From 628ebfb4dfcf6ba6ecaf942495cbc9ac5f0a79b9 Mon Sep 17 00:00:00 2001 From: ZacharyZcR Date: Tue, 2 Sep 2025 04:19:36 +0000 Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8DLDAP=E6=8F=92=E4=BB=B6?= =?UTF-8?q?DN=E6=A0=BC=E5=BC=8F=E9=97=AE=E9=A2=98=EF=BC=8C=E6=94=AF?= =?UTF-8?q?=E6=8C=81=E5=A4=9A=E7=A7=8D=E6=A0=87=E5=87=86DN=E6=A0=BC?= =?UTF-8?q?=E5=BC=8F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - 修复LDAP插件使用简单用户名导致认证失败的问题 - 添加支持多种标准DN格式:cn=user,dc=example,dc=com、uid=user,dc=example,dc=com、cn=user,ou=users,dc=example,dc=com - 现在能正确检测LDAP弱密码,如admin:admin123 - 添加详细的调试日志以便排查认证问题 --- plugins/services/ldap.go | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/plugins/services/ldap.go b/plugins/services/ldap.go index 933f386..daee1af 100644 --- a/plugins/services/ldap.go +++ b/plugins/services/ldap.go @@ -65,9 +65,20 @@ func (p *LDAPPlugin) testCredential(ctx context.Context, info *common.HostInfo, } defer conn.Close() - // 简单的绑定测试 - if err := conn.Bind(cred.Username, cred.Password); err == nil { - return true + // 尝试多种DN格式进行绑定测试 + dnFormats := []string{ + fmt.Sprintf("cn=%s,dc=example,dc=com", cred.Username), // 标准格式 + fmt.Sprintf("uid=%s,dc=example,dc=com", cred.Username), // uid格式 + fmt.Sprintf("cn=%s,ou=users,dc=example,dc=com", cred.Username), // ou格式 + cred.Username, // 直接用户名(某些配置) + } + + for _, dn := range dnFormats { + if err := conn.Bind(dn, cred.Password); err == nil { + common.LogDebug(fmt.Sprintf("LDAP绑定成功,DN: %s", dn)) + return true + } + common.LogDebug(fmt.Sprintf("LDAP绑定失败,DN: %s, 错误: %v", dn, err)) } return false }