Get username, name, surname and e-mail from LDAP server

conf/locale/locale_en-US.ini

@@ -592,7 +592,10 @@ auths.domain = Domain
 auths.host = Host
 auths.port = Port
 auths.base_dn = Base DN
-auths.attributes = Search Attributes
+auths.attribute_username = Username attribute
+auths.attribute_name = First name attribute
+auths.attribute_surname = Surname attribute
+auths.attribute_mail = E-mail attribute
 auths.filter = Search Filter
 auths.ms_ad_sa = Ms Ad SA
 auths.smtp_auth = SMTP Authorization Type

models/login.go

@@ -231,7 +231,7 @@ func UserSignIn(uname, passwd string) (*User, error) {
 // Return the same LoginUserPlain semantic
 // FIXME: https://github.com/gogits/gogs/issues/672
 func LoginUserLdapSource(u *User, name, passwd string, sourceId int64, cfg *LDAPConfig, autoRegister bool) (*User, error) {
-	mail, logged := cfg.Ldapsource.SearchEntry(name, passwd)
+	name, fn, sn, mail, logged := cfg.Ldapsource.SearchEntry(name, passwd)
 	if !logged {
 		// User not in LDAP, do nothing
 		return nil, ErrUserNotExist
@@ -247,6 +247,7 @@ func LoginUserLdapSource(u *User, name, passwd string, sourceId int64, cfg *LDAP
 
 	u = &User{
 		Name:        name,
+		FullName:    fn + " " + sn,
 		LoginType:   LDAP,
 		LoginSource: sourceId,
 		LoginName:   name,

modules/auth/auth_form.go

@@ -18,7 +18,10 @@ type AuthenticationForm struct {
 	Port              int    `form:"port"`
 	UseSSL            bool   `form:"usessl"`
 	BaseDN            string `form:"base_dn"`
-	Attributes        string `form:"attributes"`
+	AttributeUsername string `form:"attribute_username"`
+	AttributeName     string `form:"attribute_name"`
+	AttributeSurname  string `form:"attribute_surname"`
+	AttributeMail     string `form:"attribute_mail"`
 	Filter            string `form:"filter"`
 	MsAdSA            string `form:"ms_ad_sa"`
 	IsActived         bool   `form:"is_actived"`

modules/auth/ldap/ldap.go

@@ -15,15 +15,18 @@ import (
 
 // Basic LDAP authentication service
 type Ldapsource struct {
-	Name         string // canonical name (ie. corporate.ad)
-	Host         string // LDAP host
-	Port         int    // port number
-	UseSSL       bool   // Use SSL
-	BaseDN       string // Base DN
-	Attributes   string // Attribute to search
-	Filter       string // Query filter to validate entry
-	MsAdSAFormat string // in the case of MS AD Simple Authen, the format to use (see: http://msdn.microsoft.com/en-us/library/cc223499.aspx)
-	Enabled      bool   // if this source is disabled
+	Name              string // canonical name (ie. corporate.ad)
+	Host              string // LDAP host
+	Port              int    // port number
+	UseSSL            bool   // Use SSL
+	BaseDN            string // Base DN
+	AttributeUsername string // Username attribute
+	AttributeName     string // First name attribute
+	AttributeSurname  string // Surname attribute
+	AttributeMail     string // E-mail attribute
+	Filter            string // Query filter to validate entry
+	MsAdSAFormat      string // in the case of MS AD Simple Authen, the format to use (see: http://msdn.microsoft.com/en-us/library/cc223499.aspx)
+	Enabled           bool   // if this source is disabled
 }
 
 //Global LDAP directory pool
@@ -32,18 +35,18 @@ var (
 )
 
