@@ -375,7 +375,9 @@ def parse_config(config) -> "_LdapConfig":
375375
376376 ldap_config = _LdapConfig (
377377 enabled = config .get ("enabled" , False ),
378- mode = LDAPMode .SIMPLE ,
378+ mode = LDAPMode .SEARCH
379+ if config .get ("mode" , "simple" ) == "search"
380+ else LDAPMode .SIMPLE ,
379381 uri = config ["uri" ],
380382 start_tls = config .get ("start_tls" , False ),
381383 tls_options = config .get ("tls_options" ),
@@ -403,6 +405,8 @@ def parse_config(config) -> "_LdapConfig":
403405 raise ValueError (
404406 "Either bind_password or bind_password_file must be set!"
405407 )
408+
409+ if ldap_config .mode == LDAPMode .SEARCH :
406410 ldap_config .filter = config .get ("filter" , None )
407411
408412 # verify attribute lookup
@@ -461,13 +465,16 @@ async def _fetch_root_domain(self) -> str:
461465 server = self ._get_server (get_info = ldap3 .DSA )
462466
463467 if self .ldap_bind_dn is None or self .ldap_bind_password is None :
464- raise ValueError ("Missing bind DN or bind password" )
465-
466- result , conn = await self ._ldap_simple_bind (
467- server = server ,
468- bind_dn = self .ldap_bind_dn ,
469- password = self .ldap_bind_password ,
470- )
468+ result , conn = await self ._ldap_simple_bind (
469+ server = server ,
470+ auth_type = ldap3 .ANONYMOUS ,
471+ )
472+ else :
473+ result , conn = await self ._ldap_simple_bind (
474+ server = server ,
475+ bind_dn = self .ldap_bind_dn ,
476+ password = self .ldap_bind_password ,
477+ )
471478
472479 if not result :
473480 logger .warning ("Unable to get root domain due to failed LDAP bind" )
@@ -503,7 +510,11 @@ async def _fetch_root_domain(self) -> str:
503510 return self .ldap_root_domain
504511
505512 async def _ldap_simple_bind (
506- self , server : ldap3 .ServerPool , bind_dn : str , password : str
513+ self ,
514+ server : ldap3 .ServerPool ,
515+ bind_dn : Optional [str ] = None ,
516+ password : Optional [str ] = None ,
517+ auth_type : str = ldap3 .SIMPLE ,
507518 ) -> Tuple [bool , Optional [ldap3 .Connection ]]:
508519 """Attempt a simple bind with the credentials given by the user against
509520 the LDAP server.
@@ -513,6 +524,8 @@ async def _ldap_simple_bind(
513524 Returns False, None
514525 if an error occured
515526 """
527+ if (bind_dn is None or password is None ) and auth_type == ldap3 .SIMPLE :
528+ raise ValueError ("Missing bind DN or bind password" )
516529
517530 try :
518531 # bind with the the local user's ldap credentials
@@ -521,7 +534,7 @@ async def _ldap_simple_bind(
521534 server ,
522535 bind_dn ,
523536 password ,
524- authentication = ldap3 . SIMPLE ,
537+ authentication = auth_type ,
525538 read_only = True ,
526539 )
527540 logger .debug ("Established LDAP connection in simple bind mode: %s" , conn )
@@ -578,13 +591,16 @@ async def _ldap_authenticated_search(
578591
579592 try :
580593 if self .ldap_bind_dn is None or self .ldap_bind_password is None :
581- raise ValueError ("Missing bind DN or bind password" )
582-
583- result , conn = await self ._ldap_simple_bind (
584- server = server ,
585- bind_dn = self .ldap_bind_dn ,
586- password = self .ldap_bind_password ,
587- )
594+ result , conn = await self ._ldap_simple_bind (
595+ server = server ,
596+ auth_type = ldap3 .ANONYMOUS ,
597+ )
598+ else :
599+ result , conn = await self ._ldap_simple_bind (
600+ server = server ,
601+ bind_dn = self .ldap_bind_dn ,
602+ password = self .ldap_bind_password ,
603+ )
588604
589605 if not result :
590606 return (False , None , None )
0 commit comments