feat(api): implement anonymous mode for LDAP connection (#3460)

* When enabled, ReaderDN and Password will not be used * Anonymous mode is set to `true` by default on fresh installations
2025-07-19 13:29:41 +02:00 · 2020-01-21 22:14:07 +00:00 · 2020-01-21 22:14:07 +00:00 · 2ba195adaa
commit 2ba195adaa
parent 9da08bc792
4 changed files with 21 additions and 9 deletions
--- a/api/ldap/ldap.go
+++ b/api/ldap/ldap.go
@ -92,9 +92,11 @@ func (*Service) AuthenticateUser(username, password string, settings *portainer.
 	}
 	defer connection.Close()

-	err = connection.Bind(settings.ReaderDN, settings.Password)
-	if err != nil {
-		return err
+	if !settings.AnonymousMode {
+		err = connection.Bind(settings.ReaderDN, settings.Password)
+		if err != nil {
+			return err
+		}
 	}

 	userDN, err := searchUser(username, connection, settings.SearchSettings)
@ -118,9 +120,11 @@ func (*Service) GetUserGroups(username string, settings *portainer.LDAPSettings)
 	}
 	defer connection.Close()

-	err = connection.Bind(settings.ReaderDN, settings.Password)
-	if err != nil {
-		return nil, err
+	if !settings.AnonymousMode {
+		err = connection.Bind(settings.ReaderDN, settings.Password)
+		if err != nil {
+			return nil, err
+		}
 	}

 	userDN, err := searchUser(username, connection, settings.SearchSettings)
@ -174,9 +178,11 @@ func (*Service) TestConnectivity(settings *portainer.LDAPSettings) error {
 	}
 	defer connection.Close()

-	err = connection.Bind(settings.ReaderDN, settings.Password)
-	if err != nil {
-		return err
+	if !settings.AnonymousMode {
+		err = connection.Bind(settings.ReaderDN, settings.Password)
+		if err != nil {
+			return err
+		}
 	}
 	return nil
 }