diff --git a/deps/rabbitmq_auth_backend_ldap/Makefile b/deps/rabbitmq_auth_backend_ldap/Makefile index 3b613c1d3b..38c10b9502 100644 --- a/deps/rabbitmq_auth_backend_ldap/Makefile +++ b/deps/rabbitmq_auth_backend_ldap/Makefile @@ -5,6 +5,7 @@ PROJECT_MOD = rabbit_auth_backend_ldap_app define PROJECT_ENV [ {servers, undefined}, + {user_bind_pattern, none}, {user_dn_pattern, "$${username}"}, {dn_lookup_attribute, none}, {dn_lookup_base, none}, diff --git a/deps/rabbitmq_auth_backend_ldap/src/rabbit_auth_backend_ldap.erl b/deps/rabbitmq_auth_backend_ldap/src/rabbit_auth_backend_ldap.erl index 737235bb85..5b6adb1fd8 100644 --- a/deps/rabbitmq_auth_backend_ldap/src/rabbit_auth_backend_ldap.erl +++ b/deps/rabbitmq_auth_backend_ldap/src/rabbit_auth_backend_ldap.erl @@ -79,7 +79,7 @@ user_login_authentication(Username, AuthProps) when is_list(AuthProps) -> prebind -> UserDN = username_to_dn_prebind(Username), with_ldap({ok, {UserDN, PW}}, login_fun(Username, UserDN, PW, AuthProps)); - _ -> with_ldap({ok, {fill_user_dn_pattern(Username), PW}}, + _ -> with_ldap({ok, {simple_bind_fill_pattern(Username), PW}}, login_fun(Username, unknown, PW, AuthProps)) end, ?L("DECISION: login for ~s: ~p", [Username, log_result(R)]), @@ -759,6 +759,15 @@ fill_user_dn_pattern(Username) -> ADArgs = rabbit_auth_backend_ldap_util:get_active_directory_args(Username), fill(env(user_dn_pattern), [{username, Username}] ++ ADArgs). +simple_bind_fill_pattern(Username) -> + simple_bind_fill_pattern(env(user_bind_pattern), Username). + +simple_bind_fill_pattern(none, Username) -> + fill_user_dn_pattern(Username); +simple_bind_fill_pattern(Pattern, Username) -> + ADArgs = rabbit_auth_backend_ldap_util:get_active_directory_args(Username), + fill(Pattern, [{username, Username}] ++ ADArgs). + creds(User) -> creds(User, env(other_bind)). creds(none, as_user) ->