 // Add a new source (LDAP directory) to the global pool
-func AddSource(name string, host string, port int, usessl bool, basedn string, attributes string, filter string, msadsaformat string) {
-	ldaphost := Ldapsource{name, host, port, usessl, basedn, attributes, filter, msadsaformat, true}
+func AddSource(name string, host string, port int, usessl bool, basedn string, attribcn string, attribname string, attribsn string, attribmail string, filter string, msadsaformat string) {
+	ldaphost := Ldapsource{name, host, port, usessl, basedn, attribcn, attribname, attribsn, attribmail, filter, msadsaformat, true}
 	Authensource = append(Authensource, ldaphost)
 }
 
 //LoginUser : try to login an user to LDAP sources, return requested (attribute,true) if ok, ("",false) other wise
 //First match wins
 //Returns first attribute if exists
-func LoginUser(name, passwd string) (a string, r bool) {
+func LoginUser(name, passwd string) (cn, fn, sn, mail string, r bool) {
 	r = false
 	for _, ls := range Authensource {
-		a, r = ls.SearchEntry(name, passwd)
+		cn, fn, sn, mail, r = ls.SearchEntry(name, passwd)
 		if r {
 			return
 		}
@@ -52,12 +55,12 @@ func LoginUser(name, passwd string) (a string, r bool) {
 }
 
 // searchEntry : search an LDAP source if an entry (name, passwd) is valide and in the specific filter
-func (ls Ldapsource) SearchEntry(name, passwd string) (string, bool) {
+func (ls Ldapsource) SearchEntry(name, passwd string) (string, string, string, string, bool) {
 	l, err := ldapDial(ls)
 	if err != nil {
 		log.Error(4, "LDAP Connect error, %s:%v", ls.Host, err)
 		ls.Enabled = false
-		return "", false
+		return "", "", "", "", false
 	}
 	defer l.Close()
 
@@ -65,26 +68,29 @@ func (ls Ldapsource) SearchEntry(name, passwd string) (string, bool) {
 	err = l.Bind(nx, passwd)
 	if err != nil {
 		log.Debug("LDAP Authan failed for %s, reason: %s", nx, err.Error())
-		return "", false
+		return "", "", "", "", false
 	}
 
 	search := ldap.NewSearchRequest(
 		ls.BaseDN,
 		ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
 		fmt.Sprintf(ls.Filter, name),
-		[]string{ls.Attributes},
+		[]string{ls.AttributeUsername, ls.AttributeName, ls.AttributeSurname, ls.AttributeMail},
 		nil)
 	sr, err := l.Search(search)
 	if err != nil {
 		log.Debug("LDAP Authen OK but not in filter %s", name)
-		return "", false
+		return "", "", "", "", false
 	}
 	log.Debug("LDAP Authen OK: %s", name)
 	if len(sr.Entries) > 0 {
-		r := sr.Entries[0].GetAttributeValue(ls.Attributes)
-		return r, true
+		cn := sr.Entries[0].GetAttributeValue(ls.AttributeUsername)
+		name := sr.Entries[0].GetAttributeValue(ls.AttributeName)
+		sn := sr.Entries[0].GetAttributeValue(ls.AttributeSurname)
+		mail := sr.Entries[0].GetAttributeValue(ls.AttributeMail)
+		return cn, name, sn, mail, true
 	}
-	return "", true
+	return "", "", "", "", true
 }
 
