breakfix: ldap username/password directive handling

Resolves: #28
greenpau · Jan 24, 2022 · c8acd73 · c8acd73
1 parent de49312
commit c8acd73
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 2 deletions.
diff --git a/caddyfile_authn_backends.go b/caddyfile_authn_backends.go
@@ -17,9 +17,9 @@ package security
 import (
 	"github.com/caddyserver/caddy/v2"
 	"github.com/caddyserver/caddy/v2/caddyconfig/caddyfile"
+	"github.com/greenpau/caddy-security/pkg/util"
 	"github.com/greenpau/go-authcrunch/pkg/authn"
 	"github.com/greenpau/go-authcrunch/pkg/authn/backends"
-	"github.com/greenpau/caddy-security/pkg/util"
 	"strconv"
 	"strings"
 )
@@ -53,7 +53,17 @@ func parseCaddyfileAuthPortalBackends(h *caddyfile.Dispenser, repl *caddy.Replac
 			case "disabled":
 				backendDisabled = true
 				break
-			case "username", "password", "search_base_dn", "search_group_filter", "path", "realm":
+			case "username":
+				if !h.NextArg() {
+					return backendValueErr(h, backendName, backendArg)
+				}
+				cfg["bind_username"] = util.FindReplace(repl, h.Val())
+			case "password":
+				if !h.NextArg() {
+					return backendValueErr(h, backendName, backendArg)
+				}
+				cfg["bind_password"] = util.FindReplace(repl, h.Val())
+			case "search_base_dn", "search_group_filter", "path", "realm":
 				if !h.NextArg() {
 					return backendValueErr(h, backendName, backendArg)
 				}

diff --git a/caddyfile_authn_test.go b/caddyfile_authn_test.go
@@ -180,6 +180,8 @@ func TestParseCaddyfileAuthentication(t *testing.T) {
 						  "name": "ldap_backend",
 						  "method": "ldap",
 						  "realm": "contoso.com",
+                          "bind_password": "P@ssW0rd123",
+                          "bind_username": "CN=authzsvc,OU=Service Accounts,OU=Administrative Accounts,DC=CONTOSO,DC=COM",
 						  "search_base_dn": "DC=CONTOSO,DC=COM",
 						  "search_user_filter": "(&(|(sAMAccountName=%s)(mail=%s))(objectclass=user))",
      		              "servers": [
@@ -229,6 +231,8 @@ func TestParseCaddyfileAuthentication(t *testing.T) {
                             "member_of": "uniqueMember",
                             "email": "mail"
                           },
+                          "bind_password": "password",
+                          "bind_username": "cn=read-only-admin,dc=example,dc=com",
                           "search_base_dn": "DC=EXAMPLE,DC=COM",
                           "search_user_filter": "(&(|(uid=%s)(mail=%s))(objectClass=inetOrgPerson))",
                           "groups": [