From 0f5941a0469c29fa86aeaf81913b4876e19ffeda Mon Sep 17 00:00:00 2001 From: Thomas Citharel Date: Mon, 30 Nov 2020 17:53:17 +0100 Subject: [PATCH] [LDAP] Allow to bind to an admin with a different FQDN By directly providing the full DN Signed-off-by: Thomas Citharel --- config/config.exs | 2 ++ lib/service/auth/ldap_authenticator.ex | 9 +++++++++ 2 files changed, 11 insertions(+) diff --git a/config/config.exs b/config/config.exs index 82e841842..c3cfbfb43 100644 --- a/config/config.exs +++ b/config/config.exs @@ -146,6 +146,8 @@ config :mobilizon, :ldap, base: System.get_env("LDAP_BASE") || "dc=example,dc=com", uid: System.get_env("LDAP_UID") || "cn", require_bind_for_search: !(System.get_env("LDAP_REQUIRE_BIND_FOR_SEARCH") == "false"), + # Either the admin UID matching the field in `uid`, + # Either a tuple with the fully qualified DN: {:full, uid=admin,dc=example.com,dc=local} bind_uid: System.get_env("LDAP_BIND_UID"), bind_password: System.get_env("LDAP_BIND_PASSWORD") diff --git a/lib/service/auth/ldap_authenticator.ex b/lib/service/auth/ldap_authenticator.ex index e42be59d9..fa8036880 100644 --- a/lib/service/auth/ldap_authenticator.ex +++ b/lib/service/auth/ldap_authenticator.ex @@ -97,6 +97,15 @@ defmodule Mobilizon.Service.Auth.LDAPAuthenticator do end end + # Bind user with full DN + @spec bind_user(any(), String.t(), String.t(), {:full, String.t()}, String.t()) :: + User.t() | any() + defp bind_user(connection, _base, _uid, {:full, field}, password) do + Logger.debug("Binding to LDAP with \"#{field}\"") + :eldap.simple_bind(connection, field, password) + end + + # Bind user with only uid field on top of base @spec bind_user(any(), String.t(), String.t(), String.t(), String.t()) :: User.t() | any() defp bind_user(connection, base, uid, field, password) do