jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Allow to use email and username for ldap bind

Browse Source
This commit is contained in:
Johannes Zellner
2016-03-24 21:03:04 +01:00
parent daadbfa23f
commit b56bc08e9a
2 changed files with 24 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/ldap.js
+6 -2
View File
@@ -127,11 +127,15 @@ function start(callback) {
debug('user bind: %s', req.dn.toString());
// extract the common name which might have different attribute names
var commonName = req.dn.rdns[0][Object.keys(req.dn.rdns[0])[0]];
var attributeName = Object.keys(req.dn.rdns[0])[0];
var commonName = req.dn.rdns[0][attributeName];
if (!commonName) return next(new ldap.NoSuchObjectError(req.dn.toString()));
// if mail is specified, enforce mail check, otherwise allow both
var api = (commonName.indexOf('@') === -1) && (attributeName !== 'mail') ? user.verify : user.verifyWithEmail;
// TODO this should be done after we verified the app has access to avoid leakage of user existence
user.verify(commonName, req.credentials || '', function (error, userObject) {
api(commonName, req.credentials || '', function (error, userObject) {
if (error && error.reason === UserError.NOT_FOUND) return next(new ldap.NoSuchObjectError(req.dn.toString()));
if (error && error.reason === UserError.WRONG_PASSWORD) return next(new ldap.InvalidCredentialsError(req.dn.toString()));
if (error) return next(new ldap.OperationsError(error));