OpenI
/
aiforge
Not watched
1
0
Fork 0
Code
Releases 128 Wiki Activity
Issues 0 Pull Requests 0 Datasets Model Cloudbrain
Browse Source

Merge pull request #915 from Lafriks/dev 

Get username, name, surname and e-mail from LDAP server
tags/v1.2.0-rc1
无闻 10 years ago
parent
a8b07e6688 8016fb54d8
commit
59233609d4
6 changed files with 75 additions and 44 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +4
    -1
      conf/locale/locale_en-US.ini
  2. +2
    -1
      models/login.go
  3. +4
    -1
      modules/auth/auth_form.go
  4. +27
    -21
      modules/auth/ldap/ldap.go
  5. +24
    -18
      routers/admin/auths.go
  6. +14
    -2
      templates/admin/auth/edit.tmpl

+ 4
- 1
conf/locale/locale_en-US.ini View File

@@ -595,7 +595,10 @@ auths.domain = Domain
auths.host = Host auths.host = Host
auths.port = Port auths.port = Port
auths.base_dn = Base DN auths.base_dn = Base DN
auths.attributes = Search Attributes
auths.attribute_username = Username attribute
auths.attribute_name = First name attribute
auths.attribute_surname = Surname attribute
auths.attribute_mail = E-mail attribute
auths.filter = Search Filter auths.filter = Search Filter
auths.ms_ad_sa = Ms Ad SA auths.ms_ad_sa = Ms Ad SA
auths.smtp_auth = SMTP Authorization Type auths.smtp_auth = SMTP Authorization Type


+ 2
- 1
models/login.go View File

@@ -231,7 +231,7 @@ func UserSignIn(uname, passwd string) (*User, error) {
// Return the same LoginUserPlain semantic // Return the same LoginUserPlain semantic
// FIXME: https://github.com/gogits/gogs/issues/672 // FIXME: https://github.com/gogits/gogs/issues/672
func LoginUserLdapSource(u *User, name, passwd string, sourceId int64, cfg *LDAPConfig, autoRegister bool) (*User, error) { func LoginUserLdapSource(u *User, name, passwd string, sourceId int64, cfg *LDAPConfig, autoRegister bool) (*User, error) {
mail, logged := cfg.Ldapsource.SearchEntry(name, passwd)
name, fn, sn, mail, logged := cfg.Ldapsource.SearchEntry(name, passwd)
if !logged { if !logged {
// User not in LDAP, do nothing // User not in LDAP, do nothing
return nil, ErrUserNotExist return nil, ErrUserNotExist
@@ -247,6 +247,7 @@ func LoginUserLdapSource(u *User, name, passwd string, sourceId int64, cfg *LDAP


u = &User{ u = &User{
Name: name, Name: name,
FullName: fn + " " + sn,
LoginType: LDAP, LoginType: LDAP,
LoginSource: sourceId, LoginSource: sourceId,
LoginName: name, LoginName: name,


+ 4
- 1
modules/auth/auth_form.go View File

@@ -18,7 +18,10 @@ type AuthenticationForm struct {
Port int `form:"port"` Port int `form:"port"`
UseSSL bool `form:"usessl"` UseSSL bool `form:"usessl"`
BaseDN string `form:"base_dn"` BaseDN string `form:"base_dn"`
Attributes string `form:"attributes"`
AttributeUsername string `form:"attribute_username"`
AttributeName string `form:"attribute_name"`
AttributeSurname string `form:"attribute_surname"`
AttributeMail string `form:"attribute_mail"`
Filter string `form:"filter"` Filter string `form:"filter"`
MsAdSA string `form:"ms_ad_sa"` MsAdSA string `form:"ms_ad_sa"`
IsActived bool `form:"is_actived"` IsActived bool `form:"is_actived"`


+ 27
- 21
modules/auth/ldap/ldap.go View File

@@ -15,15 +15,18 @@ import (


// Basic LDAP authentication service // Basic LDAP authentication service
type Ldapsource struct { type Ldapsource struct {
Name string // canonical name (ie. corporate.ad)
Host string // LDAP host
Port int // port number
UseSSL bool // Use SSL
BaseDN string // Base DN
Attributes string // Attribute to search
Filter string // Query filter to validate entry
MsAdSAFormat string // in the case of MS AD Simple Authen, the format to use (see: http://msdn.microsoft.com/en-us/library/cc223499.aspx)
Enabled bool // if this source is disabled
Name string // canonical name (ie. corporate.ad)
Host string // LDAP host
Port int // port number
UseSSL bool // Use SSL
BaseDN string // Base DN
AttributeUsername string // Username attribute
AttributeName string // First name attribute
AttributeSurname string // Surname attribute
AttributeMail string // E-mail attribute
Filter string // Query filter to validate entry
MsAdSAFormat string // in the case of MS AD Simple Authen, the format to use (see: http://msdn.microsoft.com/en-us/library/cc223499.aspx)
Enabled bool // if this source is disabled
} }


