sample * rename Attribute ColorAttribute * Change from white to green for function * Set fatal/error levels * Restore initial trace logger * Fix Trace arguments in modules/auth/auth.go * Properly handle XORMLogger * Improve admin/config page * fix fmt * Add auto-compression of old logs * Update error log levels * Remove the unnecessary skip argument from Error, Fatal and Critical * Add stacktrace support * Fix tests * Remove x/sync from vendors? * Add stderr option to console logger * Use filepath.ToSlash to protect against Windows in tests * Remove prefixed underscores from names in colors.go * Remove not implemented database logger This was removed from Gogs on 4 Mar 2016 but left in the configuration since then. * Ensure that log paths are relative to ROOT_PATH * use path.Join * rename jsonConfig to logConfig * Rename "config" to "jsonConfig" to make it clearer * Requested changes * Requested changes: XormLogger * Try to color the windows terminal If successful default to colorizing the console logs * fixup * Colorize initially too * update vendor * Colorize logs on default and remove if this is not a colorizing logger * Fix documentation * fix test * Use go-isatty to detect if on windows we are on msys or cygwin * Fix spelling mistake * Add missing vendors * More changes * Rationalise the ANSI writer protection * Adjust colors on advice from @0x5c * Make Flags a comma separated list * Move to use the windows constant for ENABLE_VIRTUAL_TERMINAL_PROCESSING * Ensure matching is done on the non-colored message - to simpify EXPRESSION
6 years ago
LDAP user synchronization (#1478)
8 years ago
Correction LDAP validation (#342) * Correction LDAP username validation As https://msdn.microsoft.com/en-us/library/aa366101(v=vs.85).aspx describe spaces should not be in start or at the end of username but they can be inside the username. So please check my solution for it. * Check for zero length passwords in LDAP module. According to https://tools.ietf.org/search/rfc4513#section-5.1.2 LDAP client should always check before bind whether a password is an empty value. There are at least one LDAP implementation which does not return error if you try to bind with DN set and empty password - AD. * Clearing the login/email spaces at the [start/end]
8 years ago
Use SecurityProtocol to replace UseSSL in LDAP config Initially proposed by #2376 and fixes #3068 as well.
9 years ago
LDAP: Use single connection in BindDN mode auth According to RFC 4511 4.2.1. Processing of the Bind Request "Clients may send multiple Bind requests to change the authentication and/or security associations or to complete a multi-stage Bind process. Authentication from earlier binds is subsequently ignored." Therefore we should not use 2 connections, but single one just sending two bind requests.
9 years ago
Better logging (#6038) (#6095) * Panic don't fatal on create new logger Fixes #5854 Signed-off-by: Andrew Thornton <art27@cantab.net> * partial broken * Update the logging infrastrcture Signed-off-by: Andrew Thornton <art27@cantab.net> * Reset the skip levels for Fatal and Error Signed-off-by: Andrew Thornton <art27@cantab.net> * broken ncsa * More log.Error fixes Signed-off-by: Andrew Thornton <art27@cantab.net> * Remove nal * set log-levels to lowercase * Make console_test test all levels * switch to lowercased levels * OK now working * Fix vetting issues * Fix lint * Fix tests * change default logging to match current gitea * Improve log testing Signed-off-by: Andrew Thornton <art27@cantab.net> * reset error skip levels to 0 * Update documentation and access logger configuration * Redirect the router log back to gitea if redirect macaron log but also allow setting the log level - i.e. TRACE * Fix broken level caching * Refactor the router log * Add Router logger * Add colorizing options * Adjust router colors * Only create logger if they will be used * update app.ini.sample * rename Attribute ColorAttribute * Change from white to green for function * Set fatal/error levels * Restore initial trace logger * Fix Trace arguments in modules/auth/auth.go * Properly handle XORMLogger * Improve admin/config page * fix fmt * Add auto-compression of old logs * Update error log levels * Remove the unnecessary skip argument from Error, Fatal and Critical * Add stacktrace support * Fix tests * Remove x/sync from vendors? * Add stderr option to console logger * Use filepath.ToSlash to protect against Windows in tests * Remove prefixed underscores from names in colors.go * Remove not implemented database logger This was removed from Gogs on 4 Mar 2016 but left in the configuration since then. * Ensure that log paths are relative to ROOT_PATH * use path.Join * rename jsonConfig to logConfig * Rename "config" to "jsonConfig" to make it clearer * Requested changes * Requested changes: XormLogger * Try to color the windows terminal If successful default to colorizing the console logs * fixup * Colorize initially too * update vendor * Colorize logs on default and remove if this is not a colorizing logger * Fix documentation * fix test * Use go-isatty to detect if on windows we are on msys or cygwin * Fix spelling mistake * Add missing vendors * More changes * Rationalise the ANSI writer protection * Adjust colors on advice from @0x5c * Make Flags a comma separated list * Move to use the windows constant for ENABLE_VIRTUAL_TERMINAL_PROCESSING * Ensure matching is done on the non-colored message - to simpify EXPRESSION
6 years ago
