From d4aba443ac615d3528a5e111f39204f156bbe229 Mon Sep 17 00:00:00 2001 From: Phu Kieu Date: Fri, 18 Nov 2016 13:16:50 -0800 Subject: [PATCH] Allow getAttr to return DN Specify "DN" as attribute name to return, but will only work if not present in ldap.Entry.Attributes Use when full DN is stored in groupSearch's userAttr --- Documentation/ldap-connector.md | 4 +++- connector/ldap/ldap.go | 6 ++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/Documentation/ldap-connector.md b/Documentation/ldap-connector.md index 44637ba6..782e6a1f 100644 --- a/Documentation/ldap-connector.md +++ b/Documentation/ldap-connector.md @@ -11,7 +11,9 @@ The connector executes two primary queries: ## Configuration -User entries are expected to have an email attribute (configurable through `emailAttr`), and a display name attribute (configurable through `nameAttr`). The following is an example config file that can be used by the LDAP connector to authenticate a user. +User entries are expected to have an email attribute (configurable through `emailAttr`), and a display name attribute (configurable through `nameAttr`). `*Attr` attributes could be set to "DN" in situations where it is needed but not available elsewhere, and if "DN" attribute does not exist in the record. + +The following is an example config file that can be used by the LDAP connector to authenticate a user. ```yaml diff --git a/connector/ldap/ldap.go b/connector/ldap/ldap.go index fd8f1dc3..22b033ae 100644 --- a/connector/ldap/ldap.go +++ b/connector/ldap/ldap.go @@ -47,6 +47,9 @@ import ( // baseDN: cn=groups,dc=example,dc=com // filter: "(objectClass=group)" // userAttr: uid +// # Use if full DN is needed and not available as any other attribute +// # Will only work if "DN" attribute does not exist in the record +// # userAttr: DN // groupAttr: member // nameAttr: name // @@ -285,6 +288,9 @@ func getAttr(e ldap.Entry, name string) string { } return a.Values[0] } + if name == "DN" { + return e.DN + } return "" }