diff --git a/examples/dynamic-conf/ldapAuth-conf.toml b/examples/dynamic-conf/ldapAuth-conf.toml index 4cd8f87..b771672 100644 --- a/examples/dynamic-conf/ldapAuth-conf.toml +++ b/examples/dynamic-conf/ldapAuth-conf.toml @@ -7,7 +7,7 @@ LogLevel = "DEBUG" Port = "389" Url = "ldap://ldap.forumsys.com" AllowedGroups = ["ou=mathematicians,dc=example,dc=com","ou=italians,ou=scientists,dc=example,dc=com"] -AllowedUsers = ["euler", "euclid"] +AllowedUsers = ["euler", "uid=euclid,dc=example,dc=com"] # SearchFilter must escape curly braces when using toml file # https://toml.io/en/v1.0.0#string # SearchFilter = '''(\{\{.Attribute\}\}=\{\{.Username\}\})''' diff --git a/examples/dynamic-conf/ldapAuth-conf.yml b/examples/dynamic-conf/ldapAuth-conf.yml index 8895519..11ab1ca 100644 --- a/examples/dynamic-conf/ldapAuth-conf.yml +++ b/examples/dynamic-conf/ldapAuth-conf.yml @@ -14,7 +14,7 @@ http: - ou=italians,ou=scientists,dc=example,dc=com AllowedUsers: - euler - - euclid + - uid=euclid,dc=example,dc=com # SearchFilter must escape curly braces when using yml file # https://yaml.org/spec/1.1/#id872840 # SearchFilter: (\{\{.Attribute\}\}=\{\{.Username\}\}) diff --git a/ldapauth.go b/ldapauth.go index 2917fe6..fa40ad4 100644 --- a/ldapauth.go +++ b/ldapauth.go @@ -193,7 +193,7 @@ func (la *LdapAuth) ServeHTTP(rw http.ResponseWriter, req *http.Request) { defer conn.Close() LoggerERROR.Printf("%s", err) RequireAuth(rw, req, la.config, err) - return + return } defer conn.Close() @@ -269,7 +269,7 @@ func LdapCheckUserAuthorized(conn *ldap.Conn, config *Config, entry *ldap.Entry, } // Check if user is allowed through groups - isValidGroups, err := LdapCheckUserGroups(conn, config, entry, username) + isValidGroups, err := LdapCheckUserGroups(conn, config, entry, username) if isValidGroups { return true, err } @@ -352,7 +352,7 @@ func LdapCheckUserGroups(conn *ldap.Conn, config *Config, entry *ldap.Entry, use break } - LoggerDEBUG.Printf("User '%s' not in any of the allowed groups", username) + LoggerDEBUG.Printf("User: '%s' not found in Group: '%s'", username, g) } return found, err