LDAP: Use single connection in BindDN mode auth According to RFC 4511 4.2.1. Processing of the Bind Request "Clients may send multiple Bind requests to change the authentication and/or security associations or to complete a multi-stage Bind process. Authentication from earlier binds is subsequently ignored." Therefore we should not use 2 connections, but single one just sending two bind requests.
9 years ago
LDAP user synchronization (#1478)
8 years ago
LDAP: Use single connection in BindDN mode auth According to RFC 4511 4.2.1. Processing of the Bind Request "Clients may send multiple Bind requests to change the authentication and/or security associations or to complete a multi-stage Bind process. Authentication from earlier binds is subsequently ignored." Therefore we should not use 2 connections, but single one just sending two bind requests.
9 years ago
Added LDAP simple auth support.
9 years ago
revert simple LDAP userDN and update example
9 years ago
Sanitizing input to LDAP authentication module.
9 years ago
LDAP via simple auth separate bind user and search base (#5055)
6 years ago
Sanitizing input to LDAP authentication module.
9 years ago
LDAP user synchronization (#1478)
8 years ago
Sanitizing input to LDAP authentication module.
9 years ago
LDAP via simple auth separate bind user and search base (#5055)
6 years ago
Added LDAP simple auth support.
9 years ago
LDAP via simple auth separate bind user and search base (#5055)
6 years ago
LDAP: Use single connection in BindDN mode auth According to RFC 4511 4.2.1. Processing of the Bind Request "Clients may send multiple Bind requests to change the authentication and/or security associations or to complete a multi-stage Bind process. Authentication from earlier binds is subsequently ignored." Therefore we should not use 2 connections, but single one just sending two bind requests.
9 years ago
Added LDAP simple auth support.
9 years ago
LDAP user synchronization (#1478)
8 years ago
Added LDAP simple auth support.
9 years ago
Significantly enhanced LDAP support in Gogs.
9 years ago
LDAP via simple auth separate bind user and search base (#5055)
6 years ago
LDAP: Fetch attributes in Bind DN context option This is feature is workaround for #2628 (JumpCloud) and some other services that allow LDAP search only under BindDN user account, but not allow any LDAP search query in logged user DN context. Such approach is an alternative to minimal permissions security pattern for BindDN user.
9 years ago
LDAP user synchronization (#1478)
8 years ago
LDAP: Fetch attributes in Bind DN context option This is feature is workaround for #2628 (JumpCloud) and some other services that allow LDAP search only under BindDN user account, but not allow any LDAP search query in logged user DN context. Such approach is an alternative to minimal permissions security pattern for BindDN user.
9 years ago
initial support for LDAP authentication/MSAD
11 years ago
Sanitizing input to LDAP authentication module.
9 years ago
LDAP user synchronization (#1478)
8 years ago
Sanitizing input to LDAP authentication module.
9 years ago
Request for public keys only if LDAP attribute is set (#5816) * Update go-ldap dependency * Request for public keys only if attribute is set
6 years ago
Synchronize SSH keys on login with LDAP + Fix SQLite deadlock on ldap ssh key deletion (#5557) * Synchronize SSH keys on login with LDAP * BUG: Fix hang on sqlite during LDAP key deletion
6 years ago
Remove ldap dep
10 years ago
Significantly enhanced LDAP support in Gogs.
9 years ago
Request for public keys only if LDAP attribute is set (#5816) * Update go-ldap dependency * Request for public keys only if attribute is set
6 years ago
Significantly enhanced LDAP support in Gogs.
9 years ago
initial support for LDAP authentication/MSAD
11 years ago
Better logging (#6038) (#6095) * Panic don't fatal on create new logger Fixes #5854 Signed-off-by: Andrew Thornton <art27@cantab.net> * partial broken * Update the logging infrastrcture Signed-off-by: Andrew Thornton <art27@cantab.net> * Reset the skip levels for Fatal and Error Signed-off-by: Andrew Thornton <art27@cantab.net> * broken ncsa * More log.Error fixes Signed-off-by: Andrew Thornton <art27@cantab.net> * Remove nal * set log-levels to lowercase * Make console_test test all levels * switch to lowercased levels * OK now working * Fix vetting issues * Fix lint * Fix tests * change default logging to match current gitea * Improve log testing Signed-off-by: Andrew Thornton <art27@cantab.net> * reset error skip levels to 0 * Update documentation and access logger configuration * Redirect the router log back to gitea if redirect macaron log but also allow setting the log level - i.e. TRACE * Fix broken level caching * Refactor the router log * Add Router logger * Add colorizing options * Adjust router colors * Only create logger if they will be used * update app.ini.sample * rename Attribute ColorAttribute * Change from white to green for function * Set fatal/error levels * Restore initial trace logger * Fix Trace arguments in modules/auth/auth.go * Properly handle XORMLogger * Improve admin/config page * fix fmt * Add auto-compression of old logs * Update error log levels * Remove the unnecessary skip argument from Error, Fatal and Critical * Add stacktrace support * Fix tests * Remove x/sync from vendors? * Add stderr option to console logger * Use filepath.ToSlash to protect against Windows in tests * Remove prefixed underscores from names in colors.go * Remove not implemented database logger This was removed from Gogs on 4 Mar 2016 but left in the configuration since then. * Ensure that log paths are relative to ROOT_PATH * use path.Join * rename jsonConfig to logConfig * Rename "config" to "jsonConfig" to make it clearer * Requested changes * Requested changes: XormLogger * Try to color the windows terminal If successful default to colorizing the console logs * fixup * Colorize initially too * update vendor * Colorize logs on default and remove if this is not a colorizing logger * Fix documentation * fix test * Use go-isatty to detect if on windows we are on msys or cygwin * Fix spelling mistake * Add missing vendors * More changes * Rationalise the ANSI writer protection * Adjust colors on advice from @0x5c * Make Flags a comma separated list * Move to use the windows constant for ENABLE_VIRTUAL_TERMINAL_PROCESSING * Ensure matching is done on the non-colored message - to simpify EXPRESSION
