Get DN from entry, not entryDN attribute
Not all LDAP servers have entryDN available as an attribute. Reading up on https://tools.ietf.org/html/rfc5020 tells me that entryDN is intended for making the DN available for attribute value assertions. Thus it is not mandatory for a LDAP server to make it available as an retrievable attribute. The DN is always a part of the entry returned in a search result, just use it. Fixes #314
This commit is contained in:
parent
cd72a1f69f
commit
508c24b10e
1 changed files with 1 additions and 2 deletions
|
@ -288,7 +288,6 @@ func (m *LDAPIdentityProvider) Identity(username, password string) (*oidc.Identi
|
||||||
filter := m.ParseString(m.searchFilter, username)
|
filter := m.ParseString(m.searchFilter, username)
|
||||||
|
|
||||||
attributes := []string{
|
attributes := []string{
|
||||||
"entryDN",
|
|
||||||
m.nameAttribute,
|
m.nameAttribute,
|
||||||
m.emailAttribute,
|
m.emailAttribute,
|
||||||
}
|
}
|
||||||
|
@ -304,7 +303,7 @@ func (m *LDAPIdentityProvider) Identity(username, password string) (*oidc.Identi
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
bindDN = sr.Entries[0].GetAttributeValue("entryDN")
|
bindDN = sr.Entries[0].DN
|
||||||
ldapName = sr.Entries[0].GetAttributeValue(m.nameAttribute)
|
ldapName = sr.Entries[0].GetAttributeValue(m.nameAttribute)
|
||||||
ldapEmail = sr.Entries[0].GetAttributeValue(m.emailAttribute)
|
ldapEmail = sr.Entries[0].GetAttributeValue(m.emailAttribute)
|
||||||
|
|
||||||
|
|
Reference in a new issue