Use same operation mode to bind validations

- Fix #61 - Use the same credentials based on detected operation mode to validate AllowedGroups
wiltonsr · Mar 20, 2024 · 5ce8d2d · 5ce8d2d
1 parent 5de938d
commit 5ce8d2d
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 1 deletion.
diff --git a/ldapauth.go b/ldapauth.go
@@ -270,8 +270,12 @@ func LdapCheckUser(conn *ldap.Conn, config *Config, username, password string) (
 	userDN := result.Entries[0].DN
 	LoggerINFO.Printf("Authenticating User: %s", userDN)
 
+	// Copy conn to validate user password. This prevents changing the bind made
+	// previously, then LdapCheckUserAuthorized will use same operation mode
+	_nconn := conn
+
 	// Bind User and password.
-	err = conn.Bind(userDN, password)
+	err = _nconn.Bind(userDN, password)
 	return err == nil, result.Entries[0], err
 }
 

diff --git a/readme.md b/readme.md
@@ -101,6 +101,8 @@ labels:
 
 ## Operations Mode
 
+The `Operation Mode` detected will be used to perform all subsequent requests.
+
 ### Bind Mode
 
 If no `searchFilter` is specified in its configuration, the middleware runs in the default bind mode, meaning it tries to make a simple bind request to the LDAP server with the credentials provided in the request headers. If the bind succeeds, the middleware forwards the request, otherwise, it returns a 401 Unauthorized status code.