6 years ago
LDAP user synchronization (#1478)
8 years ago
Significantly enhanced LDAP support in Gogs.
9 years ago
Added LDAP simple auth support.
9 years ago
ldap: Adjust log settings when a user is not found. (#5771) Fixes: #3849.
6 years ago
Added LDAP simple auth support.
9 years ago
ldap: Adjust log settings when a user is not found. (#5771) Fixes: #3849.
6 years ago
Added LDAP simple auth support.
9 years ago
LDAP user synchronization (#1478)
8 years ago
initial support for LDAP authentication/MSAD
11 years ago
Significantly enhanced LDAP support in Gogs.
9 years ago
Request for public keys only if LDAP attribute is set (#5816) * Update go-ldap dependency * Request for public keys only if attribute is set
6 years ago
#2709 validate username attribute fetched from LDAP
9 years ago
Request for public keys only if LDAP attribute is set (#5816) * Update go-ldap dependency * Request for public keys only if attribute is set
6 years ago
LDAP user synchronization (#1478)
8 years ago
Set IsAdmin using LDAP The IsAdmin flag is set based on whether the admin filter returned any result. The admin filter is applied with the user dn as the search root. In the future, we should update IsAdmin as well on each login. Alternately, we can have a periodic sync operation.
9 years ago
LDAP user synchronization (#1478)
8 years ago
#1554 check adminFilter length before LDAP search
9 years ago
LDAP user synchronization (#1478)
8 years ago
#1554 check adminFilter length before LDAP search
9 years ago
Set IsAdmin using LDAP The IsAdmin flag is set based on whether the admin filter returned any result. The admin filter is applied with the user dn as the search root. In the future, we should update IsAdmin as well on each login. Alternately, we can have a periodic sync operation.
9 years ago
LDAP user synchronization (#1478)
8 years ago
Synchronize SSH keys on login with LDAP + Fix SQLite deadlock on ldap ssh key deletion (#5557) * Synchronize SSH keys on login with LDAP * BUG: Fix hang on sqlite during LDAP key deletion
6 years ago
LDAP user synchronization (#1478)
8 years ago
Add option to use paged LDAP search when synchronizing users (#3895)
7 years ago
LDAP user synchronization (#1478)
8 years ago
Abort syncrhonization from LDAP source if there is some error. (#7960) Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
5 years ago
LDAP user synchronization (#1478)
8 years ago
Better logging (#6038) (#6095) * Panic don't fatal on create new logger Fixes #5854 Signed-off-by: Andrew Thornton <art27@cantab.net> * partial broken * Update the logging infrastrcture Signed-off-by: Andrew Thornton <art27@cantab.net> * Reset the skip levels for Fatal and Error Signed-off-by: Andrew Thornton <art27@cantab.net> * broken ncsa * More log.Error fixes Signed-off-by: Andrew Thornton <art27@cantab.net> * Remove nal * set log-levels to lowercase * Make console_test test all levels * switch to lowercased levels * OK now working * Fix vetting issues * Fix lint * Fix tests * change default logging to match current gitea * Improve log testing Signed-off-by: Andrew Thornton <art27@cantab.net> * reset error skip levels to 0 * Update documentation and access logger configuration * Redirect the router log back to gitea if redirect macaron log but also allow setting the log level - i.e. TRACE * Fix broken level caching * Refactor the router log * Add Router logger * Add colorizing options * Adjust router colors * Only create logger if they will be used * update app.ini.sample * rename Attribute ColorAttribute * Change from white to green for function * Set fatal/error levels * Restore initial trace logger * Fix Trace arguments in modules/auth/auth.go * Properly handle XORMLogger * Improve admin/config page * fix fmt * Add auto-compression of old logs * Update error log levels * Remove the unnecessary skip argument from Error, Fatal and Critical * Add stacktrace support * Fix tests * Remove x/sync from vendors? * Add stderr option to console logger * Use filepath.ToSlash to protect against Windows in tests * Remove prefixed underscores from names in colors.go * Remove not implemented database logger This was removed from Gogs on 4 Mar 2016 but left in the configuration since then. * Ensure that log paths are relative to ROOT_PATH * use path.Join * rename jsonConfig to logConfig * Rename "config" to "jsonConfig" to make it clearer * Requested changes * Requested changes: XormLogger * Try to color the windows terminal If successful default to colorizing the console logs * fixup * Colorize initially too * update vendor * Colorize logs on default and remove if this is not a colorizing logger * Fix documentation * fix test * Use go-isatty to detect if on windows we are on msys or cygwin * Fix spelling mistake * Add missing vendors * More changes * Rationalise the ANSI writer protection * Adjust colors on advice from @0x5c * Make Flags a comma separated list * Move to use the windows constant for ENABLE_VIRTUAL_TERMINAL_PROCESSING * Ensure matching is done on the non-colored message - to simpify EXPRESSION