//Global LDAP directory pool //Global LDAP directory pool
@@ -32,18 +35,18 @@ var (
) )


// Add a new source (LDAP directory) to the global pool // Add a new source (LDAP directory) to the global pool
func AddSource(name string, host string, port int, usessl bool, basedn string, attributes string, filter string, msadsaformat string) {
ldaphost := Ldapsource{name, host, port, usessl, basedn, attributes, filter, msadsaformat, true}
func AddSource(name string, host string, port int, usessl bool, basedn string, attribcn string, attribname string, attribsn string, attribmail string, filter string, msadsaformat string) {
ldaphost := Ldapsource{name, host, port, usessl, basedn, attribcn, attribname, attribsn, attribmail, filter, msadsaformat, true}
Authensource = append(Authensource, ldaphost) Authensource = append(Authensource, ldaphost)
} }


//LoginUser : try to login an user to LDAP sources, return requested (attribute,true) if ok, ("",false) other wise //LoginUser : try to login an user to LDAP sources, return requested (attribute,true) if ok, ("",false) other wise
//First match wins //First match wins
//Returns first attribute if exists //Returns first attribute if exists
func LoginUser(name, passwd string) (a string, r bool) {
func LoginUser(name, passwd string) (cn, fn, sn, mail string, r bool) {
r = false r = false
for _, ls := range Authensource { for _, ls := range Authensource {
a, r = ls.SearchEntry(name, passwd)
cn, fn, sn, mail, r = ls.SearchEntry(name, passwd)
if r { if r {
return return
} }
@@ -52,12 +55,12 @@ func LoginUser(name, passwd string) (a string, r bool) {
} }


// searchEntry : search an LDAP source if an entry (name, passwd) is valide and in the specific filter // searchEntry : search an LDAP source if an entry (name, passwd) is valide and in the specific filter
func (ls Ldapsource) SearchEntry(name, passwd string) (string, bool) {
func (ls Ldapsource) SearchEntry(name, passwd string) (string, string, string, string, bool) {
l, err := ldapDial(ls) l, err := ldapDial(ls)
if err != nil { if err != nil {
log.Error(4, "LDAP Connect error, %s:%v", ls.Host, err) log.Error(4, "LDAP Connect error, %s:%v", ls.Host, err)
ls.Enabled = false ls.Enabled = false
return "", false
return "", "", "", "", false
} }
defer l.Close() defer l.Close()


@@ -65,26 +68,29 @@ func (ls Ldapsource) SearchEntry(name, passwd string) (string, bool) {
err = l.Bind(nx, passwd) err = l.Bind(nx, passwd)
if err != nil { if err != nil {
log.Debug("LDAP Authan failed for %s, reason: %s", nx, err.Error()) log.Debug("LDAP Authan failed for %s, reason: %s", nx, err.Error())
return "", false
return "", "", "", "", false
} }


search := ldap.NewSearchRequest( search := ldap.NewSearchRequest(
ls.BaseDN, ls.BaseDN,
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
fmt.Sprintf(ls.Filter, name), fmt.Sprintf(ls.Filter, name),
[]string{ls.Attributes},
[]string{ls.AttributeUsername, ls.AttributeName, ls.AttributeSurname, ls.AttributeMail},
nil) nil)
sr, err := l.Search(search) sr, err := l.Search(search)
if err != nil { if err != nil {
log.Debug("LDAP Authen OK but not in filter %s", name) log.Debug("LDAP Authen OK but not in filter %s", name)
return "", false
return "", "", "", "", false
} }
log.Debug("LDAP Authen OK: %s", name) log.Debug("LDAP Authen OK: %s", name)
if len(sr.Entries) > 0 { if len(sr.Entries) > 0 {
r := sr.Entries[0].GetAttributeValue(ls.Attributes)
return r, true
cn := sr.Entries[0].GetAttributeValue(ls.AttributeUsername)
name := sr.Entries[0].GetAttributeValue(ls.AttributeName)
sn := sr.Entries[0].GetAttributeValue(ls.AttributeSurname)
mail := sr.Entries[0].GetAttributeValue(ls.AttributeMail)
return cn, name, sn, mail, true
} }
return "", true
return "", "", "", "", true
} }


func ldapDial(ls Ldapsource) (*ldap.Conn, error) { func ldapDial(ls Ldapsource) (*ldap.Conn, error) {


