Fix unauth bind issues due to lib update (hashicorp#3293)

benjarrell · Sep 7, 2017 · 6f5619b · 6f5619b
1 parent 4f3dfb2
commit 6f5619b
Showing 1 changed file with 13 additions and 2 deletions.
diff --git a/builtin/credential/ldap/backend.go b/builtin/credential/ldap/backend.go
@@ -123,7 +123,12 @@ func (b *backend) Login(req *logical.Request, username string, password string)
 	}
 
 	// Try to bind as the login user. This is where the actual authentication takes place.
-	if err = c.Bind(userBindDN, password); err != nil {
+	if len(password) > 0 {
+		err = c.Bind(userBindDN, password)
+	} else {
+		err = c.UnauthenticatedBind(userBindDN)
+	}
+	if err != nil {
 		return nil, logical.ErrorResponse(fmt.Sprintf("LDAP bind failed: %v", err)), nil
 	}
 
@@ -237,7 +242,13 @@ func (b *backend) getCN(dn string) string {
 func (b *backend) getUserBindDN(cfg *ConfigEntry, c *ldap.Conn, username string) (string, error) {
 	bindDN := ""
 	if cfg.DiscoverDN || (cfg.BindDN != "" && cfg.BindPassword != "") {
-		if err := c.Bind(cfg.BindDN, cfg.BindPassword); err != nil {
+		var err error
+		if cfg.BindPassword != "" {
+			err = c.Bind(cfg.BindDN, cfg.BindPassword)
+		} else {
+			err = c.UnauthenticatedBind(cfg.BindDN)
+		}
+		if err != nil {
 			return bindDN, fmt.Errorf("LDAP bind (service) failed: %v", err)
 		}