Skip to content

Commit

Permalink
We don't need to limit the size of ldap queries, so set a high limit (#…
Browse files Browse the repository at this point in the history
…4169)

Fixes #4162
  • Loading branch information
jefferai authored Mar 20, 2018
1 parent 7219172 commit d5129aa
Showing 1 changed file with 10 additions and 6 deletions.
16 changes: 10 additions & 6 deletions builtin/credential/ldap/backend.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ import (
"bytes"
"context"
"fmt"
"math"
"text/template"

"github.com/go-ldap/ldap"
Expand Down Expand Up @@ -262,9 +263,10 @@ func (b *backend) getUserBindDN(cfg *ConfigEntry, c *ldap.Conn, username string)
b.Logger().Debug("auth/ldap: Discovering user", "userdn", cfg.UserDN, "filter", filter)
}
result, err := c.Search(&ldap.SearchRequest{
BaseDN: cfg.UserDN,
Scope: 2, // subtree
Filter: filter,
BaseDN: cfg.UserDN,
Scope: 2, // subtree
Filter: filter,
SizeLimit: math.MaxInt32,
})
if err != nil {
return bindDN, fmt.Errorf("LDAP search for binddn failed: %v", err)
Expand Down Expand Up @@ -296,9 +298,10 @@ func (b *backend) getUserDN(cfg *ConfigEntry, c *ldap.Conn, bindDN string) (stri
b.Logger().Debug("auth/ldap: Searching UPN", "userdn", cfg.UserDN, "filter", filter)
}
result, err := c.Search(&ldap.SearchRequest{
BaseDN: cfg.UserDN,
Scope: 2, // subtree
Filter: filter,
BaseDN: cfg.UserDN,
Scope: 2, // subtree
Filter: filter,
SizeLimit: math.MaxInt32,
})
if err != nil {
return userDN, fmt.Errorf("LDAP search failed for detecting user: %v", err)
Expand Down Expand Up @@ -381,6 +384,7 @@ func (b *backend) getLdapGroups(cfg *ConfigEntry, c *ldap.Conn, userDN string, u
Attributes: []string{
cfg.GroupAttr,
},
SizeLimit: math.MaxInt32,
})
if err != nil {
return nil, fmt.Errorf("LDAP search failed: %v", err)
Expand Down

0 comments on commit d5129aa

Please sign in to comment.