From 573305f3d3ac55a79639dcb4cc55694ad7a914a5 Mon Sep 17 00:00:00 2001
From: Adam Strzelecki <ono@java.pl>
Date: Tue, 1 Dec 2015 14:49:49 +0100
Subject: LDAP: Optional user name attribute specification

Consider following LDAP search query example:

    (&(objectClass=Person)(|(uid=%s)(mail=%s)))

Right now on first login attempt Gogs will use the text supplied on login form
as the newly created user name. In example query above the text matches against
both e-mail or user name. So if user puts the e-mail then the new Gogs user
name will be e-mail which may be undesired.

Using optional user name attribute setting we can explicitly say we want Gogs
user name to be certain LDAP attribute eg. `uid`, so even user will use e-mail
to login 1st time, the new account will receive correct user name.
---
 routers/admin/auths.go | 31 ++++++++++++++++---------------
 1 file changed, 16 insertions(+), 15 deletions(-)

(limited to 'routers/admin/auths.go')

diff --git a/routers/admin/auths.go b/routers/admin/auths.go
index e264f7a8..baa5efe3 100644
--- a/routers/admin/auths.go
+++ b/routers/admin/auths.go
@@ -68,21 +68,22 @@ func NewAuthSource(ctx *middleware.Context) {
 func parseLDAPConfig(form auth.AuthenticationForm) *models.LDAPConfig {
 	return &models.LDAPConfig{
 		Source: &ldap.Source{
-			Name:             form.Name,
-			Host:             form.Host,
-			Port:             form.Port,
-			UseSSL:           form.TLS,
-			SkipVerify:       form.SkipVerify,
-			BindDN:           form.BindDN,
-			UserDN:           form.UserDN,
-			BindPassword:     form.BindPassword,
-			UserBase:         form.UserBase,
-			AttributeName:    form.AttributeName,
-			AttributeSurname: form.AttributeSurname,
-			AttributeMail:    form.AttributeMail,
-			Filter:           form.Filter,
-			AdminFilter:      form.AdminFilter,
-			Enabled:          true,
+			Name:              form.Name,
+			Host:              form.Host,
+			Port:              form.Port,
+			UseSSL:            form.TLS,
+			SkipVerify:        form.SkipVerify,
+			BindDN:            form.BindDN,
+			UserDN:            form.UserDN,
+			BindPassword:      form.BindPassword,
+			UserBase:          form.UserBase,
+			AttributeUsername: form.AttributeUsername,
+			AttributeName:     form.AttributeName,
+			AttributeSurname:  form.AttributeSurname,
+			AttributeMail:     form.AttributeMail,
+			Filter:            form.Filter,
+			AdminFilter:       form.AdminFilter,
+			Enabled:           true,
 		},
 	}
 }
-- 
cgit v1.2.3