diff options
author | Lukas Kalbertodt | 2017-12-09 11:17:06 +0100 |
---|---|---|
committer | Lukas Kalbertodt | 2017-12-09 12:30:48 +0100 |
commit | 612b2d181145597257c082aa24456112bcc2aee3 (patch) | |
tree | f0742d644f446c08d54e4c3ea283b0c59e8b6658 | |
parent | 1b7d621fd1bb691793550b024dde0fb41dda5a40 (diff) |
Add setting `ldap.usernameField`
This determines which ldap field is used as the username on
HackMD. By default, the "id" is used as username, too. The id
is taken from the fields `uidNumber`, `uid` or
`sAMAccountName`. To give the user more flexibility, they can
now choose the field used for the username instead.
Diffstat (limited to '')
-rw-r--r-- | README.md | 1 | ||||
-rw-r--r-- | config.json.example | 1 | ||||
-rw-r--r-- | lib/config/default.js | 1 | ||||
-rw-r--r-- | lib/config/environment.js | 1 | ||||
-rw-r--r-- | lib/web/auth/ldap/index.js | 8 |
5 files changed, 11 insertions, 1 deletions
@@ -170,6 +170,7 @@ There are some configs you need to change in the files below | HMD_LDAP_SEARCHBASE | `o=users,dc=example,dc=com` | LDAP directory to begin search from | | HMD_LDAP_SEARCHFILTER | `(uid={{username}})` | LDAP filter to search with | | HMD_LDAP_SEARCHATTRIBUTES | no example | LDAP attributes to search with | +| HMD_LDAP_USERNAMEFIELD | `uid` | The LDAP field which is used as the username on HackMD | | HMD_LDAP_TLS_CA | `server-cert.pem, root.pem` | Root CA for LDAP TLS in PEM format (use comma to separate) | | HMD_LDAP_PROVIDERNAME | `My institution` | Optional name to be displayed at login form indicating the LDAP provider | | HMD_SAML_IDPSSOURL | `https://idp.example.com/sso` | authentication endpoint of IdP. for details, see [guide](docs/guides/auth.md#saml-onelogin). | diff --git a/config.json.example b/config.json.example index 8d23be8a..401de381 100644 --- a/config.json.example +++ b/config.json.example @@ -71,6 +71,7 @@ "searchBase": "change this", "searchFilter": "change this", "searchAttributes": "change this", + "usernameField": "change this e.g. uid" "tlsOptions": { "changeme": "See https://nodejs.org/api/tls.html#tls_tls_connect_options_callback" } diff --git a/lib/config/default.js b/lib/config/default.js index d04485ce..8d36db02 100644 --- a/lib/config/default.js +++ b/lib/config/default.js @@ -96,6 +96,7 @@ module.exports = { searchBase: undefined, searchFilter: undefined, searchAttributes: undefined, + usernameField: undefined, tlsca: undefined }, saml: { diff --git a/lib/config/environment.js b/lib/config/environment.js index b7b0e3f8..d1b26843 100644 --- a/lib/config/environment.js +++ b/lib/config/environment.js @@ -71,6 +71,7 @@ module.exports = { searchBase: process.env.HMD_LDAP_SEARCHBASE, searchFilter: process.env.HMD_LDAP_SEARCHFILTER, searchAttributes: process.env.HMD_LDAP_SEARCHATTRIBUTES, + usernameField: process.env.HMD_LDAP_USERNAMEFIELD, tlsca: process.env.HMD_LDAP_TLS_CA }, saml: { diff --git a/lib/web/auth/ldap/index.js b/lib/web/auth/ldap/index.js index 9a63578a..cc0d29ad 100644 --- a/lib/web/auth/ldap/index.js +++ b/lib/web/auth/ldap/index.js @@ -24,9 +24,15 @@ passport.use(new LDAPStrategy({ } }, function (user, done) { var uuid = user.uidNumber || user.uid || user.sAMAccountName + var username = uuid + + if (config.ldap.usernameField && user[config.ldap.usernameField]) { + username = user[config.ldap.usernameField] + } + var profile = { id: 'LDAP-' + uuid, - username: uuid, + username: username, displayName: user.displayName, emails: user.mail ? [user.mail] : [], avatarUrl: null, |