outposts/ldap: fix order of flow check
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
538a466090
commit
4029e19b72
|
@ -8,8 +8,8 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
func (ls *LDAPServer) Bind(bindDN string, bindPW string, conn net.Conn) (ldap.LDAPResultCode, error) {
|
func (ls *LDAPServer) Bind(bindDN string, bindPW string, conn net.Conn) (ldap.LDAPResultCode, error) {
|
||||||
ls.log.WithField("bindDN", bindDN).Info("bind")
|
|
||||||
bindDN = strings.ToLower(bindDN)
|
bindDN = strings.ToLower(bindDN)
|
||||||
|
ls.log.WithField("bindDN", bindDN).Info("bind")
|
||||||
for _, instance := range ls.providers {
|
for _, instance := range ls.providers {
|
||||||
username, err := instance.getUsername(bindDN)
|
username, err := instance.getUsername(bindDN)
|
||||||
if err == nil {
|
if err == nil {
|
||||||
|
|
|
@ -48,13 +48,13 @@ func (pi *ProviderInstance) Bind(username string, bindDN, bindPW string, conn ne
|
||||||
fe.Answers[outpost.StagePassword] = bindPW
|
fe.Answers[outpost.StagePassword] = bindPW
|
||||||
|
|
||||||
passed, err := fe.Execute()
|
passed, err := fe.Execute()
|
||||||
|
if !passed {
|
||||||
|
return ldap.LDAPResultInvalidCredentials, nil
|
||||||
|
}
|
||||||
if err != nil {
|
if err != nil {
|
||||||
pi.log.WithField("bindDN", bindDN).WithError(err).Warning("failed to execute flow")
|
pi.log.WithField("bindDN", bindDN).WithError(err).Warning("failed to execute flow")
|
||||||
return ldap.LDAPResultOperationsError, nil
|
return ldap.LDAPResultOperationsError, nil
|
||||||
}
|
}
|
||||||
if !passed {
|
|
||||||
return ldap.LDAPResultInvalidCredentials, nil
|
|
||||||
}
|
|
||||||
access, err := fe.CheckApplicationAccess(pi.appSlug)
|
access, err := fe.CheckApplicationAccess(pi.appSlug)
|
||||||
if !access {
|
if !access {
|
||||||
pi.log.WithField("bindDN", bindDN).Info("Access denied for user")
|
pi.log.WithField("bindDN", bindDN).Info("Access denied for user")
|
||||||
|
|
Reference in New Issue