search

wiltonsr / ldapAuth

An open source Traefik Middleware that enables authentication via LDAP in a similar way to Traefik Enterprise
https://plugins.traefik.io/plugins/628c9eb7ffc0cd18356a979c/ldap-auth
Apache License 2.0
117 stars 10 forks source link

I can't define 'searchFilter' using the File provider #9

Closed c0rzair1 closed 2 years ago

c0rzair1 commented 2 years ago

I can't define searchFilter in dynamic configuration when using the File provider. When I set the config like:

http:
  routers:   ...
  services:  ...

  middlewares:
    my-ldapAuth:
      plugin:
        ldapAuthPlugin:
          Enabled: true
          LogLevel: DEBUG
          Url: ldap://someserver
          Port: 389
          BaseDN: DC=com
          BindDN: CN=ldapuser,OU=HUB,DC=com
          BindPassword: Pa$$w0rd
          Attribute: sAMAccountName
          SearchFilter: (&(objectClass=user)(!(objectClass=computer))({{.Attribute}}={{.Username}}))

Then when I run Traefik I get the error:

traefik    | time="2022-01-20T10:04:58Z" level=info msg="Starting provider *file.Provider {\"watch\":true,\"filename\":\"/configurations/dynamic.yml\"}"
traefik    | time="2022-01-20T10:04:58Z" level=error msg="Cannot start the provider *file.Provider: template: /configurations/dynamic.yml:45:72: executing \"/configurations/dynamic.yml\" at <.Attribute>: can't evaluate field Attribute in type bool"

As a workaround, I specified my filter as the default value of an option SearchFilter in the file ldapauth.go:

  ...
// CreateConfig creates the default plugin configuration.
func CreateConfig() *Config {
        return &Config{
                Enabled:        true,
                       ...
                SearchFilter:   "(&(objectClass=user)(!(objectClass=computer))({{.Attribute}}={{.Username}}))",
                       ...
                Username:     "",
        }
}
wiltonsr commented 2 years ago

Hi @c0rzair1

This is related to how yml and toml files are parsed. I added some examples to how correctly escape searchField in this cases and fixed plugin to handle this.

YML example:

SearchFilter: (\{\{.Attribute\}\}=\{\{.Username\}\})

TOML example:

SearchFilter = '''(\{\{.Attribute\}\}=\{\{.Username\}\})'''

The fix is in release v0.0.13.

If you are using Pilot, please wait a while to reflect this in Plugin page and adjust the version in your conf.

If still there is any problem, please let me know.

c0rzair1 commented 2 years ago

Thank you, @wiltonsr Now everything works as it should. Great job

dorianim commented 2 years ago

Hi @wiltonsr

I just wanted to mention, that this also works:

 searchFilter: ({{"{{.Attribute}}={{.Username}}"}})

Looks a bit cleaner to me :)

Regards, Dorian