TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-12 11:27:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: correctly "or"-join ldap userfilters (#9855)

Browse Source 
# Which Problems Are Solved

LDAP userfilters are joined, but as it not handled as a list of filters
but as a string they are not or-joined.

# How the Problems Are Solved

Separate userfilters as list of filters and join them correctly with
"or" condition.

# Additional Changes

None

# Additional Context

Closes #7003

---------

Co-authored-by: Marco A. <kwbmm1990@gmail.com>
This commit is contained in:
Stefan Benz
2025-05-13 10:32:48 +02:00
committed by GitHub
parent d79d5e7b96
commit 1383cb0702
2 changed files with 17 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
internal/idp/providers/ldap/session.go
View File

@@ -133,7 +133,6 @@ func tryBind(
username,
password,
timeout,
rootCA,
)
}
@@ -189,12 +188,11 @@ func trySearchAndUserBind(
username string,
password string,
timeout time.Duration,
rootCA []byte,
) (*ldap.Entry, error) {
searchQuery := queriesAndToSearchQuery(
objectClassesToSearchQuery(objectClasses),
queriesOrToSearchQuery(
userFiltersToSearchQuery(userFilters, username),
userFiltersToSearchQuery(userFilters, username)...,
),
)
@@ -218,7 +216,12 @@ func trySearchAndUserBind(
user := sr.Entries[0]
// Bind as the user to verify their password
if err = conn.Bind(user.DN, password); err != nil {
userDN, err := ldap.ParseDN(user.DN)
if err != nil {
logging.WithFields("userDN", user.DN).WithError(err).Info("ldap user parse DN failed")
return nil, err
}
if err = conn.Bind(userDN.String(), password); err != nil {
logging.WithFields("userDN", user.DN).WithError(err).Info("ldap user bind failed")
return nil, ErrFailedLogin
}
@@ -261,12 +264,12 @@ func objectClassesToSearchQuery(classes []string) string {
return searchQuery
}
func userFiltersToSearchQuery(filters []string, username string) string {
searchQuery := ""
for _, filter := range filters {
searchQuery += "(" + filter + "=" + ldap.EscapeFilter(username) + ")"
func userFiltersToSearchQuery(filters []string, username string) []string {
searchQueries := make([]string, len(filters))
for i, filter := range filters {
searchQueries[i] = "(" + filter + "=" + username + ")"
}
return searchQuery
return searchQueries
}
func mapLDAPEntryToUser(