Move user password verification after checking his groups on ldap auth (#19587)
In case the binded user can not access its own attributes. Signed-off-by: Gwilherm Folliot <gwilherm55fo@gmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
This commit is contained in:
parent
772ad761eb
commit
b7abb31b7b
|
@ -433,14 +433,6 @@ func (ls *Source) SearchEntry(name, passwd string, directBind bool) *SearchResul
|
||||||
isRestricted = checkRestricted(l, ls, userDN)
|
isRestricted = checkRestricted(l, ls, userDN)
|
||||||
}
|
}
|
||||||
|
|
||||||
if !directBind && ls.AttributesInBind {
|
|
||||||
// binds user (checking password) after looking-up attributes in BindDN context
|
|
||||||
err = bindUser(l, userDN, passwd)
|
|
||||||
if err != nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if isAtributeAvatarSet {
|
if isAtributeAvatarSet {
|
||||||
Avatar = sr.Entries[0].GetRawAttributeValue(ls.AttributeAvatar)
|
Avatar = sr.Entries[0].GetRawAttributeValue(ls.AttributeAvatar)
|
||||||
}
|
}
|
||||||
|
@ -451,6 +443,14 @@ func (ls *Source) SearchEntry(name, passwd string, directBind bool) *SearchResul
|
||||||
teamsToAdd, teamsToRemove = ls.getMappedMemberships(l, uid)
|
teamsToAdd, teamsToRemove = ls.getMappedMemberships(l, uid)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if !directBind && ls.AttributesInBind {
|
||||||
|
// binds user (checking password) after looking-up attributes in BindDN context
|
||||||
|
err = bindUser(l, userDN, passwd)
|
||||||
|
if err != nil {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
return &SearchResult{
|
return &SearchResult{
|
||||||
LowerName: strings.ToLower(username),
|
LowerName: strings.ToLower(username),
|
||||||
Username: username,
|
Username: username,
|
||||||
|
|
Loading…
Reference in a new issue