Basic Auth now supports LDAP username and password (#6940)

2025-07-30 14:52:46 +08:00 · 2016-12-13 00:15:52 -08:00
parent 0841e841f5
commit 5777f65d05
2 changed files with 6 additions and 4 deletions
--- a/docs/sources/http_api/auth.md
+++ b/docs/sources/http_api/auth.md
@ -18,7 +18,7 @@ Currently you can authenticate via an `API Token` or via a `Session cookie` (acq
 ## Basic Auth
 If basic auth is enabled (it is enabled by default) you can authenticate your HTTP request via
-standard basic auth.
+standard basic auth. Basic auth will also authenticate LDAP users.
 curl example:
 ```
--- a/pkg/middleware/middleware.go
+++ b/pkg/middleware/middleware.go
@ -9,6 +9,7 @@ import (
 	"github.com/grafana/grafana/pkg/bus"
 	"github.com/grafana/grafana/pkg/components/apikeygen"
 	"github.com/grafana/grafana/pkg/log"
 	l "github.com/grafana/grafana/pkg/login"
 	"github.com/grafana/grafana/pkg/metrics"
 	m "github.com/grafana/grafana/pkg/models"
 	"github.com/grafana/grafana/pkg/setting"
@ -137,6 +138,7 @@ func initContextWithApiKey(ctx *Context) bool {
 }
 func initContextWithBasicAuth(ctx *Context) bool {
 	if !setting.BasicAuthEnabled {
 		return false
 	}
@ -160,9 +162,9 @@ func initContextWithBasicAuth(ctx *Context) bool {
 	user := loginQuery.Result
-	// validate password
+	loginUserQuery := l.LoginUserQuery{Username: username, Password: password, User: user}
-	if util.EncodePassword(password, user.Salt) != user.Password {
+	if err := bus.Dispatch(&loginUserQuery); err != nil {
-		ctx.JsonApiErr(401, "Invalid username or password", nil)
+		ctx.JsonApiErr(401, "Invalid username or password", err)
 		return true
 	}