From 359dd480921524ac5a530cf41142e2752716c723 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cl=C3=A9ment=20Michaud?= Date: Sun, 15 Mar 2020 13:10:13 +0100 Subject: [PATCH] [BUGFIX] Make users_filter configuration of LDAP backend optional. (#710) This PR aligns the situation with what is currently documented. --- internal/configuration/validator/authentication.go | 4 +--- .../configuration/validator/authentication_test.go | 14 +++++++++----- 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/internal/configuration/validator/authentication.go b/internal/configuration/validator/authentication.go index 261cf6f2..3cfc9e83 100644 --- a/internal/configuration/validator/authentication.go +++ b/internal/configuration/validator/authentication.go @@ -120,9 +120,7 @@ func validateLdapAuthenticationBackend(configuration *schema.LDAPAuthenticationB validator.Push(errors.New("Please provide a base DN to connect to the LDAP server")) } - if configuration.UsersFilter == "" { - validator.Push(errors.New("Please provide a users filter with `users_filter` attribute")) - } else { + if configuration.UsersFilter != "" { if !strings.HasPrefix(configuration.UsersFilter, "(") || !strings.HasSuffix(configuration.UsersFilter, ")") { validator.Push(errors.New("The users filter should contain enclosing parenthesis. For instance uid={0} should be (uid={0})")) } diff --git a/internal/configuration/validator/authentication_test.go b/internal/configuration/validator/authentication_test.go index 8cdf982e..b12b9769 100644 --- a/internal/configuration/validator/authentication_test.go +++ b/internal/configuration/validator/authentication_test.go @@ -207,13 +207,17 @@ func (suite *LdapAuthenticationBackendSuite) TestShouldRaiseErrorWhenBaseDNNotPr assert.EqualError(suite.T(), suite.validator.Errors()[0], "Please provide a base DN to connect to the LDAP server") } -func (suite *LdapAuthenticationBackendSuite) TestShouldRaiseOnEmptyFilterAndGroupsFilter() { - suite.configuration.Ldap.UsersFilter = "" +func (suite *LdapAuthenticationBackendSuite) TestShouldRaiseOnEmptyGroupsFilter() { suite.configuration.Ldap.GroupsFilter = "" ValidateAuthenticationBackend(&suite.configuration, suite.validator) - require.Len(suite.T(), suite.validator.Errors(), 2) - assert.EqualError(suite.T(), suite.validator.Errors()[0], "Please provide a users filter with `users_filter` attribute") - assert.EqualError(suite.T(), suite.validator.Errors()[1], "Please provide a groups filter with `groups_filter` attribute") + require.Len(suite.T(), suite.validator.Errors(), 1) + assert.EqualError(suite.T(), suite.validator.Errors()[0], "Please provide a groups filter with `groups_filter` attribute") +} + +func (suite *LdapAuthenticationBackendSuite) TestShouldAllowEmptyUsersGroupsFilter() { + suite.configuration.Ldap.UsersFilter = "" + ValidateAuthenticationBackend(&suite.configuration, suite.validator) + require.Len(suite.T(), suite.validator.Errors(), 0) } func (suite *LdapAuthenticationBackendSuite) TestShouldRaiseOnEmptyUsernameAttribute() {