aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlex Auvolat <alex@adnab.me>2020-02-09 18:36:13 +0100
committerAlex Auvolat <alex@adnab.me>2020-02-09 18:36:27 +0100
commit0402f7806a1e216f150d004d16823cbc73880fc4 (patch)
treefe8f4f7191ebeab5c12315628fc27a7b50816bcc
parentd02bd17b160ea7e4d7f17208b15b40171677bbed (diff)
downloadbottin-0402f7806a1e216f150d004d16823cbc73880fc4.tar.gz
bottin-0402f7806a1e216f150d004d16823cbc73880fc4.zip
Implement (inefficiently) search scopes
-rw-r--r--bottin.hcl.example2
-rw-r--r--read.go12
2 files changed, 13 insertions, 1 deletions
diff --git a/bottin.hcl.example b/bottin.hcl.example
index 65953cf..8fb12eb 100644
--- a/bottin.hcl.example
+++ b/bottin.hcl.example
@@ -12,7 +12,7 @@ job "directory" {
task "server" {
driver = "docker"
config {
- image = "lxpz/bottin_amd64:7"
+ image = "lxpz/bottin_amd64:8"
readonly_rootfs = true
port_map {
ldap_port = 389
diff --git a/read.go b/read.go
index ef06109..ab80d1c 100644
--- a/read.go
+++ b/read.go
@@ -97,6 +97,8 @@ func (server *Server) handleSearchInternal(state *State, w ldap.ResponseWriter,
return ldap.LDAPResultInsufficientAccessRights, fmt.Errorf("Please specify a base object on which you have read rights")
}
+ baseObjectLevel := len(strings.Split(baseObject, ","))
+
basePath, err := dnToConsul(baseObject)
if err != nil {
return ldap.LDAPResultInvalidDNSyntax, err
@@ -116,6 +118,16 @@ func (server *Server) handleSearchInternal(state *State, w ldap.ResponseWriter,
server.logger.Tracef("%#v", entries)
for dn, entry := range entries {
+ if r.Scope() == message.SearchRequestScopeBaseObject {
+ if dn != baseObject {
+ continue
+ }
+ } else if r.Scope() == message.SearchRequestSingleLevel {
+ objectLevel := len(strings.Split(dn, ","))
+ if objectLevel != baseObjectLevel + 1 {
+ continue
+ }
+ }
// Filter out if we don't match requested filter
matched, err := applyFilter(entry, r.Filter())
if err != nil {