mirror of
https://github.com/thelounge/thelounge.git
synced 2024-05-21 15:46:36 +02:00
cfa6db10c7
Also draft some kind of plugin system for auth, although it essentially consists in writing a function and there is no mechanism to automatically fallback from one auth to another
73 lines
1.8 KiB
JavaScript
73 lines
1.8 KiB
JavaScript
"use strict";
|
|
|
|
const Helper = require("../../helper");
|
|
const ldap = require("ldapjs");
|
|
|
|
const _ldapAuthCommon = require("./_ldapCommon");
|
|
|
|
/**
|
|
* LDAP auth using initial DN search (see config comment for ldap.searchDN)
|
|
*/
|
|
function advancedLdapAuth(manager, client, user, password, callback) {
|
|
if (!user) {
|
|
return callback(false);
|
|
}
|
|
|
|
const config = Helper.config;
|
|
const userDN = user.replace(/([,\\/#+<>;"= ])/g, "\\$1");
|
|
|
|
let ldapclient = ldap.createClient({
|
|
url: config.ldap.url,
|
|
tlsOptions: config.ldap.tlsOptions
|
|
});
|
|
|
|
const base = config.ldap.searchDN.base;
|
|
const searchOptions = {
|
|
scope: config.ldap.searchDN.scope,
|
|
filter: "(&(" + config.ldap.primaryKey + "=" + userDN + ")" + config.ldap.searchDN.filter + ")",
|
|
attributes: ["dn"]
|
|
};
|
|
|
|
ldapclient.on("error", function(err) {
|
|
log.error("Unable to connect to LDAP server", err);
|
|
callback(!err);
|
|
});
|
|
|
|
ldapclient.bind(config.ldap.searchDN.rootDN, config.ldap.searchDN.rootPassword, function(err) {
|
|
if (err) {
|
|
log.error("Invalid LDAP root credentials");
|
|
ldapclient.unbind();
|
|
callback(false);
|
|
} else {
|
|
ldapclient.search(base, searchOptions, function(err2, res) {
|
|
if (err2) {
|
|
log.warning("User not found: ", userDN);
|
|
ldapclient.unbind();
|
|
callback(false);
|
|
} else {
|
|
let found = false;
|
|
res.on("searchEntry", function(entry) {
|
|
found = true;
|
|
const bindDN = entry.objectName;
|
|
log.info("Auth against LDAP ", config.ldap.url, " with found bindDN ", bindDN);
|
|
ldapclient.unbind();
|
|
|
|
_ldapAuthCommon(manager, client, user, bindDN, password, callback);
|
|
});
|
|
res.on("error", function(err3) {
|
|
log.error("LDAP error: ", err3);
|
|
callback(false);
|
|
});
|
|
res.on("end", function() {
|
|
if (!found) {
|
|
callback(false);
|
|
}
|
|
});
|
|
}
|
|
});
|
|
}
|
|
});
|
|
}
|
|
|
|
module.exports = advancedLdapAuth;
|