LDAP: Optional user name attribute specification

Consider following LDAP search query example: (&(objectClass=Person)(|(uid=%s)(mail=%s))) Right now on first login attempt Gogs will use the text supplied on login form as the newly created user name. In example query above the text matches against both e-mail or user name. So if user puts the e-mail then the new Gogs user name will be e-mail which may be undesired. Using optional user name attribute setting we can explicitly say we want Gogs user name to be certain LDAP attribute eg. `uid`, so even user will use e-mail to login 1st time, the new account will receive correct user name.
2025-07-22 18:28:37 +00:00 · 2015-12-01 14:49:49 +01:00
parent 7ccce4d110
commit 573305f3d3
7 changed files with 97 additions and 67 deletions
--- a/models/login.go
+++ b/models/login.go
@@ -225,16 +225,16 @@ func DeleteSource(source *LoginSource) error {
 // |_______ \/_______  /\____|__  /____|
 //         \/        \/         \/

-// LoginUserLDAPSource queries if name/passwd can login against the LDAP directory pool,
+// LoginUserLDAPSource queries if loginName/passwd can login against the LDAP directory pool,
 // and create a local user if success when enabled.
 // It returns the same LoginUserPlain semantic.
-func LoginUserLDAPSource(u *User, name, passwd string, source *LoginSource, autoRegister bool) (*User, error) {
+func LoginUserLDAPSource(u *User, loginName, passwd string, source *LoginSource, autoRegister bool) (*User, error) {
 	cfg := source.Cfg.(*LDAPConfig)
 	directBind := (source.Type == DLDAP)
-	fn, sn, mail, admin, logged := cfg.SearchEntry(name, passwd, directBind)
+	name, fn, sn, mail, admin, logged := cfg.SearchEntry(loginName, passwd, directBind)
 	if !logged {
 		// User not in LDAP, do nothing
-		return nil, ErrUserNotExist{0, name}
+		return nil, ErrUserNotExist{0, loginName}
 	}

 	if !autoRegister {
@@ -242,6 +242,9 @@ func LoginUserLDAPSource(u *User, name, passwd string, source *LoginSource, auto
 	}

 	// Fallback.
+	if len(name) == 0 {
+		name = loginName
+	}
 	if len(mail) == 0 {
 		mail = fmt.Sprintf("%s@localhost", name)
 	}
@@ -249,10 +252,10 @@ func LoginUserLDAPSource(u *User, name, passwd string, source *LoginSource, auto
 	u = &User{
 		LowerName:   strings.ToLower(name),
 		Name:        name,
-		FullName:    strings.TrimSpace(fn + " " + sn),
+		FullName:    composeFullName(fn, sn, name),
 		LoginType:   source.Type,
 		LoginSource: source.ID,
-		LoginName:   name,
+		LoginName:   loginName,
 		Email:       mail,
 		IsAdmin:     admin,
 		IsActive:    true,
@@ -260,6 +263,19 @@ func LoginUserLDAPSource(u *User, name, passwd string, source *LoginSource, auto
 	return u, CreateUser(u)
 }

+func composeFullName(firstName, surename, userName string) string {
+	switch {
+	case len(firstName) == 0 && len(surename) == 0:
+		return userName
+	case len(firstName) == 0:
+		return surename
+	case len(surename) == 0:
+		return firstName
+	default:
+		return firstName + " " + surename
+	}
+}
+
 //   _________   __________________________
 //  /   _____/  /     \__    ___/\______   \
 //  \_____  \  /  \ /  \|    |    |     ___/