From b82249f1fa8085462ea5459a46202c2f1464d5ec Mon Sep 17 00:00:00 2001 From: "Ruben S. Montero" Date: Wed, 13 May 2020 19:10:42 +0200 Subject: [PATCH] Revert "B #4111: Fail LDAP auth if user casing differs (#4663)" This reverts commit b23a3713a6dacaaa9e1d1e0ed9de1291d4702345. --- src/authm_mad/remotes/ldap/authenticate | 16 +++++----------- src/authm_mad/remotes/ldap/ldap_auth.rb | 17 ++++++----------- 2 files changed, 11 insertions(+), 22 deletions(-) diff --git a/src/authm_mad/remotes/ldap/authenticate b/src/authm_mad/remotes/ldap/authenticate index c919212519..b4a14bc806 100755 --- a/src/authm_mad/remotes/ldap/authenticate +++ b/src/authm_mad/remotes/ldap/authenticate @@ -54,6 +54,7 @@ begin xml.initialize_xml(STDIN.read, 'AUTHN') user = URI_PARSER.unescape(xml['/AUTHN/USERNAME']) + pass = URI_PARSER.unescape(xml['/AUTHN/PASSWORD']) secret = URI_PARSER.unescape(xml['/AUTHN/SECRET']) rescue STDERR.puts "Invalid XML input" @@ -105,19 +106,13 @@ order.each do |name| Timeout.timeout(timeout) do ldap=OpenNebula::LdapAuth.new(server_conf) - user_dn, user_uid, user_group_name = ldap.find_user(user) + user_name, user_group_name = ldap.find_user(user) - if !user_dn + if !user_name STDERR.puts "User #{user} not found" break end - if user_uid != user - STDERR.puts "User \"#{user}\" has different "\ - "casing in LDAP \"#{user_uid}\"" - break - end - if server_conf[:group] if !ldap.is_in_group?(user_group_name, server_conf[:group]) STDERR.puts "User #{user} is not in group #{server_conf[:group]}" @@ -125,7 +120,7 @@ order.each do |name| end end - if ldap.authenticate(user_dn, secret) + if ldap.authenticate(user_name, secret) groups = ldap.get_groups if groups.empty? if !server_conf[:mapping_default] @@ -138,9 +133,8 @@ order.each do |name| # authentication success group_list = groups.join(' ') - escaped_user = URI_PARSER.escape(user).strip.downcase - escaped_secret = URI_PARSER.escape(user_dn) + escaped_secret = URI_PARSER.escape(user_name) puts "ldap #{escaped_user} #{escaped_secret} #{group_list}" exit diff --git a/src/authm_mad/remotes/ldap/ldap_auth.rb b/src/authm_mad/remotes/ldap/ldap_auth.rb index 76b6ec6326..9e2388dc52 100644 --- a/src/authm_mad/remotes/ldap/ldap_auth.rb +++ b/src/authm_mad/remotes/ldap/ldap_auth.rb @@ -64,8 +64,9 @@ class OpenNebula::LdapAuth } end - # always fetch user_filed to compare casing - @options[:attributes] << @options[:user_field] + if !@options[:rfc2307bis] + @options[:attributes] << @options[:user_field] + end # fetch the user group field only if we need that if @options[:group] or !@options[:rfc2307bis] @@ -142,21 +143,15 @@ class OpenNebula::LdapAuth if result && result.first @user = result.first - - [@user.dn, - @user[@options[:user_field]].first, - @user[@options[:user_group_field]] - ] + [@user.dn, @user[@options[:user_group_field]]] else result=@ldap.search(:base => name) if result && result.first @user = result.first - [name, - @user[@options[:user_field]].first, - @user[@options[:user_group_field]]] + [name, @user[@options[:user_group_field]]] else - [nil, nil, nil] + [nil, nil] end end end