mirror of
https://github.com/goauthentik/authentik
synced 2026-04-27 09:57:31 +02:00
ba82c97409
* core: bump beryju.io/ldap from 0.1.0 to 0.2.1 Bumps [beryju.io/ldap](https://github.com/beryju/ldap) from 0.1.0 to 0.2.1. - [Commits](https://github.com/beryju/ldap/compare/v0.1.0...v0.2.1) --- updated-dependencies: - dependency-name: beryju.io/ldap dependency-version: 0.2.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * update code Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jens Langhammer <jens@goauthentik.io>
63 lines
1.7 KiB
Go
63 lines
1.7 KiB
Go
package ldap
|
|
|
|
import (
|
|
"net"
|
|
"time"
|
|
|
|
"beryju.io/ldap"
|
|
"github.com/getsentry/sentry-go"
|
|
"github.com/prometheus/client_golang/prometheus"
|
|
log "github.com/sirupsen/logrus"
|
|
"goauthentik.io/internal/outpost/ldap/bind"
|
|
"goauthentik.io/internal/outpost/ldap/metrics"
|
|
)
|
|
|
|
func (ls *LDAPServer) Bind(r ldap.BindRequest, conn net.Conn) (ldap.LDAPResultCode, error) {
|
|
req, span := bind.NewRequest(r, conn)
|
|
selectedApp := ""
|
|
defer func() {
|
|
span.Finish()
|
|
metrics.Requests.With(prometheus.Labels{
|
|
"outpost_name": ls.ac.Outpost.Name,
|
|
"type": "bind",
|
|
"app": selectedApp,
|
|
}).Observe(float64(span.EndTime.Sub(span.StartTime)) / float64(time.Second))
|
|
req.Log().WithField("took-ms", span.EndTime.Sub(span.StartTime).Milliseconds()).Info("Bind request")
|
|
}()
|
|
|
|
defer func() {
|
|
err := recover()
|
|
if err == nil {
|
|
return
|
|
}
|
|
log.WithError(err.(error)).Error("recover in bind request")
|
|
sentry.CaptureException(err.(error))
|
|
}()
|
|
|
|
for _, instance := range ls.providers {
|
|
username, err := instance.binder.GetUsername(r.BindDN)
|
|
if err == nil {
|
|
selectedApp = instance.GetAppSlug()
|
|
c, err := instance.binder.Bind(username, req)
|
|
if c == ldap.LDAPResultSuccess {
|
|
f := instance.GetFlags(req.BindDN)
|
|
ls.connectionsSync.Lock()
|
|
ls.connections[f.SessionID()] = conn
|
|
ls.connectionsSync.Unlock()
|
|
}
|
|
return c, err
|
|
} else {
|
|
req.Log().WithError(err).Debug("Username not for instance")
|
|
}
|
|
}
|
|
req.Log().WithField("request", "bind").Warning("No provider found for request")
|
|
metrics.RequestsRejected.With(prometheus.Labels{
|
|
"outpost_name": ls.ac.Outpost.Name,
|
|
"type": "bind",
|
|
"reason": "no_provider",
|
|
"app": "",
|
|
}).Inc()
|
|
|
|
return ldap.LDAPResultInsufficientAccessRights, nil
|
|
}
|