Commit aff47d2c authored by Eric Chiang's avatar Eric Chiang

Merge pull request #317 from fnordahl/connector_ldap_make_const_defaults

connector_ldap: Make constants for default values, simplify logic
parents dc9e5965 bedd4716
...@@ -76,6 +76,12 @@ func (cfg *LDAPConnectorConfig) Connector(ns url.URL, lf oidc.LoginFunc, tpls *t ...@@ -76,6 +76,12 @@ func (cfg *LDAPConnectorConfig) Connector(ns url.URL, lf oidc.LoginFunc, tpls *t
return nil, fmt.Errorf("unable to find necessary HTML template") return nil, fmt.Errorf("unable to find necessary HTML template")
} }
// defaults
const defaultNameAttribute = "cn"
const defaultEmailAttribute = "mail"
const defaultBindTemplate = "uid=%u,%b"
const defaultSearchScope = ldap.ScopeWholeSubtree
if cfg.UseTLS && cfg.UseSSL { if cfg.UseTLS && cfg.UseSSL {
return nil, fmt.Errorf("Invalid configuration. useTLS and useSSL are mutual exclusive.") return nil, fmt.Errorf("Invalid configuration. useTLS and useSSL are mutual exclusive.")
} }
...@@ -84,29 +90,25 @@ func (cfg *LDAPConnectorConfig) Connector(ns url.URL, lf oidc.LoginFunc, tpls *t ...@@ -84,29 +90,25 @@ func (cfg *LDAPConnectorConfig) Connector(ns url.URL, lf oidc.LoginFunc, tpls *t
return nil, fmt.Errorf("Invalid configuration. Both certFile and keyFile must be specified.") return nil, fmt.Errorf("Invalid configuration. Both certFile and keyFile must be specified.")
} }
var nameAttribute, emailAttribute, bindTemplate string nameAttribute := defaultNameAttribute
if len(cfg.NameAttribute) > 0 { if len(cfg.NameAttribute) > 0 {
nameAttribute = cfg.NameAttribute nameAttribute = cfg.NameAttribute
} else {
nameAttribute = "cn"
} }
emailAttribute := defaultEmailAttribute
if len(cfg.EmailAttribute) > 0 { if len(cfg.EmailAttribute) > 0 {
emailAttribute = cfg.EmailAttribute emailAttribute = cfg.EmailAttribute
} else {
emailAttribute = "mail"
} }
bindTemplate := defaultBindTemplate
if len(cfg.BindTemplate) > 0 { if len(cfg.BindTemplate) > 0 {
if cfg.SearchBeforeAuth { if cfg.SearchBeforeAuth {
log.Warningf("bindTemplate not used when searchBeforeAuth specified.") log.Warningf("bindTemplate not used when searchBeforeAuth specified.")
} }
bindTemplate = cfg.BindTemplate bindTemplate = cfg.BindTemplate
} else {
bindTemplate = "uid=%u,%b"
} }
var searchScope int searchScope := defaultSearchScope
if len(cfg.SearchScope) > 0 { if len(cfg.SearchScope) > 0 {
switch { switch {
case strings.EqualFold(cfg.SearchScope, "BASE"): case strings.EqualFold(cfg.SearchScope, "BASE"):
...@@ -118,8 +120,6 @@ func (cfg *LDAPConnectorConfig) Connector(ns url.URL, lf oidc.LoginFunc, tpls *t ...@@ -118,8 +120,6 @@ func (cfg *LDAPConnectorConfig) Connector(ns url.URL, lf oidc.LoginFunc, tpls *t
default: default:
return nil, fmt.Errorf("Invalid value for searchScope: '%v'. Must be one of 'base', 'one' or 'sub'.", cfg.SearchScope) return nil, fmt.Errorf("Invalid value for searchScope: '%v'. Must be one of 'base', 'one' or 'sub'.", cfg.SearchScope)
} }
} else {
searchScope = ldap.ScopeSingleLevel
} }
if cfg.Timeout != 0 { if cfg.Timeout != 0 {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment