X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/8f435f4bac86e7ba7dbd9770d2db9bb4db6cf569..ca6cbc015e137e5e24c6ac5268e9fc72a61db84d:/lib/controller/localdb/login_ldap.go

diff --git a/lib/controller/localdb/login_ldap.go b/lib/controller/localdb/login_ldap.go
index 373b113240..3f13c7b27a 100644
--- a/lib/controller/localdb/login_ldap.go
+++ b/lib/controller/localdb/login_ldap.go
@@ -21,12 +21,12 @@ import (
 )
 
 type ldapLoginController struct {
-	Cluster    *arvados.Cluster
-	RailsProxy *railsProxy
+	Cluster *arvados.Cluster
+	Parent  *Conn
 }
 
 func (ctrl *ldapLoginController) Logout(ctx context.Context, opts arvados.LogoutOptions) (arvados.LogoutResponse, error) {
-	return noopLogout(ctrl.Cluster, opts)
+	return logout(ctx, ctrl.Cluster, opts)
 }
 
 func (ctrl *ldapLoginController) Login(ctx context.Context, opts arvados.LoginOptions) (arvados.LoginResponse, error) {
@@ -38,6 +38,9 @@ func (ctrl *ldapLoginController) UserAuthenticate(ctx context.Context, opts arva
 	conf := ctrl.Cluster.Login.LDAP
 	errFailed := httpserver.ErrorWithStatus(fmt.Errorf("LDAP: Authentication failure (with username %q and password)", opts.Username), http.StatusUnauthorized)
 
+	if conf.SearchAttribute == "" {
+		return arvados.APIClientAuthorization{}, errors.New("config error: SearchAttribute is blank")
+	}
 	if opts.Password == "" {
 		log.WithField("username", opts.Username).Error("refusing to authenticate with empty password")
 		return arvados.APIClientAuthorization{}, errFailed
@@ -89,10 +92,6 @@ func (ctrl *ldapLoginController) UserAuthenticate(ctx context.Context, opts arva
 		}
 	}
 
-	if conf.SearchAttribute == "" {
-		return arvados.APIClientAuthorization{}, errors.New("config error: must provide SearchAttribute")
-	}
-
 	search := fmt.Sprintf("(%s=%s)", ldap.EscapeFilter(conf.SearchAttribute), ldap.EscapeFilter(username))
 	if conf.SearchFilters != "" {
 		search = fmt.Sprintf("(&%s%s)", conf.SearchFilters, search)
@@ -144,7 +143,7 @@ func (ctrl *ldapLoginController) UserAuthenticate(ctx context.Context, opts arva
 		return arvados.APIClientAuthorization{}, errors.New("authentication succeeded but ldap returned no email address")
 	}
 
-	return createAPIClientAuthorization(ctx, ctrl.RailsProxy, ctrl.Cluster.SystemRootToken, rpc.UserSessionAuthInfo{
+	return ctrl.Parent.CreateAPIClientAuthorization(ctx, ctrl.Cluster.SystemRootToken, rpc.UserSessionAuthInfo{
 		Email:     email,
 		FirstName: attrs["givenname"],
 		LastName:  attrs["sn"],