diff --git a/irc/ldap/config.go b/irc/ldap/config.go index cfd981e1..623fdf09 100644 --- a/irc/ldap/config.go +++ b/irc/ldap/config.go @@ -4,7 +4,11 @@ // Modification notice: // 1. All field names were changed from toml and snake case to yaml and kebab case, // matching the Oragono project conventions -// 2. Two fields were added: `Autocreate` and `Timeout` +// 2. Four fields were added: +// 2.1 `Enabled` +// 2.2 `Autocreate` +// 2.3 `Timeout` +// 2.4 `RequireGroups` // XXX: none of AttributeMap does anything in oragono, except MemberOf, // which can be used to retrieve group memberships diff --git a/irc/ldap/grafana.go b/irc/ldap/grafana.go index d846e671..4cd83cdb 100644 --- a/irc/ldap/grafana.go +++ b/irc/ldap/grafana.go @@ -1,8 +1,9 @@ // Copyright 2014-2018 Grafana Labs // Released under the Apache 2.0 license -// Modification notice: these functions were altered by substituting -// `serverConn` for `Server`. +// Modification notice: +// 1. `serverConn` was substituted for `Server` as the type of the server object +// 2. Debug loglines were altered to work with Oragono's logging system package ldap @@ -210,7 +211,7 @@ func (server *serverConn) requestMemberOf(entry *ldap.Entry) ([]string, error) { -1, ) - server.log.Info("Searching for user's groups", "filter", filter) + server.logger.Debug("ldap", "Searching for groups with filter", filter) // support old way of reading settings groupIDAttribute := config.Attr.MemberOf diff --git a/irc/ldap/login.go b/irc/ldap/login.go index a28bf8bd..fb22c992 100644 --- a/irc/ldap/login.go +++ b/irc/ldap/login.go @@ -43,10 +43,12 @@ var ( ) // equivalent of Grafana's `Server`, but unexported +// also, `log` was renamed to `logger`, since the APIs are slightly different +// and this way the compiler will catch any unchanged references to Grafana's `Server.log` type serverConn struct { Config *ServerConfig Connection *ldap.Conn - log *logger.Manager + logger *logger.Manager } func CheckLDAPPassphrase(config ServerConfig, accountName, passphrase string, log *logger.Manager) (err error) { @@ -58,7 +60,7 @@ func CheckLDAPPassphrase(config ServerConfig, accountName, passphrase string, lo server := serverConn{ Config: &config, - log: log, + logger: log, } err = server.Dial() @@ -126,10 +128,10 @@ func (server *serverConn) validateGroupMembership(user *ldap.Entry) (err error) var memberOf []string memberOf, err = server.getMemberOf(user) if err != nil { - server.log.Debug("ldap", "could not retrieve group memberships", err.Error()) + server.logger.Debug("ldap", "could not retrieve group memberships", err.Error()) return } - server.log.Debug("ldap", fmt.Sprintf("found group memberships: %v", memberOf)) + server.logger.Debug("ldap", fmt.Sprintf("found group memberships: %v", memberOf)) foundGroup := false for _, inGroup := range memberOf { for _, acceptableGroup := range server.Config.RequireGroups { diff --git a/oragono.yaml b/oragono.yaml index 9e2f3e97..bbf19da1 100644 --- a/oragono.yaml +++ b/oragono.yaml @@ -392,6 +392,8 @@ accounts: # enabled: true # # should we automatically create users if their LDAP login succeeds? # autocreate: true + # # example configuration that works with Forum Systems's testing server: + # # https://www.forumsys.com/tutorials/integration-how-to/ldap/online-ldap-test-server/ # host: "ldap.forumsys.com" # port: 389 # timeout: 30s @@ -404,7 +406,8 @@ accounts: # #bind-dn: "cn=read-only-admin,dc=example,dc=com" # #bind-password: "password" # #search-filter: "(uid=%s)" - # # example of requiring that users be in a particular group: + # # example of requiring that users be in a particular group + # # (note that this is an OR over the listed groups, not an AND): # #require-groups: # # - "ou=mathematicians,dc=example,dc=com" # #group-search-filter-user-attribute: "dn"