Merge pull request #650 from LukasKalbertodt/ldap-username-field

Add setting `ldap.usernameField`
This commit is contained in:
Christoph (Sheogorath) Kern 2017-12-12 10:40:14 +01:00 committed by GitHub
commit 454e0f8612
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 11 additions and 1 deletions

View file

@ -170,6 +170,7 @@ There are some configs you need to change in the files below
| HMD_LDAP_SEARCHBASE | `o=users,dc=example,dc=com` | LDAP directory to begin search from | | HMD_LDAP_SEARCHBASE | `o=users,dc=example,dc=com` | LDAP directory to begin search from |
| HMD_LDAP_SEARCHFILTER | `(uid={{username}})` | LDAP filter to search with | | HMD_LDAP_SEARCHFILTER | `(uid={{username}})` | LDAP filter to search with |
| HMD_LDAP_SEARCHATTRIBUTES | `displayName, mail` | LDAP attributes to search with (use comma to separate) | | HMD_LDAP_SEARCHATTRIBUTES | `displayName, mail` | LDAP attributes to search with (use comma to separate) |
| HMD_LDAP_USERNAMEFIELD | `uid` | The LDAP field which is used as the username on HackMD |
| HMD_LDAP_TLS_CA | `server-cert.pem, root.pem` | Root CA for LDAP TLS in PEM format (use comma to separate) | | HMD_LDAP_TLS_CA | `server-cert.pem, root.pem` | Root CA for LDAP TLS in PEM format (use comma to separate) |
| HMD_LDAP_PROVIDERNAME | `My institution` | Optional name to be displayed at login form indicating the LDAP provider | | HMD_LDAP_PROVIDERNAME | `My institution` | Optional name to be displayed at login form indicating the LDAP provider |
| HMD_SAML_IDPSSOURL | `https://idp.example.com/sso` | authentication endpoint of IdP. for details, see [guide](docs/guides/auth.md#saml-onelogin). | | HMD_SAML_IDPSSOURL | `https://idp.example.com/sso` | authentication endpoint of IdP. for details, see [guide](docs/guides/auth.md#saml-onelogin). |

View file

@ -71,6 +71,7 @@
"searchBase": "change this", "searchBase": "change this",
"searchFilter": "change this", "searchFilter": "change this",
"searchAttributes": ["change this"], "searchAttributes": ["change this"],
"usernameField": "change this e.g. uid"
"tlsOptions": { "tlsOptions": {
"changeme": "See https://nodejs.org/api/tls.html#tls_tls_connect_options_callback" "changeme": "See https://nodejs.org/api/tls.html#tls_tls_connect_options_callback"
} }

View file

@ -96,6 +96,7 @@ module.exports = {
searchBase: undefined, searchBase: undefined,
searchFilter: undefined, searchFilter: undefined,
searchAttributes: undefined, searchAttributes: undefined,
usernameField: undefined,
tlsca: undefined tlsca: undefined
}, },
saml: { saml: {

View file

@ -71,6 +71,7 @@ module.exports = {
searchBase: process.env.HMD_LDAP_SEARCHBASE, searchBase: process.env.HMD_LDAP_SEARCHBASE,
searchFilter: process.env.HMD_LDAP_SEARCHFILTER, searchFilter: process.env.HMD_LDAP_SEARCHFILTER,
searchAttributes: toArrayConfig(process.env.HMD_LDAP_SEARCHATTRIBUTES), searchAttributes: toArrayConfig(process.env.HMD_LDAP_SEARCHATTRIBUTES),
usernameField: process.env.HMD_LDAP_USERNAMEFIELD,
tlsca: process.env.HMD_LDAP_TLS_CA tlsca: process.env.HMD_LDAP_TLS_CA
}, },
saml: { saml: {

View file

@ -24,9 +24,15 @@ passport.use(new LDAPStrategy({
} }
}, function (user, done) { }, function (user, done) {
var uuid = user.uidNumber || user.uid || user.sAMAccountName var uuid = user.uidNumber || user.uid || user.sAMAccountName
var username = uuid
if (config.ldap.usernameField && user[config.ldap.usernameField]) {
username = user[config.ldap.usernameField]
}
var profile = { var profile = {
id: 'LDAP-' + uuid, id: 'LDAP-' + uuid,
username: uuid, username: username,
displayName: user.displayName, displayName: user.displayName,
emails: user.mail ? [user.mail] : [], emails: user.mail ? [user.mail] : [],
avatarUrl: null, avatarUrl: null,