feat: fix LDAP server handle filter without CN field as * (#1705)

* fix: set ldap server default filter name as *

* fix: default use built-in organization to bind

* chore: use cache reduce the ci test time

object/ldap.go

@@ -115,7 +115,7 @@ func LdapUsersToLdapRespUsers(users []ldapUser) []LdapRespUser {
 }
 
 func isMicrosoftAD(Conn *goldap.Conn) (bool, error) {
-	SearchFilter := "(objectclass=*)"
+	SearchFilter := "(objectClass=*)"
 	SearchAttributes := []string{"vendorname", "vendorversion", "isGlobalCatalogReady", "forestFunctionality"}
 
 	searchReq := goldap.NewSearchRequest("",
@@ -126,7 +126,7 @@ func isMicrosoftAD(Conn *goldap.Conn) (bool, error) {
 		return false, err
 	}
 	if len(searchResult.Entries) == 0 {
-		return false, errors.New("no result")
+		return false, nil
 	}
 	isMicrosoft := false
 	var ldapServerType ldapServerType

object/ldapserver.go

@@ -1,74 +0,0 @@
-// Copyright 2022 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package object
-
-import (
-	"fmt"
-	"log"
-	"strings"
-
-	"github.com/forestmgy/ldapserver"
-)
-
-func GetNameAndOrgFromDN(DN string) (string, string, string) {
-	DNValue := strings.Split(DN, ",")
-	if len(DNValue) == 1 || strings.ToLower(DNValue[0])[0] != 'c' || strings.ToLower(DNValue[1])[0] != 'o' {
-		return "", "", "please use correct Admin Name format like cn=xxx,ou=xxx,dc=example,dc=com"
-	}
-	return DNValue[0][3:], DNValue[1][3:], ""
-}
-
-func GetUserNameAndOrgFromBaseDnAndFilter(baseDN, filter string) (string, string, int) {
-	if !strings.Contains(baseDN, "ou=") || !strings.Contains(filter, "cn=") {
-		return "", "", ldapserver.LDAPResultInvalidDNSyntax
-	}
-	name := getUserNameFromFilter(filter)
-	_, org, _ := GetNameAndOrgFromDN(fmt.Sprintf("cn=%s,", name) + baseDN)
-	errCode := ldapserver.LDAPResultSuccess
-	return name, org, errCode
-}
-
-func getUserNameFromFilter(filter string) string {
-	nameIndex := strings.Index(filter, "cn=")
-	var name string
-	for i := nameIndex + 3; filter[i] != ')'; i++ {
-		name = name + string(filter[i])
-	}
-	return name
-}
-
-func GetFilteredUsers(m *ldapserver.Message, name, org string) ([]*User, int) {
-	var filteredUsers []*User
-	if name == "*" && m.Client.IsOrgAdmin { // get all users from organization 'org'
-		if m.Client.OrgName == "built-in" && org == "*" {
-			filteredUsers = GetGlobalUsers()
-			return filteredUsers, ldapserver.LDAPResultSuccess
-		} else if m.Client.OrgName == "built-in" || org == m.Client.OrgName {
-			filteredUsers = GetUsers(org)
-			return filteredUsers, ldapserver.LDAPResultSuccess
-		} else {
-			return nil, ldapserver.LDAPResultInsufficientAccessRights
-		}
-	} else {
-		hasPermission, err := CheckUserPermission(fmt.Sprintf("%s/%s", m.Client.OrgName, m.Client.UserName), fmt.Sprintf("%s/%s", org, name), org, true, "en")
-		if !hasPermission {
-			log.Printf("ErrMsg = %v", err.Error())
-			return nil, ldapserver.LDAPResultInsufficientAccessRights
-		}
-		user := getUser(org, name)
-		filteredUsers = append(filteredUsers, user)
-		return filteredUsers, ldapserver.LDAPResultSuccess
-	}
-}