Merge pull request #698 from Calpicow/groupsearch_by_dn

Allow getAttr to return DN
2016-11-18 13:55:18 -08:00 · 2016-11-18 13:55:18 -08:00 · a7db295714
commit a7db295714
parent f45a1a9375 d4aba443ac
2 changed files with 9 additions and 1 deletions
--- a/Documentation/ldap-connector.md
+++ b/Documentation/ldap-connector.md
@ -11,7 +11,9 @@ The connector executes two primary queries:

 ## Configuration

-User entries are expected to have an email attribute (configurable through `emailAttr`), and a display name attribute (configurable through `nameAttr`). The following is an example config file that can be used by the LDAP connector to authenticate a user.
+User entries are expected to have an email attribute (configurable through `emailAttr`), and a display name attribute (configurable through `nameAttr`). `*Attr` attributes could be set to "DN" in situations where it is needed but not available elsewhere, and if "DN" attribute does not exist in the record.
+
+The following is an example config file that can be used by the LDAP connector to authenticate a user.

 ```yaml

--- a/connector/ldap/ldap.go
+++ b/connector/ldap/ldap.go
@ -47,6 +47,9 @@ import (
 //         baseDN: cn=groups,dc=example,dc=com
 //         filter: "(objectClass=group)"
 //         userAttr: uid
+//         # Use if full DN is needed and not available as any other attribute
+//         # Will only work if "DN" attribute does not exist in the record
+//         # userAttr: DN
 //         groupAttr: member
 //         nameAttr: name
 //
@ -285,6 +288,9 @@ func getAttr(e ldap.Entry, name string) string {
 		}
 		return a.Values[0]
 	}
+	if name == "DN" {
+		return e.DN
+	}
 	return ""
 }