admin/kubesphere
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix issue with case-sensitive username

Browse Source 
Signed-off-by: hongming <talonwan@yunify.com>
This commit is contained in:
hongming
2021-04-19 17:21:08 +08:00
parent 37c53db57f
commit 595f7a03e4
1 changed files with 14 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
pkg/apiserver/authentication/identityprovider/ldap/ldap.go
View File

@@ -119,11 +119,11 @@ func (l ldapProvider) Authenticate(username string, password string) (identitypr
klog.Error(err)
return nil, err
}
conn.SetTimeout(time.Duration(l.ReadTimeout) * time.Millisecond)
defer conn.Close()
err = conn.Bind(l.ManagerDN, l.ManagerPassword)
if err != nil {
if err = conn.Bind(l.ManagerDN, l.ManagerPassword); err != nil {
klog.Error(err)
return nil, err
}
@@ -147,21 +147,28 @@ func (l ldapProvider) Authenticate(username string, password string) (identitypr
return nil, err
}
if len(result.Entries) != 1 {
return nil, errors.NewUnauthorized("incorrect password")
if len(result.Entries) == 0 {
return nil, errors.NewUnauthorized(fmt.Sprintf("ldap: no results returned for filter: %v", filter))
}
if len(result.Entries) > 1 {
return nil, errors.NewUnauthorized(fmt.Sprintf("ldap: filter returned multiple results: %v", filter))
}
// len(result.Entries) == 1
entry := result.Entries[0]
if err = conn.Bind(entry.DN, password); err != nil {
klog.Error(err)
if ldap.IsErrorWithCode(err, ldap.LDAPResultInvalidCredentials) {
return nil, errors.NewUnauthorized("incorrect password")
klog.V(4).Infof("ldap: %v", err)
return nil, errors.NewUnauthorized("ldap: incorrect password")
}
klog.Error(err)
return nil, err
}
email := entry.GetAttributeValue(l.MailAttribute)
uid := entry.GetAttributeValue(l.LoginAttribute)
return &ldapIdentity{
Username: username,
Username: uid,
Email: email,
}, nil
}