Arsharth/dex
1
0
Fork 0
forked from mystiq/dex
Code Issues Pull requests Projects Releases Packages Wiki Activity

Allow getAttr to return DN

Browse source 
Specify "DN" as attribute name to return, but will only work if not present in ldap.Entry.Attributes
Use when full DN is stored in groupSearch's userAttr
This commit is contained in:
Phu Kieu 2016-11-18 13:16:50 -08:00
parent 04360fa354
commit d4aba443ac
2 changed files with 9 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
Documentation/ldap-connector.md
View file

@ -11,7 +11,9 @@ The connector executes two primary queries:
## Configuration
User entries are expected to have an email attribute (configurable through `emailAttr`), and a display name attribute (configurable through `nameAttr`). The following is an example config file that can be used by the LDAP connector to authenticate a user.
User entries are expected to have an email attribute (configurable through `emailAttr`), and a display name attribute (configurable through `nameAttr`). `*Attr` attributes could be set to "DN" in situations where it is needed but not available elsewhere, and if "DN" attribute does not exist in the record.
The following is an example config file that can be used by the LDAP connector to authenticate a user.
```yaml

6
connector/ldap/ldap.go
View file

@ -47,6 +47,9 @@ import (
// baseDN: cn=groups,dc=example,dc=com
// filter: "(objectClass=group)"
// userAttr: uid
// # Use if full DN is needed and not available as any other attribute
// # Will only work if "DN" attribute does not exist in the record
// # userAttr: DN
// groupAttr: member
// nameAttr: name
//
@ -285,6 +288,9 @@ func getAttr(e ldap.Entry, name string) string {
}
return a.Values[0]
}
if name == "DN" {
return e.DN
}
return ""
}