Allow a blank search base with a search filter set

spinnaker · Aug 13, 2019 · 14144b2 · 14144b2
1 parent a10e1af
commit 14144b2
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 11 deletions.
diff --git a/...rc/main/java/com/netflix/spinnaker/halyard/config/validate/v1/security/LdapValidator.java b/...rc/main/java/com/netflix/spinnaker/halyard/config/validate/v1/security/LdapValidator.java
@@ -46,28 +46,27 @@ public void validate(ConfigProblemSetBuilder p, Ldap ldap) {
 
     switch (UserSearchMethod.toUserSearchMethod(ldap)) {
       case DN_PATTERN: // fall through.
-      case SEARCH_AND_FILTER:
+      case SEARCH_AND_OR_FILTER:
         break;
       case UNSPECIFIED_OR_INVALID: // fall through.
       default:
         p.addProblem(
             Problem.Severity.ERROR,
             "No valid user search method defined. Please "
-                + "specify with either --user-dn-pattern OR (--user-search-base and --user-search-filter).");
+                + "specify with either --user-dn-pattern OR (--user-search-base and/or --user-search-filter).");
     }
   }
 
   enum UserSearchMethod {
     UNSPECIFIED_OR_INVALID,
     DN_PATTERN,
-    SEARCH_AND_FILTER;
+    SEARCH_AND_OR_FILTER;
 
     static UserSearchMethod toUserSearchMethod(Ldap ldap) {
       if (StringUtils.isNotEmpty(ldap.getUserDnPattern())) {
         return DN_PATTERN;
-      } else if (StringUtils.isNotEmpty(ldap.getUserSearchBase())
-          && StringUtils.isNotEmpty(ldap.getUserSearchFilter())) {
-        return SEARCH_AND_FILTER;
+      } else if (StringUtils.isNotEmpty(ldap.getUserSearchFilter())) {
+        return SEARCH_AND_OR_FILTER;
       }
       return UNSPECIFIED_OR_INVALID;
     }

diff --git a/...groovy/com/netflix/spinnaker/halyard/config/validate/v1/security/LdapValidatorSpec.groovy b/...groovy/com/netflix/spinnaker/halyard/config/validate/v1/security/LdapValidatorSpec.groovy
@@ -32,11 +32,13 @@ class LdapValidatorSpec extends Specification {
     problemSet.empty
 
     where:
-    description         | enabled | ldapUrl                     | userDnPattern  | userSearchBase | userSearchFilter | managerDn | managerPassword | groupSearchBase
-    "not enabled"       | false   | null                        | null           | null           | null             | null      | null            | null
-    "user DN pattern"   | true    | "ldaps://ldap.some.com:123" | "some pattern" | null           | null             | null      | null            | null
-    "search and filter" | true    | "ldap://ldap.some.com:123"  | null           | "sub"          | "ou=foo"         | null      | null            | null
-    "search and filter" | true    | "ldap://ldap.some.com:123"  | null           | "sub"          | "ou=foo"         | "admin"   | "secret"        | "ou=company"
+    description                | enabled | ldapUrl                             | userDnPattern  | userSearchBase | userSearchFilter | managerDn | managerPassword | groupSearchBase
+    "not enabled"              | false   | null                                | null           | null           | null             | null      | null            | null
+    "user DN pattern"          | true    | "ldaps://ldap.some.com:123"         | "some pattern" | null           | null             | null      | null            | null
+    "search and filter"        | true    | "ldap://ldap.some.com:123"          | null           | "sub"          | "ou=foo"         | null      | null            | null
+    "search and filter"        | true    | "ldap://ldap.some.com:123"          | null           | "sub"          | "ou=foo"         | "admin"   | "secret"        | "ou=company"
+    "search and root in url"   | true    | "ldap://ldap.some.com:123/root_dn"  | null           | null           | "ou=foo"         | "admin"   | "secret"        | "ou=company"
+    "search and root no mgr"   | true    | "ldap://ldap.some.com:123/root_dn"  | null           | null           | "ou=foo"         | null      | null            | "ou=company"
   }
 
   @Unroll