This is an automated email from the ASF dual-hosted git repository.
shreemaanabhishek pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix.git
The following commit(s) were added to refs/heads/master by this push:
new ac3992f55 feat: remove rust dependency by rollback lua-resty-ldap on
master (#9936)
ac3992f55 is described below
commit ac3992f55c5e2e93f685a4295149faa6eef48284
Author: Ashish Tiwari <[email protected]>
AuthorDate: Mon Aug 21 09:09:13 2023 +0530
feat: remove rust dependency by rollback lua-resty-ldap on master (#9936)
* feat: remove rust dependency by rollback lua-resty-ldap on master
Signed-off-by: revolyssup <[email protected]>
* fix comma in rockspec
Signed-off-by: revolyssup <[email protected]>
* refactor apisix for ldap0.1
Signed-off-by: Ashish Tiwari <[email protected]>
---------
Signed-off-by: revolyssup <[email protected]>
Signed-off-by: Ashish Tiwari <[email protected]>
---
Makefile | 2 +-
apisix/plugins/ldap-auth.lua | 38 +++++++++++++++++++-------------------
rockspec/apisix-master-0.rockspec | 2 +-
3 files changed, 21 insertions(+), 21 deletions(-)
diff --git a/Makefile b/Makefile
index 52dd4b826..c6979cd6f 100644
--- a/Makefile
+++ b/Makefile
@@ -158,7 +158,7 @@ check-rust:
### deps : Installing dependencies
.PHONY: deps
-deps: check-rust runtime
+deps: runtime
$(eval ENV_LUAROCKS_VER := $(shell $(ENV_LUAROCKS) --version | grep -E
-o "luarocks [0-9]+."))
@if [ '$(ENV_LUAROCKS_VER)' = 'luarocks 3.' ]; then \
mkdir -p ~/.luarocks; \
diff --git a/apisix/plugins/ldap-auth.lua b/apisix/plugins/ldap-auth.lua
index 41156c1bf..11f205c6b 100644
--- a/apisix/plugins/ldap-auth.lua
+++ b/apisix/plugins/ldap-auth.lua
@@ -18,7 +18,7 @@ local core = require("apisix.core")
local ngx = ngx
local ngx_re = require("ngx.re")
local consumer_mod = require("apisix.consumer")
-local ok, ldap_cli = pcall(require, "resty.ldap.client")
+local ldap = require("resty.ldap")
local schema = {
type = "object",
@@ -100,11 +100,6 @@ local function extract_auth_header(authorization)
end
function _M.rewrite(conf, ctx)
- if not ok then -- ensure rasn library loaded
- core.log.error("failed to load lua-resty-ldap lib: ", ldap_cli)
- return 501
- end
-
core.log.info("plugin rewrite phase, conf: ", core.json.delay_encode(conf))
-- 1. extract authorization from header
@@ -115,31 +110,36 @@ function _M.rewrite(conf, ctx)
end
local user, err = extract_auth_header(auth_header)
- if err then
- core.log.warn(err)
+ if err or not user then
+ if err then
+ core.log.warn(err)
+ else
+ core.log.warn("nil user")
+ end
return 401, { message = "Invalid authorization in request" }
end
-- 2. try authenticate the user against the ldap server
local ldap_host, ldap_port = core.utils.parse_addr(conf.ldap_uri)
- local ldap_client = ldap_cli:new(ldap_host, ldap_port, {
+ local ldapconf = {
+ timeout = 10000,
start_tls = false,
+ ldap_host = ldap_host,
+ ldap_port = ldap_port or 389,
ldaps = conf.use_tls,
- ssl_verify = conf.tls_verify,
- socket_timeout = 10000,
- keepalive_pool_name = ldap_host .. ":" .. ldap_port .. "_ldapauth"
- .. (conf.use_tls and "_tls" or ""),
- keepalive_pool_size = 5,
- keepalive_timeout = 60000,
- })
-
- local user_dn = conf.uid .. "=" .. user.username .. "," .. conf.base_dn
- local res, err = ldap_client:simple_bind(user_dn, user.password)
+ tls_verify = conf.tls_verify,
+ base_dn = conf.base_dn,
+ attribute = conf.uid,
+ keepalive = 60000,
+ }
+ local res, err = ldap.ldap_authenticate(user.username, user.password,
ldapconf)
if not res then
core.log.warn("ldap-auth failed: ", err)
return 401, { message = "Invalid user authorization" }
end
+ local user_dn = conf.uid .. "=" .. user.username .. "," .. conf.base_dn
+
-- 3. Retrieve consumer for authorization plugin
local consumer_conf = consumer_mod.plugin(plugin_name)
if not consumer_conf then
diff --git a/rockspec/apisix-master-0.rockspec
b/rockspec/apisix-master-0.rockspec
index 577375082..00c67f7bc 100644
--- a/rockspec/apisix-master-0.rockspec
+++ b/rockspec/apisix-master-0.rockspec
@@ -77,7 +77,7 @@ dependencies = {
"xml2lua = 1.5-2",
"nanoid = 0.1-1",
"lua-resty-mediador = 0.1.2-1",
- "lua-resty-ldap = 0.2.2-0",
+ "lua-resty-ldap = 0.1.0-0",
"lua-resty-t1k = 1.1.0"
}
