projects / arvados.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
15881: Test ldap login with fake ldap server.
[arvados.git] / lib / controller / localdb / login_ldap.go
diff --git a/lib/controller/localdb/login_ldap.go b/lib/controller/localdb/login_ldap.go
index 44e42ac4050e0bdb31035941916921bed8defa98..373b113240a042649406949b356d0404d24a4da3 100644 (file)
--- a/lib/controller/localdb/login_ldap.go
+++ b/lib/controller/localdb/login_ldap.go
@@ -93,7 +93,10 @@ func (ctrl *ldapLoginController) UserAuthenticate(ctx context.Context, opts arva
                return arvados.APIClientAuthorization{}, errors.New("config error: must provide SearchAttribute")
        }
 
-       search := fmt.Sprintf("(&%s(%s=%s))", conf.SearchFilters, ldap.EscapeFilter(conf.SearchAttribute), ldap.EscapeFilter(username))
+       search := fmt.Sprintf("(%s=%s)", ldap.EscapeFilter(conf.SearchAttribute), ldap.EscapeFilter(username))
+       if conf.SearchFilters != "" {
+               search = fmt.Sprintf("(&%s%s)", conf.SearchFilters, search)
+       }
        log = log.WithField("search", search)
        req := ldap.NewSearchRequest(
                conf.SearchBase,
@@ -105,7 +108,7 @@ func (ctrl *ldapLoginController) UserAuthenticate(ctx context.Context, opts arva
        if ldap.IsErrorWithCode(err, ldap.LDAPResultNoResultsReturned) ||
                ldap.IsErrorWithCode(err, ldap.LDAPResultNoSuchObject) ||
                (err == nil && len(resp.Entries) == 0) {
-               log.WithError(err).Debug("ldap lookup returned no results")
+               log.WithError(err).Info("ldap lookup returned no results")
                return arvados.APIClientAuthorization{}, errFailed
        } else if err != nil {
                log.WithError(err).Error("ldap lookup failed")
@@ -130,7 +133,7 @@ func (ctrl *ldapLoginController) UserAuthenticate(ctx context.Context, opts arva
        // Now that we have the DN, try authenticating.
        err = l.Bind(userdn, opts.Password)
        if err != nil {
-               log.WithError(err).Warn("ldap user authentication failed")
+               log.WithError(err).Info("ldap user authentication failed")
                return arvados.APIClientAuthorization{}, errFailed
        }
        log.Debug("ldap authentication succeeded")