From 02e99277146d8bd912f2f19af1d3e94a6181d90d Mon Sep 17 00:00:00 2001 From: alecdwm Date: Tue, 13 Dec 2016 22:31:35 +0100 Subject: Initial support for LDAP server authentication Limitations as of this commit: - tlsOptions can only be specified in config.json, not as env vars - authentication failures are not yet gracefully handled by the UI - instead the error message is shown on a blank page (/auth/ldap) - no email address is associated with the LDAP user's account - no picture/profile URL is associated with the LDAP user's account - we might have to generate our own access + refresh tokens, because we aren't using oauth. The currently generated tokens are just a placeholder. - 'LDAP Sign in' needs to be translated to each locale --- README.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'README.md') diff --git a/README.md b/README.md index bdf97ee2..442cbd5c 100644 --- a/README.md +++ b/README.md @@ -131,6 +131,13 @@ Environment variables (will overwrite other server configs) | HMD_DROPBOX_CLIENTSECRET | no example | Dropbox API client secret | | HMD_GOOGLE_CLIENTID | no example | Google API client id | | HMD_GOOGLE_CLIENTSECRET | no example | Google API client secret | +| HMD_LDAP_URL | ldap://example.com | url of LDAP server | +| HMD_LDAP_BINDDN | no example | bindDn for LDAP access | +| HMD_LDAP_BINDCREDENTIALS | no example | bindCredentials for LDAP access | +| HMD_LDAP_TOKENSECRET | supersecretkey | secret used for generating access/refresh tokens | +| HMD_LDAP_SEARCHBASE | o=users,dc=example,dc=com | LDAP directory to begin search from | +| HMD_LDAP_SEARCHFILTER | (uid={{username}}) | LDAP filter to search with | +| HMD_LDAP_SEARCHATTRIBUTES | no example | LDAP attributes to search with | | HMD_IMGUR_CLIENTID | no example | Imgur API client id | | HMD_EMAIL | `true` or `false` | set to allow email register and signin | | HMD_IMAGE_UPLOAD_TYPE | `imgur`, `s3` or `filesystem` | Where to upload image. For S3, see our [S3 Image Upload Guide](docs/guides/s3-image-upload.md) | @@ -182,7 +189,7 @@ Third-party integration api key settings | service | settings location | description | | ------- | --------- | ----------- | -| facebook, twitter, github, gitlab, dropbox, google | environment variables or `config.json` | for signin | +| facebook, twitter, github, gitlab, dropbox, google, ldap | environment variables or `config.json` | for signin | | imgur | environment variables or `config.json` | for image upload | | google drive, dropbox | `public/js/config.js` | for export and import | -- cgit v1.2.3 From 6ba9a2f039fe9c4d7495d30ae4f255b96d7f7530 Mon Sep 17 00:00:00 2001 From: alecdwm Date: Wed, 14 Dec 2016 11:49:33 +0100 Subject: Added HMD_LDAP_TLS_CA env variable --- README.md | 1 + 1 file changed, 1 insertion(+) (limited to 'README.md') diff --git a/README.md b/README.md index 442cbd5c..30313fe3 100644 --- a/README.md +++ b/README.md @@ -138,6 +138,7 @@ Environment variables (will overwrite other server configs) | HMD_LDAP_SEARCHBASE | o=users,dc=example,dc=com | LDAP directory to begin search from | | HMD_LDAP_SEARCHFILTER | (uid={{username}}) | LDAP filter to search with | | HMD_LDAP_SEARCHATTRIBUTES | no example | LDAP attributes to search with | +| HMD_LDAP_TLS_CA | no example | Root CA for LDAP TLS in PEM format | | HMD_IMGUR_CLIENTID | no example | Imgur API client id | | HMD_EMAIL | `true` or `false` | set to allow email register and signin | | HMD_IMAGE_UPLOAD_TYPE | `imgur`, `s3` or `filesystem` | Where to upload image. For S3, see our [S3 Image Upload Guide](docs/guides/s3-image-upload.md) | -- cgit v1.2.3 From ff545b268871be7b6552638427a59a9a6eac5dd1 Mon Sep 17 00:00:00 2001 From: neopostmodern Date: Mon, 9 Jan 2017 12:49:23 +0100 Subject: Allow displaying LDAP provider name on sign-in modal --- README.md | 1 + 1 file changed, 1 insertion(+) (limited to 'README.md') diff --git a/README.md b/README.md index 7040aeb3..4717ca7c 100644 --- a/README.md +++ b/README.md @@ -148,6 +148,7 @@ Environment variables (will overwrite other server configs) | HMD_LDAP_SEARCHFILTER | (uid={{username}}) | LDAP filter to search with | | HMD_LDAP_SEARCHATTRIBUTES | no example | LDAP attributes to search with | | HMD_LDAP_TLS_CA | no example | Root CA for LDAP TLS in PEM format | +| HMD_LDAP_PROVIDERNAME | My institution | Optional name to be displayed at login form indicating the LDAP provider | | HMD_IMGUR_CLIENTID | no example | Imgur API client id | | HMD_EMAIL | `true` or `false` | set to allow email register and signin | | HMD_IMAGE_UPLOAD_TYPE | `imgur`, `s3` or `filesystem` | Where to upload image. For S3, see our [S3 Image Upload Guide](docs/guides/s3-image-upload.md) | -- cgit v1.2.3 From 747629e549fb5c32e1acf18e24bfc6a7e1cd5b0c Mon Sep 17 00:00:00 2001 From: Sheogorath Date: Thu, 12 Jan 2017 04:25:58 +0100 Subject: Add `allowemailregister` option --- README.