outposts/ldap: fix order of flow check

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-07-18 22:22:35 +02:00
parent 538a466090
commit 4029e19b72
2 changed files with 4 additions and 4 deletions

View file

@ -8,8 +8,8 @@ import (
) )
func (ls *LDAPServer) Bind(bindDN string, bindPW string, conn net.Conn) (ldap.LDAPResultCode, error) { func (ls *LDAPServer) Bind(bindDN string, bindPW string, conn net.Conn) (ldap.LDAPResultCode, error) {
ls.log.WithField("bindDN", bindDN).Info("bind")
bindDN = strings.ToLower(bindDN) bindDN = strings.ToLower(bindDN)
ls.log.WithField("bindDN", bindDN).Info("bind")
for _, instance := range ls.providers { for _, instance := range ls.providers {
username, err := instance.getUsername(bindDN) username, err := instance.getUsername(bindDN)
if err == nil { if err == nil {

View file

@ -48,13 +48,13 @@ func (pi *ProviderInstance) Bind(username string, bindDN, bindPW string, conn ne
fe.Answers[outpost.StagePassword] = bindPW fe.Answers[outpost.StagePassword] = bindPW
passed, err := fe.Execute() passed, err := fe.Execute()
if !passed {
return ldap.LDAPResultInvalidCredentials, nil
}
if err != nil { if err != nil {
pi.log.WithField("bindDN", bindDN).WithError(err).Warning("failed to execute flow") pi.log.WithField("bindDN", bindDN).WithError(err).Warning("failed to execute flow")
return ldap.LDAPResultOperationsError, nil return ldap.LDAPResultOperationsError, nil
} }
if !passed {
return ldap.LDAPResultInvalidCredentials, nil
}
access, err := fe.CheckApplicationAccess(pi.appSlug) access, err := fe.CheckApplicationAccess(pi.appSlug)
if !access { if !access {
pi.log.WithField("bindDN", bindDN).Info("Access denied for user") pi.log.WithField("bindDN", bindDN).Info("Access denied for user")