Skip to content

Commit

Permalink
Reduce some code duplication in LDAP related drivers
Browse files Browse the repository at this point in the history
This moves the LDAP Bind operation into utils/ldap to reduce some
code duplication accross the auth, user- and group-providers.
  • Loading branch information
rhafer committed Sep 29, 2021
1 parent 92a7795 commit 22952e5
Show file tree
Hide file tree
Showing 4 changed files with 19 additions and 66 deletions.
9 changes: 0 additions & 9 deletions pkg/auth/manager/ldap/ldap.go
Original file line number Diff line number Diff line change
Expand Up @@ -53,8 +53,6 @@ type config struct {
BaseDN string `mapstructure:"base_dn"`
UserFilter string `mapstructure:"userfilter"`
LoginFilter string `mapstructure:"loginfilter"`
BindUsername string `mapstructure:"bind_username"`
BindPassword string `mapstructure:"bind_password"`
Idp string `mapstructure:"idp"`
GatewaySvc string `mapstructure:"gatewaysvc"`
Schema attributes `mapstructure:"schema"`
Expand Down Expand Up @@ -141,13 +139,6 @@ func (am *mgr) Authenticate(ctx context.Context, clientID, clientSecret string)
}
defer l.Close()

// First bind with a read only user
err = l.Bind(am.c.BindUsername, am.c.BindPassword)
if err != nil {
log.Error().Err(err).Msg("bind with system user failed")
return nil, nil, err
}

// Search for the given clientID
searchRequest := ldap.NewSearchRequest(
am.c.BaseDN,
Expand Down
26 changes: 0 additions & 26 deletions pkg/group/manager/ldap/ldap.go
Original file line number Diff line number Diff line change
Expand Up @@ -56,8 +56,6 @@ type config struct {
MemberFilter string `mapstructure:"memberfilter"`
AttributeFilter string `mapstructure:"attributefilter"`
FindFilter string `mapstructure:"findfilter"`
BindUsername string `mapstructure:"bind_username"`
BindPassword string `mapstructure:"bind_password"`
Idp string `mapstructure:"idp"`
Schema attributes `mapstructure:"schema"`
Nobody int64 `mapstructure:"nobody"`
Expand Down Expand Up @@ -139,12 +137,6 @@ func (m *manager) GetGroup(ctx context.Context, gid *grouppb.GroupId) (*grouppb.
}
defer l.Close()

// First bind with a read only user
err = l.Bind(m.c.BindUsername, m.c.BindPassword)
if err != nil {
return nil, err
}

// Search for the given clientID
searchRequest := ldap.NewSearchRequest(
m.c.BaseDN,
Expand Down Expand Up @@ -216,12 +208,6 @@ func (m *manager) GetGroupByClaim(ctx context.Context, claim, value string) (*gr
}
defer l.Close()

// First bind with a read only user
err = l.Bind(m.c.BindUsername, m.c.BindPassword)
if err != nil {
return nil, err
}

// Search for the given clientID
searchRequest := ldap.NewSearchRequest(
m.c.BaseDN,
Expand Down Expand Up @@ -274,12 +260,6 @@ func (m *manager) FindGroups(ctx context.Context, query string) ([]*grouppb.Grou
}
defer l.Close()

// First bind with a read only user
err = l.Bind(m.c.BindUsername, m.c.BindPassword)
if err != nil {
return nil, err
}

// Search for the given clientID
searchRequest := ldap.NewSearchRequest(
m.c.BaseDN,
Expand Down Expand Up @@ -326,12 +306,6 @@ func (m *manager) GetMembers(ctx context.Context, gid *grouppb.GroupId) ([]*user
}
defer l.Close()

// First bind with a read only user
err = l.Bind(m.c.BindUsername, m.c.BindPassword)
if err != nil {
return nil, err
}