 func ldapDial(ls Ldapsource) (*ldap.Conn, error) {

routers/admin/auths.go

@@ -63,15 +63,18 @@ func NewAuthSourcePost(ctx *middleware.Context, form auth.AuthenticationForm) {
 	case models.LDAP:
 		u = &models.LDAPConfig{
 			Ldapsource: ldap.Ldapsource{
-				Host:         form.Host,
-				Port:         form.Port,
-				UseSSL:       form.UseSSL,
-				BaseDN:       form.BaseDN,
-				Attributes:   form.Attributes,
-				Filter:       form.Filter,
-				MsAdSAFormat: form.MsAdSA,
-				Enabled:      true,
-				Name:         form.AuthName,
+				Host:              form.Host,
+				Port:              form.Port,
+				UseSSL:            form.UseSSL,
+				BaseDN:            form.BaseDN,
+				AttributeUsername: form.AttributeUsername,
+				AttributeName:     form.AttributeName,
+				AttributeSurname:  form.AttributeSurname,
+				AttributeMail:     form.AttributeMail,
+				Filter:            form.Filter,
+				MsAdSAFormat:      form.MsAdSA,
+				Enabled:           true,
+				Name:              form.AuthName,
 			},
 		}
 	case models.SMTP:
@@ -142,15 +145,18 @@ func EditAuthSourcePost(ctx *middleware.Context, form auth.AuthenticationForm) {
 	case models.LDAP:
 		config = &models.LDAPConfig{
 			Ldapsource: ldap.Ldapsource{
-				Host:         form.Host,
-				Port:         form.Port,
-				UseSSL:       form.UseSSL,
-				BaseDN:       form.BaseDN,
-				Attributes:   form.Attributes,
-				Filter:       form.Filter,
-				MsAdSAFormat: form.MsAdSA,
-				Enabled:      true,
-				Name:         form.AuthName,
+				Host:              form.Host,
+				Port:              form.Port,
+				UseSSL:            form.UseSSL,
+				BaseDN:            form.BaseDN,
+				AttributeUsername: form.AttributeUsername,
+				AttributeName:     form.AttributeName,
+				AttributeSurname:  form.AttributeSurname,
+				AttributeMail:     form.AttributeMail,
+				Filter:            form.Filter,
+				MsAdSAFormat:      form.MsAdSA,
+				Enabled:           true,
+				Name:              form.AuthName,
 			},
 		}
 	case models.SMTP:

templates/admin/auth/edit.tmpl

@@ -48,8 +48,20 @@
                                     <input class="ipt ipt-large ipt-radius {{if .Err_BaseDN}}ipt-error{{end}}" id="base_dn" name="base_dn" value="{{.Source.LDAP.BaseDN}}" />
                                 </div>
                                 <div class="field">
-                                    <label class="req" for="attributes">{{.i18n.Tr "admin.auths.attributes"}}</label>
-                                    <input class="ipt ipt-large ipt-radius {{if .Err_Attributes}}ipt-error{{end}}" id="attributes" name="attributes" value="{{.Source.LDAP.Attributes}}" />
+                                    <label class="req" for="attribute_username">{{.i18n.Tr "admin.auths.attribute_username"}}</label>
+                                    <input class="ipt ipt-large ipt-radius {{if .Err_Attributes}}ipt-error{{end}}" id="attribute_username" name="attribute_username" value="{{.Source.LDAP.AttributeUsername}}" />
+                                </div>
+                                <div class="field">
+                                    <label class="req" for="attribute_name">{{.i18n.Tr "admin.auths.attribute_name"}}</label>
+                                    <input class="ipt ipt-large ipt-radius {{if .Err_Attributes}}ipt-error{{end}}" id="attribute_name" name="attribute_name" value="{{.Source.LDAP.AttributeName}}" />
+                                </div>
+                                <div class="field">
+                                    <label class="req" for="attribute_surname">{{.i18n.Tr "admin.auths.attribute_surname"}}</label>
+                                    <input class="ipt ipt-large ipt-radius {{if .Err_Attributes}}ipt-error{{end}}" id="attribute_surname" name="attribute_surname" value="{{.Source.LDAP.AttributeSurname}}" />
+                                </div>
+                                <div class="field">
+                                    <label class="req" for="attribute_mail">{{.i18n.Tr "admin.auths.attribute_mail"}}</label>
+                                    <input class="ipt ipt-large ipt-radius {{if .Err_Attributes}}ipt-error{{end}}" id="attribute_mail" name="attribute_mail" value="{{.Source.LDAP.AttributeMail}}" />
                                 </div>
                                 <div class="field">
                                     <label class="req" for="filter">{{.i18n.Tr "admin.auths.filter"}}</label>