From 6f04ee879ca25fd798f85a4c701291adae561a1a Mon Sep 17 00:00:00 2001
From: Unknwon <u@gogs.io>
Date: Thu, 16 Nov 2017 19:32:33 -0500
Subject: auth/ldap: allow placeholder %s for BindDN (#2526)

---
 pkg/auth/ldap/ldap.go | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

(limited to 'pkg/auth/ldap')

diff --git a/pkg/auth/ldap/ldap.go b/pkg/auth/ldap/ldap.go
index 4e0a4665..63b2bc39 100644
--- a/pkg/auth/ldap/ldap.go
+++ b/pkg/auth/ldap/ldap.go
@@ -96,13 +96,15 @@ func (ls *Source) sanitizedGroupDN(groupDn string) (string, bool) {
 
 func (ls *Source) findUserDN(l *ldap.Conn, name string) (string, bool) {
 	log.Trace("Search for LDAP user: %s", name)
-	if ls.BindDN != "" && ls.BindPassword != "" {
-		err := l.Bind(ls.BindDN, ls.BindPassword)
+	if len(ls.BindDN) > 0 && len(ls.BindPassword) > 0 {
+		// Replace placeholders with username
+		bindDN := strings.Replace(ls.BindDN, "%s", name, -1)
+		err := l.Bind(bindDN, ls.BindPassword)
 		if err != nil {
-			log.Trace("LDAP: Failed to bind as BindDN '%s': %v", ls.BindDN, err)
+			log.Trace("LDAP: Failed to bind as BindDN '%s': %v", bindDN, err)
 			return "", false
 		}
-		log.Trace("LDAP: Bound as BindDN: %s", ls.BindDN)
+		log.Trace("LDAP: Bound as BindDN: %s", bindDN)
 	} else {
 		log.Trace("LDAP: Proceeding with anonymous LDAP search")
 	}
-- 
cgit v1.2.3