THIS IS A TEST INSTANCE ONLY! REPOSITORIES CAN BE DELETED AT ANY TIME!

Browse Source

feat(api): implement anonymous mode for LDAP connection (#3460)

* When enabled, ReaderDN and Password will not be used
* Anonymous mode is set to `true` by default on fresh installations
tags/1.23.1^2
Hugo Hromic Anthony Lapenna 1 month ago
parent
commit
2ba195adaa
4 changed files with 21 additions and 9 deletions
  1. +1
    -0
      api/cmd/portainer/main.go
  2. +15
    -9
      api/ldap/ldap.go
  3. +1
    -0
      api/portainer.go
  4. +4
    -0
      api/swagger.yaml

+ 1
- 0
api/cmd/portainer/main.go View File

@@ -259,6 +259,7 @@ func initSettings(settingsService portainer.SettingsService, flags *portainer.CL
LogoURL: *flags.Logo,
AuthenticationMethod: portainer.AuthenticationInternal,
LDAPSettings: portainer.LDAPSettings{
AnonymousMode: true,
AutoCreateUsers: true,
TLSConfig: portainer.TLSConfiguration{},
SearchSettings: []portainer.LDAPSearchSettings{


+ 15
- 9
api/ldap/ldap.go View File

@@ -92,9 +92,11 @@ func (*Service) AuthenticateUser(username, password string, settings *portainer.
}
defer connection.Close()

err = connection.Bind(settings.ReaderDN, settings.Password)
if err != nil {
return err
if !settings.AnonymousMode {
err = connection.Bind(settings.ReaderDN, settings.Password)
if err != nil {
return err
}
}

userDN, err := searchUser(username, connection, settings.SearchSettings)
@@ -118,9 +120,11 @@ func (*Service) GetUserGroups(username string, settings *portainer.LDAPSettings)
}
defer connection.Close()

err = connection.Bind(settings.ReaderDN, settings.Password)
if err != nil {
return nil, err
if !settings.AnonymousMode {
err = connection.Bind(settings.ReaderDN, settings.Password)
if err != nil {
return nil, err
}
}

userDN, err := searchUser(username, connection, settings.SearchSettings)
@@ -174,9 +178,11 @@ func (*Service) TestConnectivity(settings *portainer.LDAPSettings) error {
}
defer connection.Close()

err = connection.Bind(settings.ReaderDN, settings.Password)
if err != nil {
return err
if !settings.AnonymousMode {
err = connection.Bind(settings.ReaderDN, settings.Password)
if err != nil {
return err
}
}
return nil
}

+ 1
- 0
api/portainer.go View File

@@ -50,6 +50,7 @@ type (

// LDAPSettings represents the settings used to connect to a LDAP server
LDAPSettings struct {
AnonymousMode bool `json:"AnonymousMode"`
ReaderDN string `json:"ReaderDN"`
Password string `json:"Password,omitempty"`
URL string `json:"URL"`


+ 4
- 0
api/swagger.yaml View File

@@ -3296,6 +3296,10 @@ definitions:
LDAPSettings:
type: "object"
properties:
AnonymousMode:
type: "boolean"
example: true
description: "Enable this option if the server is configured for Anonymous access. When enabled, ReaderDN and Password will not be used."
ReaderDN:
type: "string"
example: "cn=readonly-account,dc=ldap,dc=domain,dc=tld"


Loading…
Cancel
Save