func (l *LdifBackend) Bind(w ldap.ResponseWriter, m *ldap.Message) {
r := m.GetBindRequest()
res := ldap.NewBindResponse(ldap.LDAPResultInvalidCredentials)
l.Log.Debug("Bind", log.Ctx{"authchoice": r.AuthenticationChoice(), "user": r.Name()})
if r.AuthenticationChoice() == "simple" {
//search for userdn
for _, ldif := range l.ldifs {
if ldif.dn == string(r.Name()) {
//Check password
for _, attr := range ldif.attr {
if attr.name == "userPassword" {
if string(attr.content) == string(r.AuthenticationSimple()) {
res.SetResultCode(ldap.LDAPResultSuccess)
w.Write(res)
return
}
l.Log.Debug("userPassword doesn't match", log.Ctx{"pass": r.Authentication(), "userPassword": attr.content})
break
}
}
l.Log.Debug("no userPassword found!")
break
}
}
l.Log.Info("Bind failed", log.Ctx{"user": r.Name(), "pass": r.Authentication()})
res.SetResultCode(ldap.LDAPResultInvalidCredentials)
res.SetDiagnosticMessage("invalid credentials")
} else {
res.SetResultCode(ldap.LDAPResultUnwillingToPerform)
res.SetDiagnosticMessage("Authentication choice not supported")
}
w.Write(res)
}
func (d *DebugBackend) Bind(w ldap.ResponseWriter, m *ldap.Message) {
r := m.GetBindRequest()
dump(r)
res := ldap.NewBindResponse(ldap.LDAPResultUnwillingToPerform)
w.Write(res)
}
