update ldap lib for upndomain (#39)

go.mod

@@ -13,10 +13,10 @@ require (
 	github.com/gotestyourself/gotestyourself v2.2.0+incompatible // indirect
 	github.com/hashicorp/errwrap v1.0.0
 	github.com/hashicorp/go-cleanhttp v0.5.1
-	github.com/hashicorp/go-hclog v0.9.2
+	github.com/hashicorp/go-hclog v0.12.0
 	github.com/hashicorp/go-version v1.2.0 // indirect
 	github.com/hashicorp/vault/api v1.0.5-0.20191208020111-805a0bc9b460
-	github.com/hashicorp/vault/sdk v0.1.14-0.20191218174015-a912eb5f02e8
+	github.com/hashicorp/vault/sdk v0.1.14-0.20200214182630-348b04ecb4e1
 	github.com/jcmturner/gokrb5/v8 v8.0.0
 	github.com/lib/pq v1.2.0 // indirect
 	github.com/opencontainers/go-digest v1.0.0-rc1 // indirect

path_login.go

@@ -111,6 +111,7 @@ func (b *backend) pathLoginUpdate(ctx context.Context, req *logical.Request, d *
 	// The SPNEGOKRB5Authenticate method only calls an inner function if it's
 	// successful. Let's use it to record success, and to retrieve the caller's
 	// identity.
+	username := ""
 	authenticated := false
 	var identity goidentity.Identity
 	inner := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
@@ -128,6 +129,7 @@ func (b *backend) pathLoginUpdate(ctx context.Context, req *logical.Request, d *
 			return
 		}
 		b.Logger().Debug(fmt.Sprintf("identity: %+v", identity))
+		username = identity.UserName()
 
 		// Verify that the realm on the LDAP config is the same as the identity's
 		// realm. The UPNDomain denotes the realm on the LDAP config, and the identity
@@ -207,7 +209,7 @@ func (b *backend) pathLoginUpdate(ctx context.Context, req *logical.Request, d *
 	}
 	b.Logger().Debug("auth/ldap: User BindDN fetched", "username", identity.UserName(), "binddn", userBindDN)
 
-	userDN, err := ldapClient.GetUserDN(ldapCfg.ConfigEntry, ldapConnection, userBindDN)
+	userDN, err := ldapClient.GetUserDN(ldapCfg.ConfigEntry, ldapConnection, userBindDN, username)
 	if err != nil {
 		return nil, errwrap.Wrapf("unable to get user dn: {{err}}", err)
 	}