+ 24
- 18
routers/admin/auths.go View File

@@ -63,15 +63,18 @@ func NewAuthSourcePost(ctx *middleware.Context, form auth.AuthenticationForm) {
case models.LDAP: case models.LDAP:
u = &models.LDAPConfig{ u = &models.LDAPConfig{
Ldapsource: ldap.Ldapsource{ Ldapsource: ldap.Ldapsource{
Host: form.Host,
Port: form.Port,
UseSSL: form.UseSSL,
BaseDN: form.BaseDN,
Attributes: form.Attributes,
Filter: form.Filter,
MsAdSAFormat: form.MsAdSA,
Enabled: true,
Name: form.AuthName,
Host: form.Host,
Port: form.Port,
UseSSL: form.UseSSL,
BaseDN: form.BaseDN,
AttributeUsername: form.AttributeUsername,
AttributeName: form.AttributeName,
AttributeSurname: form.AttributeSurname,
AttributeMail: form.AttributeMail,
Filter: form.Filter,
MsAdSAFormat: form.MsAdSA,
Enabled: true,
Name: form.AuthName,
}, },
} }
case models.SMTP: case models.SMTP:
@@ -142,15 +145,18 @@ func EditAuthSourcePost(ctx *middleware.Context, form auth.AuthenticationForm) {
case models.LDAP: case models.LDAP:
config = &models.LDAPConfig{ config = &models.LDAPConfig{
Ldapsource: ldap.Ldapsource{ Ldapsource: ldap.Ldapsource{
Host: form.Host,
Port: form.Port,
UseSSL: form.UseSSL,
BaseDN: form.BaseDN,
Attributes: form.Attributes,
Filter: form.Filter,
MsAdSAFormat: form.MsAdSA,
Enabled: true,
Name: form.AuthName,
Host: form.Host,
Port: form.Port,
UseSSL: form.UseSSL,
BaseDN: form.BaseDN,
AttributeUsername: form.AttributeUsername,
AttributeName: form.AttributeName,
AttributeSurname: form.AttributeSurname,
AttributeMail: form.AttributeMail,
Filter: form.Filter,
MsAdSAFormat: form.MsAdSA,
Enabled: true,
Name: form.AuthName,
}, },
} }
case models.SMTP: case models.SMTP:


+ 14
- 2
templates/admin/auth/edit.tmpl View File

@@ -48,8 +48,20 @@
<input class="ipt ipt-large ipt-radius {{if .Err_BaseDN}}ipt-error{{end}}" id="base_dn" name="base_dn" value="{{.Source.LDAP.BaseDN}}" /> <input class="ipt ipt-large ipt-radius {{if .Err_BaseDN}}ipt-error{{end}}" id="base_dn" name="base_dn" value="{{.Source.LDAP.BaseDN}}" />
</div> </div>
<div class="field"> <div class="field">
<label class="req" for="attributes">{{.i18n.Tr "admin.auths.attributes"}}</label>
<input class="ipt ipt-large ipt-radius {{if .Err_Attributes}}ipt-error{{end}}" id="attributes" name="attributes" value="{{.Source.LDAP.Attributes}}" />
<label class="req" for="attribute_username">{{.i18n.Tr "admin.auths.attribute_username"}}</label>
<input class="ipt ipt-large ipt-radius {{if .Err_Attributes}}ipt-error{{end}}" id="attribute_username" name="attribute_username" value="{{.Source.LDAP.AttributeUsername}}" />
</div>
<div class="field">
<label class="req" for="attribute_name">{{.i18n.Tr "admin.auths.attribute_name"}}</label>
<input class="ipt ipt-large ipt-radius {{if .Err_Attributes}}ipt-error{{end}}" id="attribute_name" name="attribute_name" value="{{.Source.LDAP.AttributeName}}" />
</div>
<div class="field">
<label class="req" for="attribute_surname">{{.i18n.Tr "admin.auths.attribute_surname"}}</label>
<input class="ipt ipt-large ipt-radius {{if .Err_Attributes}}ipt-error{{end}}" id="attribute_surname" name="attribute_surname" value="{{.Source.LDAP.AttributeSurname}}" />
</div>
<div class="field">
<label class="req" for="attribute_mail">{{.i18n.Tr "admin.auths.attribute_mail"}}</label>
<input class="ipt ipt-large ipt-radius {{if .Err_Attributes}}ipt-error{{end}}" id="attribute_mail" name="attribute_mail" value="{{.Source.LDAP.AttributeMail}}" />
</div> </div>
<div class="field"> <div class="field">
<label class="req" for="filter">{{.i18n.Tr "admin.auths.filter"}}</label> <label class="req" for="filter">{{.i18n.Tr "admin.auths.filter"}}</label>


Write Preview
Loading…
Cancel
Save