WIP: Fix for SASL binds
Part of a fix for gitlab#21589.
Two separate issues are addressed here.
First, bind_as
was using the wrong parameter when deciding whether to do a SASL bind. The net/ldap library uses "method" in two different contexts: encryption[:method]
for ssl/tls/plain and auth[:method]
for sasl/simple/anonymous. The omniauth/ldap library maps @method
to encryption[:method]
and @bind_method
to auth[:method]
. This change updates bind_as
to use the correct parameter: @bind_method
.
Second, some LDAP implementations (e.g. Active Directory) pre-calculate digest hashes to avoid storing the user password in a reversible form. This requires clients to use a bind target and digest URI that match those used by the server. The original implementation used fixed values for the bind target and digest URI (:dn
and "ldap/#{@host}"
, respectively). This change updates bind_as
and sasl_bind_setup_digest_md5
to use configurable values.