// Search for the given clientID
searchRequest := ldap.NewSearchRequest(
m.c.BaseDN,
Expand Down
26 changes: 0 additions & 26 deletions pkg/user/manager/ldap/ldap.go
Original file line number Diff line number Diff line change
Expand Up @@ -55,8 +55,6 @@ type config struct {
AttributeFilter string `mapstructure:"attributefilter"`
FindFilter string `mapstructure:"findfilter"`
GroupFilter string `mapstructure:"groupfilter"`
BindUsername string `mapstructure:"bind_username"`
BindPassword string `mapstructure:"bind_password"`
Idp string `mapstructure:"idp"`
Schema attributes `mapstructure:"schema"`
Nobody int64 `mapstructure:"nobody"`
Expand Down Expand Up @@ -151,12 +149,6 @@ func (m *manager) GetUser(ctx context.Context, uid *userpb.UserId) (*userpb.User
}
defer l.Close()

// First bind with a read only user
err = l.Bind(m.c.BindUsername, m.c.BindPassword)
if err != nil {
return nil, err
}

// Search for the given clientID
searchRequest := ldap.NewSearchRequest(
m.c.BaseDN,
Expand Down Expand Up @@ -239,12 +231,6 @@ func (m *manager) GetUserByClaim(ctx context.Context, claim, value string) (*use
}
defer l.Close()

// First bind with a read only user
err = l.Bind(m.c.BindUsername, m.c.BindPassword)
if err != nil {
return nil, err
}

// Search for the given clientID
searchRequest := ldap.NewSearchRequest(
m.c.BaseDN,
Expand Down Expand Up @@ -311,12 +297,6 @@ func (m *manager) FindUsers(ctx context.Context, query string) ([]*userpb.User,
}
defer l.Close()

// First bind with a read only user
err = l.Bind(m.c.BindUsername, m.c.BindPassword)
if err != nil {
return nil, err
}

// Search for the given clientID
searchRequest := ldap.NewSearchRequest(
m.c.BaseDN,
Expand Down Expand Up @@ -381,12 +361,6 @@ func (m *manager) GetUserGroups(ctx context.Context, uid *userpb.UserId) ([]stri
}
defer l.Close()

// First bind with a read only user
err = l.Bind(m.c.BindUsername, m.c.BindPassword)
if err != nil {
return []string{}, err
}

// Search for the given clientID
searchRequest := ldap.NewSearchRequest(
m.c.BaseDN,
Expand Down
24 changes: 19 additions & 5 deletions pkg/utils/ldap.go
Original file line number Diff line number Diff line change
Expand Up @@ -31,10 +31,12 @@ import (
// LDAPConn holds the basic parameter for setting up an
// LDAP connection.
type LDAPConn struct {
Hostname string `mapstructure:"hostname"`
Port int `mapstructure:"port"`
Insecure bool `mapstructure:"insecure"`
CACert string `mapstructure:"cacert"`
Hostname string `mapstructure:"hostname"`
Port int `mapstructure:"port"`
Insecure bool `mapstructure:"insecure"`
CACert string `mapstructure:"cacert"`
BindUsername string `mapstructure:"bind_username"`
BindPassword string `mapstructure:"bind_password"`
}

// GetLDAPConnection initializes an LDAPS connection and allows
Expand All @@ -52,5 +54,17 @@ func GetLDAPConnection(c *LDAPConn) (*ldap.Conn, error) {
return nil, errors.Wrapf(err, "Error reading LDAP CA Cert '%s.'", c.CACert)
}
}
return ldap.DialTLS("tcp", fmt.Sprintf("%s:%d", c.Hostname, c.Port), tlsconfig)
l, err := ldap.DialTLS("tcp", fmt.Sprintf("%s:%d", c.Hostname, c.Port), tlsconfig)
if err != nil {
return nil, err
}

if c.BindUsername != "" && c.BindPassword != "" {
err = l.Bind(c.BindUsername, c.BindPassword)
if err != nil {
l.Close()
return nil, err
}
}
return l, nil
}

0 comments on commit 22952e5

Please sign in to comment.