Merge pull request #18 from dignajar/refactor/helm-chart-and-minor-bugs-fixes

Bug Fix for "Allowed users" and Helm chart updates

Author: dignajar

chart/another-ldap-auth/Chart.yaml

@@ -2,8 +2,8 @@ apiVersion: v2
 name: another-ldap-auth
 description: A Helm chart using another-ldap-auth to enable AD or LDAP based basic-authentication for ingress resources
 type: application
-version: 0.1.0
-appVersion: 1.9.0
+version: 0.2.0
+appVersion: 2.0.1
 keywords:
   - ingress
   - nginx

chart/another-ldap-auth/README.md

@@ -1,6 +1,6 @@
 # another-ldap-auth
 
-![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.9.0](https://img.shields.io/badge/AppVersion-1.9.0-informational?style=flat-square)
+![Version: 0.2.0](https://img.shields.io/badge/Version-0.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.0.1](https://img.shields.io/badge/AppVersion-2.0.1-informational?style=flat-square)
 
 A Helm chart using another-ldap-auth to enable AD or LDAP based basic-authentication for ingress resources
 
@@ -32,7 +32,7 @@ A Helm chart using another-ldap-auth to enable AD or LDAP based basic-authentica
 | ldap.managerDnUsername | string | `"CN=john,OU=Administrators,DC=TESTMYLDAP,DC=COM"` |  |
 | ldap.searchBase | string | `"DC=TESTMYLDAP,DC=COM"` |  |
 | ldap.searchFilter | string | `"(sAMAccountName={username})"` |  |
-| ldap.serverDomain | string | `"TESTMYLDAP.COM"` |  |
+| ldap.bindDN | string | `"{username}@TESTMYLDAP.com"` |  |
 | nameOverride | string | `""` |  |
 | nodeSelector | object | `{}` |  |
 | podAnnotations | object | `{}` |  |

chart/another-ldap-auth/templates/deployment.yaml

@@ -42,14 +42,16 @@ spec:
               value: {{ .Values.ldap.httpsSupport }}
             - name: LDAP_MANAGER_DN_USERNAME
               value: {{ .Values.ldap.managerDnUsername }}
-            - name: LDAP_SERVER_DOMAIN
-              value: {{ .Values.ldap.serverDomain }}
+            - name: LDAP_BIND_DN
+              value: {{ .Values.ldap.bindDN }}
             - name: LDAP_SEARCH_BASE
               value: {{ .Values.ldap.searchBase }}
             - name: LDAP_SEARCH_FILTER
               value: {{ .Values.ldap.searchFilter }}
             - name: LOG_LEVEL
               value: {{ .Values.ldap.logLevel }}
+            - name: LOG_FORMAT
+              value: {{ .Values.ldap.logFormat }}
             - name: LDAP_MANAGER_PASSWORD
               valueFrom:
                 secretKeyRef:

chart/another-ldap-auth/values.yaml

@@ -3,7 +3,7 @@ replicaCount: 1
 image:
   repository: dignajar/another-ldap-auth
   pullPolicy: IfNotPresent
-  tag: "1.9"
+  tag: "2.0.1"
 
 imagePullSecrets: []
 nameOverride: ""
@@ -12,17 +12,17 @@ fullnameOverride: ""
 # AD config
 ldap:
   existingSecret:
-  logLevel: INFO
+  logLevel: "INFO"
+  logFormat: "TEXT"
   cacheExpiration: 10
   httpsSupport: "enabled"
   endpoint: "ldaps://testmyldap.com:636"
   managerDnUsername: "CN=john,OU=Administrators,DC=TESTMYLDAP,DC=COM"
   managerDnPassword:
-  serverDomain: "TESTMYLDAP.COM"
+  bindDN: "{username}@TESTMYLDAP.com"
   searchBase: "DC=TESTMYLDAP,DC=COM"
   searchFilter: "(sAMAccountName={username})"
 
-
 serviceAccount:
   # Specifies whether a service account should be created
   create: true

files/main.py

@@ -148,9 +148,12 @@ def login(username, password):
 		matchingUsers = LDAP_ALLOWED_USERS.split(",") # Convert string to list
 		matchingUsers = list(map(cleanMatchingUsers, matchingUsers))
 		if username in matchingUsers:
-			logs.info({'message':'Username inside the matching users list.', 'username': username, 'matchingUsers': ','.join(matchingUsers)})
+			logs.info({'message':'Username inside the allowed users list.', 'username': username, 'matchingUsers': ','.join(matchingUsers)})
 			setRegister(username, [])
 			return True
+		elif not LDAP_ALLOWED_GROUPS:
+			logs.info({'message':'Username not found inside the allowed users list.', 'username': username, 'matchingUsers': ','.join(matchingUsers)})
+			return False
 
 	# Validate user via matching groups
 	matchedGroups = []