6 years ago
LDAP user synchronization (#1478)
8 years ago
Abort syncrhonization from LDAP source if there is some error. (#7960) Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
5 years ago
LDAP user synchronization (#1478)
8 years ago
LDAP: Fetch attributes in Bind DN context option This is feature is workaround for #2628 (JumpCloud) and some other services that allow LDAP search only under BindDN user account, but not allow any LDAP search query in logged user DN context. Such approach is an alternative to minimal permissions security pattern for BindDN user.
9 years ago
LDAP user synchronization (#1478)
8 years ago
Abort syncrhonization from LDAP source if there is some error. (#7960) Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
5 years ago
LDAP user synchronization (#1478)
8 years ago
Request for public keys only if LDAP attribute is set (#5816) * Update go-ldap dependency * Request for public keys only if attribute is set
6 years ago
LDAP Public SSH Keys synchronization (#1844) * Add LDAP Key Synchronization feature Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Add migration: add login source id column for public_key table * Only update keys if needed * Add function to only list pubkey synchronized from ldap * Only list pub ssh keys synchronized from ldap. Do not sort strings as ExistsInSlice does it. * Only get keys belonging to current login source id * Set default login source id to 0 * Some minor cleanup. Add integration tests (updete dep testify)
7 years ago
LDAP user synchronization (#1478)
8 years ago
Request for public keys only if LDAP attribute is set (#5816) * Update go-ldap dependency * Request for public keys only if attribute is set
6 years ago
LDAP user synchronization (#1478)
8 years ago
Add option to use paged LDAP search when synchronizing users (#3895)
7 years ago
LDAP user synchronization (#1478)
8 years ago
Better logging (#6038) (#6095) * Panic don't fatal on create new logger Fixes #5854 Signed-off-by: Andrew Thornton <art27@cantab.net> * partial broken * Update the logging infrastrcture Signed-off-by: Andrew Thornton <art27@cantab.net> * Reset the skip levels for Fatal and Error Signed-off-by: Andrew Thornton <art27@cantab.net> * broken ncsa * More log.Error fixes Signed-off-by: Andrew Thornton <art27@cantab.net> * Remove nal * set log-levels to lowercase * Make console_test test all levels * switch to lowercased levels * OK now working * Fix vetting issues * Fix lint * Fix tests * change default logging to match current gitea * Improve log testing Signed-off-by: Andrew Thornton <art27@cantab.net> * reset error skip levels to 0 * Update documentation and access logger configuration * Redirect the router log back to gitea if redirect macaron log but also allow setting the log level - i.e. TRACE * Fix broken level caching * Refactor the router log * Add Router logger * Add colorizing options * Adjust router colors * Only create logger if they will be used * update app.ini.sample * rename Attribute ColorAttribute * Change from white to green for function * Set fatal/error levels * Restore initial trace logger * Fix Trace arguments in modules/auth/auth.go * Properly handle XORMLogger * Improve admin/config page * fix fmt * Add auto-compression of old logs * Update error log levels * Remove the unnecessary skip argument from Error, Fatal and Critical * Add stacktrace support * Fix tests * Remove x/sync from vendors? * Add stderr option to console logger * Use filepath.ToSlash to protect against Windows in tests * Remove prefixed underscores from names in colors.go * Remove not implemented database logger This was removed from Gogs on 4 Mar 2016 but left in the configuration since then. * Ensure that log paths are relative to ROOT_PATH * use path.Join * rename jsonConfig to logConfig * Rename "config" to "jsonConfig" to make it clearer * Requested changes * Requested changes: XormLogger * Try to color the windows terminal If successful default to colorizing the console logs * fixup * Colorize initially too * update vendor * Colorize logs on default and remove if this is not a colorizing logger * Fix documentation * fix test * Use go-isatty to detect if on windows we are on msys or cygwin * Fix spelling mistake * Add missing vendors * More changes * Rationalise the ANSI writer protection * Adjust colors on advice from @0x5c * Make Flags a comma separated list * Move to use the windows constant for ENABLE_VIRTUAL_TERMINAL_PROCESSING * Ensure matching is done on the non-colored message - to simpify EXPRESSION
6 years ago
Abort syncrhonization from LDAP source if there is some error. (#7960) Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
5 years ago
LDAP user synchronization (#1478)
8 years ago
Request for public keys only if LDAP attribute is set (#5816) * Update go-ldap dependency * Request for public keys only if attribute is set
6 years ago
LDAP: Fetch attributes in Bind DN context option This is feature is workaround for #2628 (JumpCloud) and some other services that allow LDAP search only under BindDN user account, but not allow any LDAP search query in logged user DN context. Such approach is an alternative to minimal permissions security pattern for BindDN user.
9 years ago
Abort syncrhonization from LDAP source if there is some error. (#7960) Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
5 years ago
initial support for LDAP authentication/MSAD
11 years ago
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373 
  1. // Copyright 2014 The Gogs Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. // Package ldap provide functions & structure to query a LDAP ldap directory

