Move user password verification after checking his groups on ldap auth (#19587)
In case the binded user can not access its own attributes. Signed-off-by: Gwilherm Folliot <gwilherm55fo@gmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
This commit is contained in:
parent
772ad761eb
commit
b7abb31b7b
|
@ -433,14 +433,6 @@ func (ls *Source) SearchEntry(name, passwd string, directBind bool) *SearchResul
|
|||
isRestricted = checkRestricted(l, ls, userDN)
|
||||
}
|
||||
|
||||
if !directBind && ls.AttributesInBind {
|
||||
// binds user (checking password) after looking-up attributes in BindDN context
|
||||
err = bindUser(l, userDN, passwd)
|
||||
if err != nil {
|
||||
return nil
|
||||
}
|
||||
}
|
||||
|
||||
if isAtributeAvatarSet {
|
||||
Avatar = sr.Entries[0].GetRawAttributeValue(ls.AttributeAvatar)
|
||||
}
|
||||
|
@ -451,6 +443,14 @@ func (ls *Source) SearchEntry(name, passwd string, directBind bool) *SearchResul
|
|||
teamsToAdd, teamsToRemove = ls.getMappedMemberships(l, uid)
|
||||
}
|
||||
|
||||
if !directBind && ls.AttributesInBind {
|
||||
// binds user (checking password) after looking-up attributes in BindDN context
|
||||
err = bindUser(l, userDN, passwd)
|
||||
if err != nil {
|
||||
return nil
|
||||
}
|
||||
}
|
||||
|
||||
return &SearchResult{
|
||||
LowerName: strings.ToLower(username),
|
||||
Username: username,
|
||||
|
|
Loading…
Reference in a new issue