From d6ee10d17645bed82ad39276fb4c26705edbacf9 Mon Sep 17 00:00:00 2001 From: Dustin Frisch Date: Thu, 1 Mar 2018 23:51:47 +0100 Subject: Introduce ldap.useridField Signed-off-by: Dustin Frisch --- README.md | 3 ++- config.json.example | 3 ++- lib/config/default.js | 1 + lib/config/environment.js | 1 + lib/web/auth/ldap/index.js | 5 ++++- 5 files changed, 10 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index fb4e2223..3b91a1b6 100644 --- a/README.md +++ b/README.md @@ -175,7 +175,8 @@ There are some config settings you need to change in the files below. | `HMD_LDAP_SEARCHBASE` | `o=users,dc=example,dc=com` | LDAP directory to begin search from | | `HMD_LDAP_SEARCHFILTER` | `(uid={{username}})` | LDAP filter to search with | | `HMD_LDAP_SEARCHATTRIBUTES` | `displayName, mail` | LDAP attributes to search with (use comma to separate) | -| `HMD_LDAP_USERNAMEFIELD` | `uid` | The LDAP field which is used as the username on HackMD | +| `HMD_LDAP_USERIDFIELD` | `uidNumber` or `uid` or `sAMAccountName` | The LDAP field which is used uniquely identify a user on HackMD | +| `HMD_LDAP_USERNAMEFIELD` | Fallback to userid | The LDAP field which is used as the username on HackMD | | `HMD_LDAP_TLS_CA` | `server-cert.pem, root.pem` | Root CA for LDAP TLS in PEM format (use comma to separate) | | `HMD_LDAP_PROVIDERNAME` | `My institution` | Optional name to be displayed at login form indicating the LDAP provider | | `HMD_SAML_IDPSSOURL` | `https://idp.example.com/sso` | authentication endpoint of IdP. for details, see [guide](docs/guides/auth.md#saml-onelogin). | diff --git a/config.json.example b/config.json.example index 66a0227c..2f5c232a 100644 --- a/config.json.example +++ b/config.json.example @@ -78,7 +78,8 @@ "searchBase": "change this", "searchFilter": "change this", "searchAttributes": ["change this"], - "usernameField": "change this e.g. uid", + "usernameField": "change this e.g. cn", + "useridField": "change this e.g. uid", "tlsOptions": { "changeme": "See https://nodejs.org/api/tls.html#tls_tls_connect_options_callback" } diff --git a/lib/config/default.js b/lib/config/default.js index 38dc21a4..5c5ebf31 100644 --- a/lib/config/default.js +++ b/lib/config/default.js @@ -115,6 +115,7 @@ module.exports = { searchFilter: undefined, searchAttributes: undefined, usernameField: undefined, + useridField: undefined, tlsca: undefined }, saml: { diff --git a/lib/config/environment.js b/lib/config/environment.js index 640f9e07..754f97d1 100644 --- a/lib/config/environment.js +++ b/lib/config/environment.js @@ -84,6 +84,7 @@ module.exports = { searchFilter: process.env.HMD_LDAP_SEARCHFILTER, searchAttributes: toArrayConfig(process.env.HMD_LDAP_SEARCHATTRIBUTES), usernameField: process.env.HMD_LDAP_USERNAMEFIELD, + useridField: process.env.HMD_LDAP_USERIDFIELD, tlsca: process.env.HMD_LDAP_TLS_CA }, saml: { diff --git a/lib/web/auth/ldap/index.js b/lib/web/auth/ldap/index.js index cc0d29ad..c6746473 100644 --- a/lib/web/auth/ldap/index.js +++ b/lib/web/auth/ldap/index.js @@ -24,8 +24,11 @@ passport.use(new LDAPStrategy({ } }, function (user, done) { var uuid = user.uidNumber || user.uid || user.sAMAccountName - var username = uuid + if (config.ldap.useridField && user[config.ldap.useridField]) { + uuid = user[config.ldap.useridField] + } + var username = uuid if (config.ldap.usernameField && user[config.ldap.usernameField]) { username = user[config.ldap.usernameField] } -- cgit v1.2.3