  6. // For now, it's mainly tested again an MS Active Directory service, see README.md for more information

  7. package ldap

  8. 

  9. import (

  10. 	"crypto/tls"

  11. 	"fmt"

  12. 	"strings"

  13. 

  14. 	"code.gitea.io/gitea/modules/log"

  15. 

  16. 	ldap "gopkg.in/ldap.v3"

  17. )

  18. 

  19. // SecurityProtocol protocol type

  20. type SecurityProtocol int

  21. 

  22. // Note: new type must be added at the end of list to maintain compatibility.

  23. const (

  24. 	SecurityProtocolUnencrypted SecurityProtocol = iota

  25. 	SecurityProtocolLDAPS

  26. 	SecurityProtocolStartTLS

  27. )

  28. 

  29. // Source Basic LDAP authentication service

  30. type Source struct {

  31. 	Name                  string // canonical name (ie. corporate.ad)

  32. 	Host                  string // LDAP host

  33. 	Port                  int    // port number

  34. 	SecurityProtocol      SecurityProtocol

  35. 	SkipVerify            bool

  36. 	BindDN                string // DN to bind with

  37. 	BindPassword          string // Bind DN password

  38. 	UserBase              string // Base search path for users

  39. 	UserDN                string // Template for the DN of the user for simple auth

  40. 	AttributeUsername     string // Username attribute

  41. 	AttributeName         string // First name attribute

  42. 	AttributeSurname      string // Surname attribute

  43. 	AttributeMail         string // E-mail attribute

  44. 	AttributesInBind      bool   // fetch attributes in bind context (not user)

  45. 	AttributeSSHPublicKey string // LDAP SSH Public Key attribute

  46. 	SearchPageSize        uint32 // Search with paging page size

  47. 	Filter                string // Query filter to validate entry

  48. 	AdminFilter           string // Query filter to check if user is admin

  49. 	Enabled               bool   // if this source is disabled

  50. 	AllowDeactivateAll    bool   // Allow an empty search response to deactivate all users from this source

  51. }

  52. 

  53. // SearchResult : user data

  54. type SearchResult struct {

  55. 	Username     string   // Username

  56. 	Name         string   // Name

  57. 	Surname      string   // Surname

  58. 	Mail         string   // E-mail address

  59. 	SSHPublicKey []string // SSH Public Key

  60. 	IsAdmin      bool     // if user is administrator

  61. }

  62. 

