fix default values and doc

apache · Aug 3, 2022 · dd4e2a3 · dd4e2a3
1 parent ef84a13
commit dd4e2a3
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 14 deletions.
diff --git a/apisix/plugins/ldap-auth.lua b/apisix/plugins/ldap-auth.lua
@@ -31,9 +31,9 @@ local schema = {
     properties = {
         base_dn = { type = "string" },
         ldap_uri = { type = "string" },
-        use_tls = { type = "boolean" },
-        verify_ldap_host = { type = "boolean" },
-        uid = { type = "string" }
+        use_tls = { type = "boolean", default = false },
+        tls_verify = { type = "boolean", default = false },
+        uid = { type = "string", default = "cn" }
     },
     required = {"base_dn","ldap_uri"},
 }
@@ -137,25 +137,23 @@ function _M.rewrite(conf, ctx)
     end
 
     -- 2. try authenticate the user against the ldap server
-    local uid = conf.uid or "cn"
-
     local ldap_host, ldap_port = core.utils.parse_addr(conf.ldap_uri)
 
-    local userdn =  uid .. "=" .. user.username .. "," .. conf.base_dn
+    local userdn =  conf.uid .. "=" .. user.username .. "," .. conf.base_dn
     local ldapconf = {
         timeout = 10000,
         start_tls = false,
         ldap_host = ldap_host,
         ldap_port = ldap_port or 389,
         ldaps = conf.use_tls,
-        verify_ldap_host = conf.verify_ldap_host,
+        tls_verify = conf.tls_verify,
         base_dn = conf.base_dn,
-        attribute = uid,
+        attribute = conf.uid,
         keepalive = 60000,
     }
     local res, err = ldap.ldap_authenticate(user.username, user.password, ldapconf)
     if not res then
-        core.log.warn("ldap-auth: ", err)
+        core.log.warn("ldap-auth failed: ", err)
         return 401, { message = "Invalid user authorization" }
     end
 

diff --git a/docs/en/latest/plugins/ldap-auth.md b/docs/en/latest/plugins/ldap-auth.md
@@ -50,7 +50,7 @@ For Route:
 | base_dn  | string  | True     |         | Base dn of the LDAP server. For example, `ou=users,dc=example,dc=org`. |
 | ldap_uri | string  | True     |         | URI of the LDAP server.                                                |
 | use_tls  | boolean | False    | `false` | If set to `true` uses TLS.                                             |
-| verify_ldap_host| boolean  | False     | `false`        | Whether to verify the server certificate when `use_tls` is enabled; If set to `true`, you must set `ssl_trusted_certificate` in `config.yaml`, and make sure the host of `ldap_uri` matches the host in server certificate. |
+| tls_verify| boolean  | False     | `false`        | Whether to verify the server certificate when `use_tls` is enabled; If set to `true`, you must set `ssl_trusted_certificate` in `config.yaml`, and make sure the host of `ldap_uri` matches the host in server certificate. |
 | uid      | string  | False    | `cn`    | uid attribute.                                                         |
 
 ## Enabling the plugin

diff --git a/docs/zh/latest/plugins/ldap-auth.md b/docs/zh/latest/plugins/ldap-auth.md
@@ -48,7 +48,7 @@ Route 端：
 | base_dn  | string  | 是     |         | LDAP 服务器的 dn，例如：`ou=users,dc=example,dc=org`。|
 | ldap_uri | string  | 是     |         | LDAP 服务器的 URI。                                                |
 | use_tls  | boolean | 否    | false  | 如果设置为 `true` 则表示启用 TLS。                                             |
-| verify_ldap_host| boolean  | 否     | false        | 是否校验 LDAP 服务器的证书。如果设置为 `true`，你必须设置 `config.yaml` 里面的 `ssl_trusted_certificate`，并且确保 `ldap_uri` 里的 host 和服务器证书中的 host 匹配。 |
+| tls_verify| boolean  | 否     | false        | 是否校验 LDAP 服务器的证书。如果设置为 `true`，你必须设置 `config.yaml` 里面的 `ssl_trusted_certificate`，并且确保 `ldap_uri` 里的 host 和服务器证书中的 host 匹配。 |
 | uid      | string  | 否    | cn    | UID 属性。                                                         |
 
 ## 启用插件

diff --git a/t/plugin/ldap-auth.t b/t/plugin/ldap-auth.t
@@ -304,7 +304,7 @@ find consumer user01
                 ngx.HTTP_GET,
                 nil,
                 [[
-{"title":"work with route or service object","required":["base_dn","ldap_uri"],"properties":{"base_dn":{"type":"string"},"ldap_uri":{"type":"string"},"use_tls":{"type":"boolean"},"verify_ldap_host":{"type":"boolean"},"disable":{"type":"boolean"},"uid":{"type":"string"}},"type":"object"}
+{"title":"work with route or service object","required":["base_dn","ldap_uri"],"properties":{"base_dn":{"type":"string"},"ldap_uri":{"type":"string"},"use_tls":{"type":"boolean"},"tls_verify":{"type":"boolean"},"disable":{"type":"boolean"},"uid":{"type":"string"}},"type":"object"}
                 ]]
                 )
             ngx.status = code
@@ -340,7 +340,7 @@ find consumer user01
                 ngx.HTTP_GET,
                 nil,
                 [[
-{"title":"work with route or service object","required":["base_dn","ldap_uri"],"properties":{"base_dn":{"type":"string"},"ldap_uri":{"type":"string"},"use_tls":{"type":"boolean"},"verify_ldap_host":{"type":"boolean"},"disable":{"type":"boolean"},"uid":{"type":"string"}},"type":"object"}                ]]
+{"title":"work with route or service object","required":["base_dn","ldap_uri"],"properties":{"base_dn":{"type":"string"},"ldap_uri":{"type":"string"},"use_tls":{"type":"boolean"},"tls_verify":{"type":"boolean"},"disable":{"type":"boolean"},"uid":{"type":"string"}},"type":"object"}                ]]
                 )
             ngx.status = code
         }
@@ -411,7 +411,7 @@ find consumer user01
                             "ldap_uri": "localhost:1636",
                             "uid": "cn",
                             "use_tls": true,
-                            "verify_ldap_host": true
+                            "tls_verify": true
                         }
                     },
                     "upstream": {