diff --git a/apps/emqx_auth_ldap/src/emqx_authn_ldap_bind.erl b/apps/emqx_auth_ldap/src/emqx_authn_ldap_bind.erl index 1f2af261e..26dd4daac 100644 --- a/apps/emqx_auth_ldap/src/emqx_authn_ldap_bind.erl +++ b/apps/emqx_auth_ldap/src/emqx_authn_ldap_bind.erl @@ -52,7 +52,7 @@ authenticate( {ok, #{result := ok}} -> {ok, #{is_superuser => false}}; {ok, #{result := 'invalidCredentials'}} -> - ?TRACE_AUTHN_PROVIDER(error, "ldap_bind_failed", #{ + ?TRACE_AUTHN_PROVIDER(info, "ldap_bind_failed", #{ resource => ResourceId, reason => 'invalidCredentials' }), diff --git a/apps/emqx_auth_ldap/src/emqx_authn_ldap_schema.erl b/apps/emqx_auth_ldap/src/emqx_authn_ldap_schema.erl index 3190d6e14..9d36867cd 100644 --- a/apps/emqx_auth_ldap/src/emqx_authn_ldap_schema.erl +++ b/apps/emqx_auth_ldap/src/emqx_authn_ldap_schema.erl @@ -55,7 +55,7 @@ fields(ldap) -> [ {method, ?HOCON( - hoconsc:union([?R_REF(hash_method), ?R_REF(bind_method)]), + hoconsc:union(fun method_union_member_selector/1), #{desc => ?DESC(method)} )} ]; @@ -88,6 +88,26 @@ desc(bind_method) -> desc(_) -> undefined. +method_union_member_selector(all_union_members) -> + [?R_REF(hash_method), ?R_REF(bind_method)]; +method_union_member_selector({value, Val}) -> + Val2 = + case is_map(Val) of + true -> emqx_utils_maps:binary_key_map(Val); + false -> Val + end, + case Val2 of + #{<<"type">> := <<"bind">>} -> + [?R_REF(bind_method)]; + #{<<"type">> := <<"hash">>} -> + [?R_REF(hash_method)]; + _ -> + throw(#{ + field_name => method, + expected => [bind_method, hash_method] + }) + end. + method_type(Type) -> ?HOCON(?ENUM([Type]), #{desc => ?DESC(?FUNCTION_NAME), default => Type}).