yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix(auth_ldap): Handle missing attributes 

Fixes: #4953
This commit is contained in:
k32 2021-06-09 11:40:52 +02:00 committed by turtleDeng
parent 69ef5cbdc3
commit 074c0bd2cc
3 changed files with 12 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
apps/emqx_auth_ldap/src/emqx_acl_ldap.erl
View File

@ -27,10 +27,6 @@
, description/0 , description/0
]). ]).
-import(proplists, [get_value/2]).
-import(emqx_auth_ldap_cli, [search/4]).
-spec(register_metrics() -> ok). -spec(register_metrics() -> ok).
register_metrics() -> register_metrics() ->
lists:foreach(fun emqx_metrics:ensure/1, ?ACL_METRICS). lists:foreach(fun emqx_metrics:ensure/1, ?ACL_METRICS).
@ -70,14 +66,14 @@ do_check_acl(#{username := Username}, PubSub, Topic, _NoMatchAction,
BaseDN = emqx_auth_ldap:replace_vars(CustomBaseDN, ReplaceRules), BaseDN = emqx_auth_ldap:replace_vars(CustomBaseDN, ReplaceRules),
case search(Pool, BaseDN, Filter, [Attribute, Attribute1]) of case emqx_auth_ldap_cli:search(Pool, BaseDN, Filter, [Attribute, Attribute1]) of
{error, noSuchObject} -> {error, noSuchObject} ->
ok; ok;
{ok, #eldap_search_result{entries = []}} -> {ok, #eldap_search_result{entries = []}} ->
ok; ok;
{ok, #eldap_search_result{entries = [Entry]}} -> {ok, #eldap_search_result{entries = [Entry]}} ->
Topics = get_value(Attribute, Entry#eldap_entry.attributes) Topics = proplists:get_value(Attribute, Entry#eldap_entry.attributes, [])
++ get_value(Attribute1, Entry#eldap_entry.attributes), ++ proplists:get_value(Attribute1, Entry#eldap_entry.attributes, []),
match(Topic, Topics); match(Topic, Topics);
Error -> Error ->
?LOG(error, "[LDAP] search error:~p", [Error]), ?LOG(error, "[LDAP] search error:~p", [Error]),
@ -95,4 +91,3 @@ match(Topic, [Filter | Topics]) ->
description() -> description() ->
"ACL with LDAP". "ACL with LDAP".

2
apps/emqx_auth_ldap/src/emqx_auth_ldap.app.src
View File

@ -1,6 +1,6 @@
{application, emqx_auth_ldap, {application, emqx_auth_ldap,
[{description, "EMQ X Authentication/ACL with LDAP"}, [{description, "EMQ X Authentication/ACL with LDAP"},
{vsn, "4.3.0"}, % strict semver, bump manually! {vsn, "4.3.1"}, % strict semver, bump manually!
{modules, []}, {modules, []},
{registered, [emqx_auth_ldap_sup]}, {registered, [emqx_auth_ldap_sup]},
{applications, [kernel,stdlib,eldap2,ecpool]}, {applications, [kernel,stdlib,eldap2,ecpool]},

8
apps/emqx_auth_ldap/src/emqx_auth_ldap.appup.src Normal file
View File

@ -0,0 +1,8 @@
%% -*- mode: erlang -*-
{VSN,
[{"4.3.0",
[{load_module,emqx_auth_ldap,brutal_purge,soft_purge,[]}]},
{<<".*">>,[]}],
[{"4.3.0",
[{load_module,emqx_auth_ldap,brutal_purge,soft_purge,[]}]},
{<<".*">>,[]}]}.