Skip to content

Commit

Permalink
Make settings exclusive.
Browse files Browse the repository at this point in the history
  • Loading branch information
@ainmosni @rhafer
ainmosni authored and rhafer committed Feb 28, 2023
1 parent 6dd00d6 commit 1efcdab
Showing 1 changed file with 11 additions and 13 deletions.
24 changes: 11 additions & 13 deletions pkg/utils/ldap/identity.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -155,20 +155,18 @@ func (i *Identity) Setup() error {
return fmt.Errorf("error configuring group substring filter type: %w", err)
}

dm := i.User.DisableMechanism
if dm == "" || dm == "none" || dm == "attribute" || dm == "group" {
if dm == "attribute" || dm == "group" {
if i.User.EnabledProperty == "" {
return fmt.Errorf("error configuring disable mechanism, enabled property not set")
}
switch i.User.DisableMechanism {
case "group":
if i.Group.LocalDisabledDN == "" {
return fmt.Errorf("error configuring disable mechanism, disabled group DN not set")
}
if dm == "group" {
if i.Group.LocalDisabledDN == "" {
return fmt.Errorf("error configuring disable mechanism, disabled group DN not set")
}
case "attribute":
if i.User.EnabledProperty == "" {
return fmt.Errorf("error configuring disable mechanism, enabled property not set")
}
} else {
return fmt.Errorf("invalid disable mechanism setting: %s", dm)
case "", "none":
default:
return fmt.Errorf("invalid disable mechanism setting: %s", i.User.DisableMechanism)
}

return nil
Expand Down Expand Up @@ -527,7 +525,7 @@ func (i *Identity) getUserAttributeFilter(attribute, value string) (string, erro
}

func (i *Identity) disabledFilter() string {
if i.User.DisableMechanism == "attribute" || i.User.DisableMechanism == "group" {
if i.User.DisableMechanism == "attribute" {
return fmt.Sprintf("(!(%s=FALSE)))", i.User.EnabledProperty)
}
return ""
Expand Down

0 comments on commit 1efcdab

Please sign in to comment.