Merge pull request #11703 from lafirest/fix/ldap_bind

fix(ldap): use the search result as bind target

apps/emqx_dashboard_sso/src/emqx_dashboard_sso_ldap.erl

@@ -124,11 +124,11 @@ login(
     of
         {ok, []} ->
             {error, user_not_found};
-        {ok, [_Entry | _]} ->
+        {ok, [Entry | _]} ->
             case
                 emqx_resource:simple_sync_query(
                     ResourceId,
-                    {bind, Sign}
+                    {bind, Entry#eldap_entry.object_name, Sign}
                 )
             of
                 ok ->

apps/emqx_ldap/src/emqx_ldap.erl

@@ -177,7 +177,7 @@ on_query(InstId, {query, Data, Attrs}, State) ->
     on_query(InstId, {query, Data}, [{attributes, Attrs}], State);
 on_query(InstId, {query, Data, Attrs, Timeout}, State) ->
     on_query(InstId, {query, Data}, [{attributes, Attrs}, {timeout, Timeout}], State);
-on_query(InstId, {bind, _Data} = Req, State) ->
+on_query(InstId, {bind, _DN, _Data} = Req, State) ->
     emqx_ldap_bind_worker:on_query(InstId, Req, State).
 
 on_get_status(_InstId, #{pool_name := PoolName} = _State) ->

apps/emqx_ldap/src/emqx_ldap_authn_bind.erl

@@ -95,11 +95,11 @@ authenticate(
     of
         {ok, []} ->
             ignore;
-        {ok, [_Entry | _]} ->
+        {ok, [Entry | _]} ->
             case
                 emqx_resource:simple_sync_query(
                     ResourceId,
-                    {bind, Credential}
+                    {bind, Entry#eldap_entry.object_name, Credential}
                 )
             of
                 ok ->

apps/emqx_ldap/src/emqx_ldap_bind_worker.erl

@@ -58,14 +58,12 @@ on_stop(InstId, _State) ->
 
 on_query(
     InstId,
-    {bind, Data},
+    {bind, DN, Data},
     #{
-        base_tokens := DNTks,
         bind_password := PWTks,
         bind_pool_name := PoolName
     } = State
 ) ->
-    DN = emqx_placeholder:proc_tmpl(DNTks, Data),
     Password = emqx_placeholder:proc_tmpl(PWTks, Data),
 
     LogMeta = #{connector => InstId, state => State},