From 612b2d181145597257c082aa24456112bcc2aee3 Mon Sep 17 00:00:00 2001
From: Lukas Kalbertodt <lukas.kalbertodt@gmail.com>
Date: Sat, 9 Dec 2017 11:17:06 +0100
Subject: [PATCH] Add setting `ldap.usernameField`

This determines which ldap field is used as the username on
HackMD. By default, the "id" is used as username, too. The id
is taken from the fields `uidNumber`, `uid` or
`sAMAccountName`. To give the user more flexibility, they can
now choose the field used for the username instead.
---
 README.md                  | 1 +
 config.json.example        | 1 +
 lib/config/default.js      | 1 +
 lib/config/environment.js  | 1 +
 lib/web/auth/ldap/index.js | 8 +++++++-
 5 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 4fa7ede..a79c506 100644
--- a/README.md
+++ b/README.md
@@ -170,6 +170,7 @@ There are some configs you need to change in the files below
 | HMD_LDAP_SEARCHBASE | `o=users,dc=example,dc=com` | LDAP directory to begin search from |
 | HMD_LDAP_SEARCHFILTER | `(uid={{username}})` | LDAP filter to search with |
 | HMD_LDAP_SEARCHATTRIBUTES | no example | LDAP attributes to search with |
+| HMD_LDAP_USERNAMEFIELD | `uid` | The LDAP field which is used as the username on HackMD |
 | HMD_LDAP_TLS_CA | `server-cert.pem, root.pem` | Root CA for LDAP TLS in PEM format (use comma to separate) |
 | HMD_LDAP_PROVIDERNAME | `My institution` | Optional name to be displayed at login form indicating the LDAP provider |
 | HMD_SAML_IDPSSOURL | `https://idp.example.com/sso` | authentication endpoint of IdP. for details, see [guide](docs/guides/auth.md#saml-onelogin). |
diff --git a/config.json.example b/config.json.example
index 8d23be8..401de38 100644
--- a/config.json.example
+++ b/config.json.example
@@ -71,6 +71,7 @@
             "searchBase": "change this",
             "searchFilter": "change this",
             "searchAttributes": "change this",
+            "usernameField": "change this e.g. uid"
             "tlsOptions": {
                 "changeme": "See https://nodejs.org/api/tls.html#tls_tls_connect_options_callback"
             }
diff --git a/lib/config/default.js b/lib/config/default.js
index d04485c..8d36db0 100644
--- a/lib/config/default.js
+++ b/lib/config/default.js
@@ -96,6 +96,7 @@ module.exports = {
     searchBase: undefined,
     searchFilter: undefined,
     searchAttributes: undefined,
+    usernameField: undefined,
     tlsca: undefined
   },
   saml: {
diff --git a/lib/config/environment.js b/lib/config/environment.js
index b7b0e3f..d1b2684 100644
--- a/lib/config/environment.js
+++ b/lib/config/environment.js
@@ -71,6 +71,7 @@ module.exports = {
     searchBase: process.env.HMD_LDAP_SEARCHBASE,
     searchFilter: process.env.HMD_LDAP_SEARCHFILTER,
     searchAttributes: process.env.HMD_LDAP_SEARCHATTRIBUTES,
+    usernameField: process.env.HMD_LDAP_USERNAMEFIELD,
     tlsca: process.env.HMD_LDAP_TLS_CA
   },
   saml: {
diff --git a/lib/web/auth/ldap/index.js b/lib/web/auth/ldap/index.js
index 9a63578..cc0d29a 100644
--- a/lib/web/auth/ldap/index.js
+++ b/lib/web/auth/ldap/index.js
@@ -24,9 +24,15 @@ passport.use(new LDAPStrategy({
   }
 }, function (user, done) {
   var uuid = user.uidNumber || user.uid || user.sAMAccountName
+  var username = uuid
+
+  if (config.ldap.usernameField && user[config.ldap.usernameField]) {
+    username = user[config.ldap.usernameField]
+  }
+
   var profile = {
     id: 'LDAP-' + uuid,
-    username: uuid,
+    username: username,
     displayName: user.displayName,
     emails: user.mail ? [user.mail] : [],
     avatarUrl: null,