  63. func (ls *Source) sanitizedUserQuery(username string) (string, bool) {

  64. 	// See http://tools.ietf.org/search/rfc4515

  65. 	badCharacters := "\x00()*\\"

  66. 	if strings.ContainsAny(username, badCharacters) {

  67. 		log.Debug("'%s' contains invalid query characters. Aborting.", username)

  68. 		return "", false

  69. 	}

  70. 

  71. 	return fmt.Sprintf(ls.Filter, username), true

  72. }

  73. 

  74. func (ls *Source) sanitizedUserDN(username string) (string, bool) {

  75. 	// See http://tools.ietf.org/search/rfc4514: "special characters"

  76. 	badCharacters := "\x00()*\\,='\"#+;<>"

  77. 	if strings.ContainsAny(username, badCharacters) {

  78. 		log.Debug("'%s' contains invalid DN characters. Aborting.", username)

  79. 		return "", false

  80. 	}

  81. 

  82. 	return fmt.Sprintf(ls.UserDN, username), true

  83. }

  84. 

  85. func (ls *Source) findUserDN(l *ldap.Conn, name string) (string, bool) {

  86. 	log.Trace("Search for LDAP user: %s", name)

  87. 

  88. 	// A search for the user.

  89. 	userFilter, ok := ls.sanitizedUserQuery(name)

  90. 	if !ok {

  91. 		return "", false

  92. 	}

  93. 

  94. 	log.Trace("Searching for DN using filter %s and base %s", userFilter, ls.UserBase)

  95. 	search := ldap.NewSearchRequest(

  96. 		ls.UserBase, ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0,

  97. 		false, userFilter, []string{}, nil)

  98. 

  99. 	// Ensure we found a user

  100. 	sr, err := l.Search(search)

  101. 	if err != nil || len(sr.Entries) < 1 {

  102. 		log.Debug("Failed search using filter[%s]: %v", userFilter, err)

  103. 		return "", false

  104. 	} else if len(sr.Entries) > 1 {

  105. 		log.Debug("Filter '%s' returned more than one user.", userFilter)

  106. 		return "", false

  107. 	}

  108. 

  109. 	userDN := sr.Entries[0].DN

  110. 	if userDN == "" {

  111. 		log.Error("LDAP search was successful, but found no DN!")

  112. 		return "", false

  113. 	}

  114. 

  115. 	return userDN, true

  116. }

  117. 

  118. func dial(ls *Source) (*ldap.Conn, error) {

  119. 	log.Trace("Dialing LDAP with security protocol (%v) without verifying: %v", ls.SecurityProtocol, ls.SkipVerify)

  120. 

  121. 	tlsCfg := &tls.Config{

  122. 		ServerName:         ls.Host,

  123. 		InsecureSkipVerify: ls.SkipVerify,

  124. 	}

  125. 	if ls.SecurityProtocol == SecurityProtocolLDAPS {

  126. 		return ldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port), tlsCfg)

  127. 	}

  128. 

  129. 	conn, err := ldap.Dial("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port))

  130. 	if err != nil {

  131. 		return nil, fmt.Errorf("Dial: %v", err)

  132. 	}

  133. 

  134. 	if ls.SecurityProtocol == SecurityProtocolStartTLS {

  135. 		if err = conn.StartTLS(tlsCfg); err != nil {

  136. 			conn.Close()

  137. 			return nil, fmt.Errorf("StartTLS: %v", err)

  138. 		}

  139. 	}

  140. 

  141. 	return conn, nil

  142. }

  143. 

  144. func bindUser(l *ldap.Conn, userDN, passwd string) error {

  145. 	log.Trace("Binding with userDN: %s", userDN)

  146. 	err := l.Bind(userDN, passwd)

  147. 	if err != nil {

  148. 		log.Debug("LDAP auth. failed for %s, reason: %v", userDN, err)

  149. 		return err

  150. 	}

  151. 	log.Trace("Bound successfully with userDN: %s", userDN)

  152. 	return err

  153. }

  154. 

  155. func checkAdmin(l *ldap.Conn, ls *Source, userDN string) bool {

  156. 	if len(ls.AdminFilter) > 0 {

  157. 		log.Trace("Checking admin with filter %s and base %s", ls.AdminFilter, userDN)

  158. 		search := ldap.NewSearchRequest(

  159. 			userDN, ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, ls.AdminFilter,

  160. 			[]string{ls.AttributeName},

  161. 			nil)

  162. 

  163. 		sr, err := l.Search(search)

  164. 

