Merge pull request #39 from ConductorOne/ggreer/anon-bind

Do unauthenticated binding if no password is supplied.
ConductorOne · May 23, 2024 · 9e98afa · 9e98afa
2 parents 6d2a511 + 283af35
commit 9e98afa
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 2 deletions.
diff --git a/cmd/baton-ldap/config.go b/cmd/baton-ldap/config.go
@@ -6,6 +6,7 @@ import (
 
 	"github.com/conductorone/baton-sdk/pkg/cli"
 	"github.com/go-ldap/ldap/v3"
+	"github.com/grpc-ecosystem/go-grpc-middleware/logging/zap/ctxzap"
 	"github.com/spf13/cobra"
 )
 
@@ -22,6 +23,8 @@ type config struct {
 
 // validateConfig is run after the configuration is loaded, and should return an error if it isn't valid.
 func validateConfig(ctx context.Context, cfg *config) error {
+	l := ctxzap.Extract(ctx)
+
 	if cfg.Domain == "" {
 		return fmt.Errorf("domain is required")
 	}
@@ -37,7 +40,7 @@ func validateConfig(ctx context.Context, cfg *config) error {
 	}
 
 	if cfg.Password == "" {
-		return fmt.Errorf("password is required")
+		l.Warn("No password supplied. Will do unauthenticated binding.")
 	}
 
 	return nil

diff --git a/pkg/ldap/client.go b/pkg/ldap/client.go
@@ -217,7 +217,13 @@ func getConnection(ctx context.Context, serverAddr string, password string, user
 		return nil, err
 	}
 
-	err = conn.Bind(userDN, password)
+	if password == "" {
+		l.Debug("Binding to LDAP server unauthenticated")
+		err = conn.UnauthenticatedBind(userDN)
+	} else {
+		l.Debug("Binding to LDAP server authenticated")
+		err = conn.Bind(userDN, password)
+	}
 	if err != nil {
 		l.Error("Failed to bind to LDAP server", zap.Error(err))
 		return nil, err