diff options
author | Alex Auvolat <alex@adnab.me> | 2020-02-09 18:36:13 +0100 |
---|---|---|
committer | Alex Auvolat <alex@adnab.me> | 2020-02-09 18:36:27 +0100 |
commit | 0402f7806a1e216f150d004d16823cbc73880fc4 (patch) | |
tree | fe8f4f7191ebeab5c12315628fc27a7b50816bcc | |
parent | d02bd17b160ea7e4d7f17208b15b40171677bbed (diff) | |
download | bottin-0402f7806a1e216f150d004d16823cbc73880fc4.tar.gz bottin-0402f7806a1e216f150d004d16823cbc73880fc4.zip |
Implement (inefficiently) search scopes
-rw-r--r-- | bottin.hcl.example | 2 | ||||
-rw-r--r-- | read.go | 12 |
2 files changed, 13 insertions, 1 deletions
diff --git a/bottin.hcl.example b/bottin.hcl.example index 65953cf..8fb12eb 100644 --- a/bottin.hcl.example +++ b/bottin.hcl.example @@ -12,7 +12,7 @@ job "directory" { task "server" { driver = "docker" config { - image = "lxpz/bottin_amd64:7" + image = "lxpz/bottin_amd64:8" readonly_rootfs = true port_map { ldap_port = 389 @@ -97,6 +97,8 @@ func (server *Server) handleSearchInternal(state *State, w ldap.ResponseWriter, return ldap.LDAPResultInsufficientAccessRights, fmt.Errorf("Please specify a base object on which you have read rights") } + baseObjectLevel := len(strings.Split(baseObject, ",")) + basePath, err := dnToConsul(baseObject) if err != nil { return ldap.LDAPResultInvalidDNSyntax, err @@ -116,6 +118,16 @@ func (server *Server) handleSearchInternal(state *State, w ldap.ResponseWriter, server.logger.Tracef("%#v", entries) for dn, entry := range entries { + if r.Scope() == message.SearchRequestScopeBaseObject { + if dn != baseObject { + continue + } + } else if r.Scope() == message.SearchRequestSingleLevel { + objectLevel := len(strings.Split(dn, ",")) + if objectLevel != baseObjectLevel + 1 { + continue + } + } // Filter out if we don't match requested filter matched, err := applyFilter(entry, r.Filter()) if err != nil { |