llvy.ltd/casdoor
1
0
Fork 0
mirror of https://github.com/casdoor/casdoor.git synced 2025-05-23 10:45:47 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat: support checking password through ldap server (#354)

Browse Source 
Signed-off-by: Товарищ программист <2962928213@qq.com>
This commit is contained in:
Товарищ программист 2021-12-10 22:45:01 +08:00 committed by GitHub
parent 967113689d
commit 6947ebd152
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 44 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -17,6 +17,7 @@
.idea/ .idea/
*.iml *.iml
.vscode/
tmp/ tmp/
tmpFiles/ tmpFiles/

41
object/check.go
View File

@ -20,6 +20,7 @@ import (
"github.com/casbin/casdoor/cred" "github.com/casbin/casdoor/cred"
"github.com/casbin/casdoor/util" "github.com/casbin/casdoor/util"
goldap "github.com/go-ldap/ldap/v3"
) )
var reWhiteSpace *regexp.Regexp var reWhiteSpace *regexp.Regexp
@ -120,6 +121,42 @@ func CheckPassword(user *User, password string) string {
} }
} }
func checkLdapUserPassword(user *User, password string) (*User, string) {
ldaps := GetLdaps(user.Owner)
ldapLoginSuccess := false
for _, ldapServer := range ldaps {
conn, err := GetLdapConn(ldapServer.Host, ldapServer.Port, ldapServer.Admin, ldapServer.Passwd)
if err != nil {
continue
}
SearchFilter := fmt.Sprintf("(&(objectClass=posixAccount)(uid=%s))", user.Name)
searchReq := goldap.NewSearchRequest(ldapServer.BaseDn,
goldap.ScopeWholeSubtree, goldap.NeverDerefAliases, 0, 0, false,
SearchFilter, []string{}, nil)
searchResult, err := conn.Conn.Search(searchReq)
if err != nil {
return nil, err.Error()
}
if len(searchResult.Entries) == 0 {
continue
} else if len(searchResult.Entries) > 1 {
return nil, "Error: multiple accounts with same uid, please check your ldap server"
}
dn := searchResult.Entries[0].DN
if err := conn.Conn.Bind(dn, password); err == nil {
ldapLoginSuccess = true
break
}
}
if !ldapLoginSuccess {
return nil, "ldap user name or password incorrect"
}
return user, ""
}
func CheckUserPassword(organization string, username string, password string) (*User, string) { func CheckUserPassword(organization string, username string, password string) (*User, string) {
user := GetUserByFields(organization, username) user := GetUserByFields(organization, username)
if user == nil || user.IsDeleted == true { if user == nil || user.IsDeleted == true {
@ -129,6 +166,10 @@ func CheckUserPassword(organization string, username string, password string) (*
if user.IsForbidden { if user.IsForbidden {
return nil, "the user is forbidden to sign in, please contact the administrator" return nil, "the user is forbidden to sign in, please contact the administrator"
} }
//for ldap users
if user.Ldap != "" {
return checkLdapUserPassword(user, password)
}
msg := CheckPassword(user, password) msg := CheckPassword(user, password)
if msg != "" { if msg != "" {

3
object/ldap.go
View File

@ -17,10 +17,11 @@ package object
import ( import (
"errors" "errors"
"fmt" "fmt"
"strings"
"github.com/casbin/casdoor/util" "github.com/casbin/casdoor/util"
goldap "github.com/go-ldap/ldap/v3" goldap "github.com/go-ldap/ldap/v3"
"github.com/thanhpk/randstr" "github.com/thanhpk/randstr"
"strings"
) )
type Ldap struct { type Ldap struct {