github
/
portainer
mirror of https://github.com/portainer/portainer
1
0
Fork 0
Code Issues Releases Wiki Activity

feat(api): implement anonymous mode for LDAP connection (#3460) 

* When enabled, ReaderDN and Password will not be used
* Anonymous mode is set to `true` by default on fresh installations
pull/3409/head
Hugo Hromic 2020-01-21 22:14:07 +00:00 committed by Anthony Lapenna
parent 9da08bc792
commit 2ba195adaa
4 changed files with 21 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
api/cmd/portainer/main.go
View File

@ -259,6 +259,7 @@ func initSettings(settingsService portainer.SettingsService, flags *portainer.CL
LogoURL: *flags.Logo, LogoURL: *flags.Logo,
AuthenticationMethod: portainer.AuthenticationInternal, AuthenticationMethod: portainer.AuthenticationInternal,
LDAPSettings: portainer.LDAPSettings{ LDAPSettings: portainer.LDAPSettings{
AnonymousMode: true,
AutoCreateUsers: true, AutoCreateUsers: true,
TLSConfig: portainer.TLSConfiguration{}, TLSConfig: portainer.TLSConfiguration{},
SearchSettings: []portainer.LDAPSearchSettings{ SearchSettings: []portainer.LDAPSearchSettings{

24
api/ldap/ldap.go
View File

@ -92,9 +92,11 @@ func (*Service) AuthenticateUser(username, password string, settings *portainer.
} }
defer connection.Close() defer connection.Close()
err = connection.Bind(settings.ReaderDN, settings.Password) if !settings.AnonymousMode {
if err != nil { err = connection.Bind(settings.ReaderDN, settings.Password)
return err if err != nil {
return err
}
} }
userDN, err := searchUser(username, connection, settings.SearchSettings) userDN, err := searchUser(username, connection, settings.SearchSettings)
@ -118,9 +120,11 @@ func (*Service) GetUserGroups(username string, settings *portainer.LDAPSettings)
} }
defer connection.Close() defer connection.Close()
err = connection.Bind(settings.ReaderDN, settings.Password) if !settings.AnonymousMode {
if err != nil { err = connection.Bind(settings.ReaderDN, settings.Password)
return nil, err if err != nil {
return nil, err
}
} }
userDN, err := searchUser(username, connection, settings.SearchSettings) userDN, err := searchUser(username, connection, settings.SearchSettings)
@ -174,9 +178,11 @@ func (*Service) TestConnectivity(settings *portainer.LDAPSettings) error {
} }
defer connection.Close() defer connection.Close()
err = connection.Bind(settings.ReaderDN, settings.Password) if !settings.AnonymousMode {
if err != nil { err = connection.Bind(settings.ReaderDN, settings.Password)
return err if err != nil {
return err
}
} }
return nil return nil
} }

1
api/portainer.go
View File

@ -50,6 +50,7 @@ type (
// LDAPSettings represents the settings used to connect to a LDAP server // LDAPSettings represents the settings used to connect to a LDAP server
LDAPSettings struct { LDAPSettings struct {
AnonymousMode bool `json:"AnonymousMode"`
ReaderDN string `json:"ReaderDN"` ReaderDN string `json:"ReaderDN"`
Password string `json:"Password,omitempty"` Password string `json:"Password,omitempty"`
URL string `json:"URL"` URL string `json:"URL"`

4
api/swagger.yaml
View File

@ -3296,6 +3296,10 @@ definitions:
LDAPSettings: LDAPSettings:
type: "object" type: "object"
properties: properties:
AnonymousMode:
type: "boolean"
example: true
description: "Enable this option if the server is configured for Anonymous access. When enabled, ReaderDN and Password will not be used."
ReaderDN: ReaderDN:
type: "string" type: "string"
example: "cn=readonly-account,dc=ldap,dc=domain,dc=tld" example: "cn=readonly-account,dc=ldap,dc=domain,dc=tld"