Merge pull request #231 from hudeng-go/master

feat: Add account pattern support at ldap settings

app/services/auth_login_ldap.go

@@ -4,6 +4,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+
 	"github.com/go-ldap/ldap/v3"
 )
 
@@ -15,6 +16,7 @@ type AuthLoginConfig struct {
 	BaseDn        string `json:"basedn"`
 	BindUsername  string `json:"bind_username"`
 	BindPassword  string `json:"bind_password"`
+  AccountPattern string `json:"account_pattern"`
 	GivenNameKey  string `json:"given_name_key"`
 	EmailKey      string `json:"email_key"`
 	MobileKey     string `json:"mobile_key"`
@@ -80,14 +82,18 @@ func (al *AuthLoginLdapService) AuthLogin(username string, password string) (*Au
 	}
 
 	// 搜索下用户信息
+	accountPattern := "(&(objectClass=User)(userPrincipalName=%s))"
+	if al.config.AccountPattern != "" {
+		accountPattern = al.config.AccountPattern
+	}
 	searchRequest := ldap.NewSearchRequest(
 		al.config.BaseDn,
 		ldap.ScopeWholeSubtree,
 		ldap.NeverDerefAliases,
 		0,
 		0,
 		false,
-		fmt.Sprintf("(&(objectClass=User)(userPrincipalName=%s))", username),
+		fmt.Sprintf(accountPattern, username),
 		al.GetAttributes(),
 		nil,
 	)

views/system/auth/doc.html

@@ -33,6 +33,7 @@ <h4><i class="fa fa-address-card-o"></i> 登录认证方式配置文档</h4>
     "basedn": "dc=umich,dc=edu", // ldap base dn; 用于搜索的节点；必填不能为空
     "bind_username": "readonly", // ldap bind dn; 用来获取查询权限的 bind 用户；非必填可以为空
     "bind_password": "password", // ldap bind dn password; bind 用户密码；非必填可以为空
+    "account_pattern": "(&(objectClass=User)(userPrincipalName=%s))" // ldap search pattern; 非必填可以为空，默认值为(&(objectClass=User)(userPrincipalName=%s))
     "given_name_key": "displayName", // ldap 查询用户名对应的 key，必填
     "email_key": "mail", // ldap 查询邮箱对应的 key, 没有可为空
     "mobile_key": "mobile", // ldap 查询手机号对应的 key，没有可为空