How to reject unauthenticated requests

[bigeagle]

Hi there,

I'm very exicited to see this library.

However, after reading the source code, I found that there's no interfaces to determine whether a connection is set as authenticated state. This results that unathenticated requests can directly bypass the auth phase.

Maybe the client can have a state for authentication, and can be set as sth like authRequired.

Cheers,
Justin

[bigeagle]

Hi there,

I've tested and verified this. Let's take an example.

Run the example complex server:

cd examples/complex
go run main.go

Run a python script:

#!/usr/bin/env python2.7
import ldap
ld = ldap.initialize("ldap://localhost:10389/")
ld.set_option(ldap.VERSION3, 1)
print(ld.search_s("aaa", ldap.SCOPE_SUBTREE, "cn=*"))

The correct result directly returned. If possible, I can send a PR to implement this.

Cheers,

[vjeantet]

Hello @bigeagle PR welcomed !

It could ne implemented as a middleware, like what we have for httpserver ?

[bigeagle]

Middleware is good, we can use middleware to implement ACLs.

[kolleroot]

Are there any updates on this toppic? I realy would like to use this feature.