diff --git a/app/services/auth_login_ldap.go b/app/services/auth_login_ldap.go index bf91269f..6f84a556 100644 --- a/app/services/auth_login_ldap.go +++ b/app/services/auth_login_ldap.go @@ -4,6 +4,7 @@ import ( "encoding/json" "errors" "fmt" + "github.com/go-ldap/ldap/v3" ) @@ -15,6 +16,7 @@ type AuthLoginConfig struct { BaseDn string `json:"basedn"` BindUsername string `json:"bind_username"` BindPassword string `json:"bind_password"` + AccountPattern string `json:"account_pattern"` GivenNameKey string `json:"given_name_key"` EmailKey string `json:"email_key"` MobileKey string `json:"mobile_key"` @@ -80,6 +82,10 @@ func (al *AuthLoginLdapService) AuthLogin(username string, password string) (*Au } // 搜索下用户信息 + accountPattern := "(&(objectClass=User)(userPrincipalName=%s))" + if al.config.AccountPattern != "" { + accountPattern = al.config.AccountPattern + } searchRequest := ldap.NewSearchRequest( al.config.BaseDn, ldap.ScopeWholeSubtree, @@ -87,7 +93,7 @@ func (al *AuthLoginLdapService) AuthLogin(username string, password string) (*Au 0, 0, false, - fmt.Sprintf("(&(objectClass=User)(userPrincipalName=%s))", username), + fmt.Sprintf(accountPattern, username), al.GetAttributes(), nil, ) diff --git a/views/system/auth/doc.html b/views/system/auth/doc.html index 0b5aa528..c79a76a1 100644 --- a/views/system/auth/doc.html +++ b/views/system/auth/doc.html @@ -33,6 +33,7 @@

登录认证方式配置文档

"basedn": "dc=umich,dc=edu", // ldap base dn; 用于搜索的节点;必填不能为空 "bind_username": "readonly", // ldap bind dn; 用来获取查询权限的 bind 用户;非必填可以为空 "bind_password": "password", // ldap bind dn password; bind 用户密码;非必填可以为空 + "account_pattern": "(&(objectClass=User)(userPrincipalName=%s))" // ldap search pattern; 非必填可以为空,默认值为(&(objectClass=User)(userPrincipalName=%s)) "given_name_key": "displayName", // ldap 查询用户名对应的 key,必填 "email_key": "mail", // ldap 查询邮箱对应的 key, 没有可为空 "mobile_key": "mobile", // ldap 查询手机号对应的 key,没有可为空