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'README.md') diff --git a/README.md b/README.md index 4717ca7c..7d3d4573 100644 --- a/README.md +++ b/README.md @@ -150,7 +150,8 @@ Environment variables (will overwrite other server configs) | HMD_LDAP_TLS_CA | no example | Root CA for LDAP TLS in PEM format | | HMD_LDAP_PROVIDERNAME | My institution | Optional name to be displayed at login form indicating the LDAP provider | | HMD_IMGUR_CLIENTID | no example | Imgur API client id | -| HMD_EMAIL | `true` or `false` | set to allow email register and signin | +| HMD_EMAIL | `true` or `false` | set to allow email signin | +| HMD_ALLOW_EMAIL_REGISTER | `true` or `false` | set to allow email register | | HMD_IMAGE_UPLOAD_TYPE | `imgur`, `s3` or `filesystem` | Where to upload image. For S3, see our [S3 Image Upload Guide](docs/guides/s3-image-upload.md) | | HMD_S3_ACCESS_KEY_ID | no example | AWS access key id | | HMD_S3_SECRET_ACCESS_KEY | no example | AWS secret key | @@ -194,7 +195,8 @@ Server settings `config.json` | heartbeatinterval | `5000` | socket.io heartbeat interval | | heartbeattimeout | `10000` | socket.io heartbeat timeout | | documentmaxlength | `100000` | note max length | -| email | `true` or `false` | set to allow email register and signin | +| email | `true` or `false` | set to allow email signin | +| allowemailregister | `true` or `false` | set to allow email register | | imageUploadType | `imgur`(default), `s3` or `filesystem` | Where to upload image | s3 | `{ "accessKeyId": "YOUR_S3_ACCESS_KEY_ID", "secretAccessKey": "YOUR_S3_ACCESS_KEY", "region": "YOUR_S3_REGION", "bucket": "YOUR_S3_BUCKET_NAME" }` | When `imageUploadType` be setted to `s3`, you would also need to setup this key, check our [S3 Image Upload Guide](docs/guides/s3-image-upload.md) | -- cgit v1.2.3 From 3cf40a8dec96af3710a5945dde693fdc949f31af Mon Sep 17 00:00:00 2001 From: Wu Cheng-Han Date: Fri, 13 Jan 2017 00:51:40 +0800 Subject: Update README.md to describe allowemailregister config more clear --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'README.md') diff --git a/README.md b/README.md index 7d3d4573..2e7b919b 100644 --- a/README.md +++ b/README.md @@ -151,7 +151,7 @@ Environment variables (will overwrite other server configs) | HMD_LDAP_PROVIDERNAME | My institution | Optional name to be displayed at login form indicating the LDAP provider | | HMD_IMGUR_CLIENTID | no example | Imgur API client id | | HMD_EMAIL | `true` or `false` | set to allow email signin | -| HMD_ALLOW_EMAIL_REGISTER | `true` or `false` | set to allow email register | +| HMD_ALLOW_EMAIL_REGISTER | `true` or `false` | set to allow email register (only applied when email is set, default is `true`) | | HMD_IMAGE_UPLOAD_TYPE | `imgur`, `s3` or `filesystem` | Where to upload image. For S3, see our [S3 Image Upload Guide](docs/guides/s3-image-upload.md) | | HMD_S3_ACCESS_KEY_ID | no example | AWS access key id | | HMD_S3_SECRET_ACCESS_KEY | no example | AWS secret key | @@ -196,7 +196,7 @@ Server settings `config.json` | heartbeattimeout | `10000` | socket.io heartbeat timeout | | documentmaxlength | `100000` | note max length | | email | `true` or `false` | set to allow email signin | -| allowemailregister | `true` or `false` | set to allow email register | +| allowemailregister | `true` or `false` | set to allow email register (only applied when email is set, default is `true`) | | imageUploadType | `imgur`(default), `s3` or `filesystem` | Where to upload image | s3 | `{ "accessKeyId": "YOUR_S3_ACCESS_KEY_ID", "secretAccessKey": "YOUR_S3_ACCESS_KEY", "region": "YOUR_S3_REGION", "bucket": "YOUR_S3_BUCKET_NAME" }` | When `imageUploadType` be setted to `s3`, you would also need to setup this key, check our [S3 Image Upload Guide](docs/guides/s3-image-upload.md) | -- cgit v1.2.3