Empty base in search fails #72
Description
Some applications use an empty or <ROOT> base in their LDAP search. GLAuth doesn't support this and stops the LDAP bind. When this happens, the glauth logs the following:
Jan 24 19:01:07 utility systemd[1]: Started GLAuth.
Jan 24 19:01:07 utility glauth[3648]: 19:01:07.996936 doConfig ▶ DEBU 001 Debugging enabled
Jan 24 19:01:07 utility glauth[3648]: 19:01:07.996982 main ▶ NOTI 002 Using config backend
Jan 24 19:01:07 utility glauth[3648]: 19:01:07.997005 startLDAPS ▶ NOTI 003 LDAPS server listening on 0.0.0.0:636
Jan 24 19:01:07 utility glauth[3648]: 19:01:07.997174 startLDAP ▶ NOTI 004 LDAP server listening on 0.0.0.0:389
Jan 24 19:01:25 utility glauth[3648]: 19:01:25.291219 Bind ▶ DEBU 005 Bind request: bindDN: cn=ldapauth,ou=users,dc=lan,dc=domain,dc=net, BaseDN: dc=lan,dc=domain,dc=net, source: 10.254.2.15:37430
Jan 24 19:01:25 utility glauth[3648]: 19:01:25.291300 Bind ▶ DEBU 006 Bind success as cn=ldapauth,ou=users,dc=lan,dc=domain,dc=net from 10.254.2.15:37430
Jan 24 19:01:25 utility glauth[3648]: 19:01:25.291818 Bind ▶ DEBU 007 Bind request: bindDN: cn=ldapauth,ou=users,dc=lan,dc=domain,dc=net, BaseDN: dc=lan,dc=domain,dc=net, source: 10.254.2.15:37430
Jan 24 19:01:25 utility glauth[3648]: 19:01:25.291871 Bind ▶ DEBU 008 Bind success as cn=ldapauth,ou=users,dc=lan,dc=domain,dc=net from 10.254.2.15:37430
Jan 24 19:01:25 utility glauth[3648]: 19:01:25.302155 Search ▶ DEBU 009 Search request as cn=ldapauth,ou=users,dc=lan,dc=domain,dc=net from 10.254.2.15:37430 for (objectClass=*)
Jan 24 19:01:25 utility glauth[3648]: 2019/01/24 19:01:25 handleSearchRequest error LDAP Result Code 50 "Insufficient Access Rights": Search Error: search BaseDN is not in our BaseDN dc=lan,dc=domain,dc=net
It proceeds to end the LDAP bind as well. Can we either:
- Support empty base DN by using the base DN in the config if it's empty
- Return 0 results but keep the bind open?