  165. 		if err != nil {

  166. 			log.Error("LDAP Admin Search failed unexpectedly! (%v)", err)

  167. 		} else if len(sr.Entries) < 1 {

  168. 			log.Trace("LDAP Admin Search found no matching entries.")

  169. 		} else {

  170. 			return true

  171. 		}

  172. 	}

  173. 	return false

  174. }

  175. 

  176. // SearchEntry : search an LDAP source if an entry (name, passwd) is valid and in the specific filter

  177. func (ls *Source) SearchEntry(name, passwd string, directBind bool) *SearchResult {

  178. 	// See https://tools.ietf.org/search/rfc4513#section-5.1.2

  179. 	if len(passwd) == 0 {

  180. 		log.Debug("Auth. failed for %s, password cannot be empty", name)

  181. 		return nil

  182. 	}

  183. 	l, err := dial(ls)

  184. 	if err != nil {

  185. 		log.Error("LDAP Connect error, %s:%v", ls.Host, err)

  186. 		ls.Enabled = false

  187. 		return nil

  188. 	}

  189. 	defer l.Close()

  190. 

  191. 	var userDN string

  192. 	if directBind {

  193. 		log.Trace("LDAP will bind directly via UserDN template: %s", ls.UserDN)

  194. 

  195. 		var ok bool

  196. 		userDN, ok = ls.sanitizedUserDN(name)

  197. 

  198. 		if !ok {

  199. 			return nil

  200. 		}

  201. 

  202. 		err = bindUser(l, userDN, passwd)

  203. 		if err != nil {

  204. 			return nil

  205. 		}

  206. 

  207. 		if ls.UserBase != "" {

  208. 			// not everyone has a CN compatible with input name so we need to find

  209. 			// the real userDN in that case

  210. 

  211. 			userDN, ok = ls.findUserDN(l, name)

  212. 			if !ok {

  213. 				return nil

  214. 			}

  215. 		}

  216. 	} else {

  217. 		log.Trace("LDAP will use BindDN.")

  218. 

  219. 		var found bool

  220. 

  221. 		if ls.BindDN != "" && ls.BindPassword != "" {

  222. 			err := l.Bind(ls.BindDN, ls.BindPassword)

  223. 			if err != nil {

  224. 				log.Debug("Failed to bind as BindDN[%s]: %v", ls.BindDN, err)

  225. 				return nil

  226. 			}

  227. 			log.Trace("Bound as BindDN %s", ls.BindDN)

  228. 		} else {

  229. 			log.Trace("Proceeding with anonymous LDAP search.")

  230. 		}

  231. 

  232. 		userDN, found = ls.findUserDN(l, name)

  233. 		if !found {

  234. 			return nil

  235. 		}

  236. 	}

  237. 

  238. 	if !ls.AttributesInBind {

  239. 		// binds user (checking password) before looking-up attributes in user context

  240. 		err = bindUser(l, userDN, passwd)

  241. 		if err != nil {

  242. 			return nil

  243. 		}

  244. 	}

  245. 

  246. 	userFilter, ok := ls.sanitizedUserQuery(name)

  247. 	if !ok {

  248. 		return nil

  249. 	}

  250. 

  251. 	var isAttributeSSHPublicKeySet = len(strings.TrimSpace(ls.AttributeSSHPublicKey)) > 0

  252. 

  253. 	attribs := []string{ls.AttributeUsername, ls.AttributeName, ls.AttributeSurname, ls.AttributeMail}

  254. 	if isAttributeSSHPublicKeySet {

  255. 		attribs = append(attribs, ls.AttributeSSHPublicKey)

  256. 	}

  257. 

  258. 	log.Trace("Fetching attributes '%v', '%v', '%v', '%v', '%v' with filter %s and base %s", ls.AttributeUsername, ls.AttributeName, ls.AttributeSurname, ls.AttributeMail, ls.AttributeSSHPublicKey, userFilter, userDN)

  259. 	search := ldap.NewSearchRequest(

  260. 		userDN, ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, userFilter,

  261. 		attribs, nil)

  262. 

  263. 	sr, err := l.Search(search)

  264. 	if err != nil {

  265. 		log.Error("LDAP Search failed unexpectedly! (%v)", err)

  266. 		return nil

  267. 	} else if len(sr.Entries) < 1 {

  268. 		if directBind {

  269. 			log.Trace("User filter inhibited user login.")

  270. 		} else {

  271. 			log.Trace("LDAP Search found no matching entries.")

  272. 		}

  273. 

  274. 		return nil

  275. 	}

  276. 

  277. 	var sshPublicKey []string

  278. 

