fix: npe if ldap query doesn't return attributes

We cannot assume the LDAP server will have group attributes programmed everytime. So handle it accordingly. Signed-off-by: Ramkumar Chinchani <[email protected]>
project-zot · Jan 11, 2024 · 36fb75b · 36fb75b
1 parent 2a6bf66
commit 36fb75b
Showing 1 changed file with 9 additions and 4 deletions.
diff --git a/pkg/api/ldap.go b/pkg/api/ldap.go
@@ -174,7 +174,9 @@ func (lc *LDAPClient) Authenticate(username, password string) (bool, map[string]
 
 	attributes := lc.Attributes
 	attributes = append(attributes, "dn")
-	attributes = append(attributes, lc.UserGroupAttribute)
+	if lc.UserGroupAttribute != "" {
+		attributes = append(attributes, lc.UserGroupAttribute)
+	}
 
 	searchScope := ldap.ScopeSingleLevel
 
@@ -207,7 +209,7 @@ func (lc *LDAPClient) Authenticate(username, password string) (bool, map[string]
 		return false, nil, nil, err
 	}
 
-	if len(search.Entries) > 1 {
+	if lc.UserGroupAttribute != "" && len(search.Entries) > 1 {
 		err := errors.ErrEntriesExceeded
 		lc.Log.Error().Err(err).Str("bindDN", lc.BindDN).Str("username", username).
 			Str("baseDN", lc.Base).Msg("failed to retrieve due to an excessive amount of entries")
@@ -216,8 +218,11 @@ func (lc *LDAPClient) Authenticate(username, password string) (bool, map[string]
 	}
 
 	userDN := search.Entries[0].DN
-	userAttributes := search.Entries[0].Attributes[0]
-	userGroups := userAttributes.Values
+	var userGroups []string
+	if len(search.Entries[0].Attributes) > 0 {
+		userAttributes := search.Entries[0].Attributes[0]
+		userGroups = userAttributes.Values
+	}
 	user := map[string]string{}
 
 	for _, attr := range lc.Attributes {