|
|
@ -60,22 +60,23 @@ defmodule Pleroma.Web.Auth.LDAPAuthenticator do
|
|
|
|
case :eldap.open([to_charlist(host)], options) do
|
|
|
|
case :eldap.open([to_charlist(host)], options) do
|
|
|
|
{:ok, connection} ->
|
|
|
|
{:ok, connection} ->
|
|
|
|
try do
|
|
|
|
try do
|
|
|
|
uid = Keyword.get(ldap, :uid, "cn")
|
|
|
|
if Keyword.get(ldap, :tls, false) do
|
|
|
|
base = Keyword.get(ldap, :base)
|
|
|
|
:application.ensure_all_started(:ssl)
|
|
|
|
|
|
|
|
|
|
|
|
case :eldap.simple_bind(connection, "#{uid}=#{name},#{base}", password) do
|
|
|
|
case :eldap.start_tls(
|
|
|
|
:ok ->
|
|
|
|
connection,
|
|
|
|
case User.get_by_nickname_or_email(name) do
|
|
|
|
Keyword.get(ldap, :tlsopts, []),
|
|
|
|
%User{} = user ->
|
|
|
|
@connection_timeout
|
|
|
|
user
|
|
|
|
) do
|
|
|
|
|
|
|
|
:ok ->
|
|
|
|
_ ->
|
|
|
|
:ok
|
|
|
|
register_user(connection, base, uid, name, password)
|
|
|
|
|
|
|
|
end
|
|
|
|
error ->
|
|
|
|
|
|
|
|
Logger.error("Could not start TLS: #{inspect(error)}")
|
|
|
|
error ->
|
|
|
|
end
|
|
|
|
error
|
|
|
|
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
bind_user(connection, ldap, name, password)
|
|
|
|
after
|
|
|
|
after
|
|
|
|
:eldap.close(connection)
|
|
|
|
:eldap.close(connection)
|
|
|
|
end
|
|
|
|
end
|
|
|
@ -86,11 +87,31 @@ defmodule Pleroma.Web.Auth.LDAPAuthenticator do
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
defp bind_user(connection, ldap, name, password) do
|
|
|
|
|
|
|
|
uid = Keyword.get(ldap, :uid, "cn")
|
|
|
|
|
|
|
|
base = Keyword.get(ldap, :base)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
case :eldap.simple_bind(connection, "#{uid}=#{name},#{base}", password) do
|
|
|
|
|
|
|
|
:ok ->
|
|
|
|
|
|
|
|
case User.get_by_nickname_or_email(name) do
|
|
|
|
|
|
|
|
%User{} = user ->
|
|
|
|
|
|
|
|
user
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
_ ->
|
|
|
|
|
|
|
|
register_user(connection, base, uid, name, password)
|
|
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
error ->
|
|
|
|
|
|
|
|
error
|
|
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
defp register_user(connection, base, uid, name, password) do
|
|
|
|
defp register_user(connection, base, uid, name, password) do
|
|
|
|
case :eldap.search(connection, [
|
|
|
|
case :eldap.search(connection, [
|
|
|
|
{:base, to_charlist(base)},
|
|
|
|
{:base, to_charlist(base)},
|
|
|
|
{:filter, :eldap.equalityMatch(to_charlist(uid), to_charlist(name))},
|
|
|
|
{:filter, :eldap.equalityMatch(to_charlist(uid), to_charlist(name))},
|
|
|
|
{:scope, :eldap.wholeSubtree()},
|
|
|
|
{:scope, :eldap.wholeSubtree()},
|
|
|
|
|
|
|
|
{:attributes, ['mail', 'email']},
|
|
|
|
{:timeout, @search_timeout}
|
|
|
|
{:timeout, @search_timeout}
|
|
|
|
]) do
|
|
|
|
]) do
|
|
|
|
{:ok, {:eldap_search_result, [{:eldap_entry, _, attributes}], _}} ->
|
|
|
|
{:ok, {:eldap_search_result, [{:eldap_entry, _, attributes}], _}} ->
|
|
|
@ -110,7 +131,9 @@ defmodule Pleroma.Web.Auth.LDAPAuthenticator do
|
|
|
|
error -> error
|
|
|
|
error -> error
|
|
|
|
end
|
|
|
|
end
|
|
|
|
else
|
|
|
|
else
|
|
|
|
_ -> {:error, :ldap_registration_missing_attributes}
|
|
|
|
_ ->
|
|
|
|
|
|
|
|
Logger.error("Could not find LDAP attribute mail: #{inspect(attributes)}")
|
|
|
|
|
|
|
|
{:error, :ldap_registration_missing_attributes}
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
error ->
|
|
|
|
error ->
|
|
|
|