  279. 	username := sr.Entries[0].GetAttributeValue(ls.AttributeUsername)

  280. 	firstname := sr.Entries[0].GetAttributeValue(ls.AttributeName)

  281. 	surname := sr.Entries[0].GetAttributeValue(ls.AttributeSurname)

  282. 	mail := sr.Entries[0].GetAttributeValue(ls.AttributeMail)

  283. 	if isAttributeSSHPublicKeySet {

  284. 		sshPublicKey = sr.Entries[0].GetAttributeValues(ls.AttributeSSHPublicKey)

  285. 	}

  286. 	isAdmin := checkAdmin(l, ls, userDN)

  287. 

  288. 	if !directBind && ls.AttributesInBind {

  289. 		// binds user (checking password) after looking-up attributes in BindDN context

  290. 		err = bindUser(l, userDN, passwd)

  291. 		if err != nil {

  292. 			return nil

  293. 		}

  294. 	}

  295. 

  296. 	return &SearchResult{

  297. 		Username:     username,

  298. 		Name:         firstname,

  299. 		Surname:      surname,

  300. 		Mail:         mail,

  301. 		SSHPublicKey: sshPublicKey,

  302. 		IsAdmin:      isAdmin,

  303. 	}

  304. }

  305. 

  306. // UsePagedSearch returns if need to use paged search

  307. func (ls *Source) UsePagedSearch() bool {

  308. 	return ls.SearchPageSize > 0

  309. }

  310. 

  311. // SearchEntries : search an LDAP source for all users matching userFilter

  312. func (ls *Source) SearchEntries() ([]*SearchResult, error) {

  313. 	l, err := dial(ls)

  314. 	if err != nil {

  315. 		log.Error("LDAP Connect error, %s:%v", ls.Host, err)

  316. 		ls.Enabled = false

  317. 		return nil, err

  318. 	}

  319. 	defer l.Close()

  320. 

  321. 	if ls.BindDN != "" && ls.BindPassword != "" {

  322. 		err := l.Bind(ls.BindDN, ls.BindPassword)

  323. 		if err != nil {

  324. 			log.Debug("Failed to bind as BindDN[%s]: %v", ls.BindDN, err)

  325. 			return nil, err

  326. 		}

  327. 		log.Trace("Bound as BindDN %s", ls.BindDN)

  328. 	} else {

  329. 		log.Trace("Proceeding with anonymous LDAP search.")

  330. 	}

  331. 

  332. 	userFilter := fmt.Sprintf(ls.Filter, "*")

  333. 

  334. 	var isAttributeSSHPublicKeySet = len(strings.TrimSpace(ls.AttributeSSHPublicKey)) > 0

  335. 

  336. 	attribs := []string{ls.AttributeUsername, ls.AttributeName, ls.AttributeSurname, ls.AttributeMail}

  337. 	if isAttributeSSHPublicKeySet {

  338. 		attribs = append(attribs, ls.AttributeSSHPublicKey)

  339. 	}

  340. 

  341. 	log.Trace("Fetching attributes '%v', '%v', '%v', '%v', '%v' with filter %s and base %s", ls.AttributeUsername, ls.AttributeName, ls.AttributeSurname, ls.AttributeMail, ls.AttributeSSHPublicKey, userFilter, ls.UserBase)

  342. 	search := ldap.NewSearchRequest(

  343. 		ls.UserBase, ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, userFilter,

  344. 		attribs, nil)

  345. 

  346. 	var sr *ldap.SearchResult

  347. 	if ls.UsePagedSearch() {

  348. 		sr, err = l.SearchWithPaging(search, ls.SearchPageSize)

  349. 	} else {

  350. 		sr, err = l.Search(search)

  351. 	}

  352. 	if err != nil {

  353. 		log.Error("LDAP Search failed unexpectedly! (%v)", err)

  354. 		return nil, err

  355. 	}

  356. 

  357. 	result := make([]*SearchResult, len(sr.Entries))

  358. 

  359. 	for i, v := range sr.Entries {

  360. 		result[i] = &SearchResult{

  361. 			Username: v.GetAttributeValue(ls.AttributeUsername),

  362. 			Name:     v.GetAttributeValue(ls.AttributeName),

  363. 			Surname:  v.GetAttributeValue(ls.AttributeSurname),

  364. 			Mail:     v.GetAttributeValue(ls.AttributeMail),

  365. 			IsAdmin:  checkAdmin(l, ls, v.DN),

  366. 		}

  367. 		if isAttributeSSHPublicKeySet {

  368. 			result[i].SSHPublicKey = v.GetAttributeValues(ls.AttributeSSHPublicKey)

  369. 		}

  370. 	}

  371. 

  372. 	return result, nil

  373. }

No Description