Get DN from entry, not entryDN attribute

Not all LDAP servers have entryDN available as an attribute. Reading up on
https://tools.ietf.org/html/rfc5020 tells me that entryDN is intended for
making the DN available for attribute value assertions. Thus it is not
mandatory for a LDAP server to make it available as an retrievable
attribute.

The DN is always a part of the entry returned in a search result, just use
it.

Fixes #314
This commit is contained in:
Frode Nordahl 2016-02-14 09:18:01 +01:00
parent cd72a1f69f
commit 508c24b10e

View file

@ -288,7 +288,6 @@ func (m *LDAPIdentityProvider) Identity(username, password string) (*oidc.Identi
filter := m.ParseString(m.searchFilter, username) filter := m.ParseString(m.searchFilter, username)
attributes := []string{ attributes := []string{
"entryDN",
m.nameAttribute, m.nameAttribute,
m.emailAttribute, m.emailAttribute,
} }
@ -304,7 +303,7 @@ func (m *LDAPIdentityProvider) Identity(username, password string) (*oidc.Identi
return nil, err return nil, err
} }
bindDN = sr.Entries[0].GetAttributeValue("entryDN") bindDN = sr.Entries[0].DN
ldapName = sr.Entries[0].GetAttributeValue(m.nameAttribute) ldapName = sr.Entries[0].GetAttributeValue(m.nameAttribute)
ldapEmail = sr.Entries[0].GetAttributeValue(m.emailAttribute) ldapEmail = sr.Entries[0].GetAttributeValue(m.emailAttribute)