Skip to content

Commit

Permalink
B #6528: Fix LDAP authorize by group for AD (#2977)
Browse files Browse the repository at this point in the history
(cherry picked from commit bcb3e7d)
  • Loading branch information
xorel authored and rsmontero committed Mar 11, 2024
1 parent fe133d4 commit d68bb88
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 6 deletions.
4 changes: 2 additions & 2 deletions src/authm_mad/remotes/ldap/authenticate
Original file line number Diff line number Diff line change
Expand Up @@ -100,7 +100,7 @@ order.each do |servers|
Timeout.timeout(timeout) do
ldap=OpenNebula::LdapAuth.new(server_conf)

user_dn, user_uid, user_group_name = ldap.find_user(user)
user_dn, user_uid, user_group_name, memberof = ldap.find_user(user)

if !user_dn
STDERR.puts "User #{user} not found"
Expand All @@ -114,7 +114,7 @@ order.each do |servers|
end

if server_conf[:group]
if !ldap.is_in_group?(user_group_name, server_conf[:group])
if !ldap.is_in_group?(user_group_name, server_conf[:group], memberof)
STDERR.puts "User #{user} is not in group #{server_conf[:group]}"
break
end
Expand Down
17 changes: 13 additions & 4 deletions src/authm_mad/remotes/ldap/ldap_auth.rb
Original file line number Diff line number Diff line change
Expand Up @@ -147,22 +147,31 @@ def find_user(name)

[@user.dn,
@user[@options[:user_field]].first,
@user[@options[:user_group_field]]]
@user[@options[:user_group_field]],
@user['memberof']
]
else
result=@ldap.search(:base => name)

if result && result.first
@user = result.first
[name,
@user[@options[:user_field]].first,
@user[@options[:user_group_field]]]
@user[@options[:user_group_field]],
@user['memberof']
]
else
[nil, nil, nil]
[nil, nil, nil, nil]
end
end
end

def is_in_group?(user, group)
def is_in_group?(user, group, memberof)
if @options[:rfc2307bis]
# compare case in-sensitive, like LDAP does
return memberof.map(&:downcase).include?(group.downcase)
end

username = Net::LDAP::Filter.escape(
user.first.force_encoding(Encoding::UTF_8))
result=@ldap.search(
Expand Down

0 comments on commit d68bb88

Please sign in to comment.