From 02e99277146d8bd912f2f19af1d3e94a6181d90d Mon Sep 17 00:00:00 2001
From: alecdwm
Date: Tue, 13 Dec 2016 22:31:35 +0100
Subject: Initial support for LDAP server authentication

Limitations as of this commit:

- tlsOptions can only be specified in config.json, not as env vars
- authentication failures are not yet gracefully handled by the UI
  - instead the error message is shown on a blank page (/auth/ldap)
- no email address is associated with the LDAP user's account
- no picture/profile URL is associated with the LDAP user's account
- we might have to generate our own access + refresh tokens,
  because we aren't using oauth. The currently generated
  tokens are just a placeholder.
- 'LDAP Sign in' needs to be translated to each locale
---
 app.js | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'app.js')

diff --git a/app.js b/app.js
index 0d78a153..44054961 100644
--- a/app.js
+++ b/app.js
@@ -380,6 +380,12 @@ if (config.google) {
             failureRedirect: config.serverurl + '/'
         }));
 }
+// ldap auth
+if (config.ldap) {
+    app.post('/auth/ldap', urlencodedParser,
+        passport.authenticate('ldapauth', { successRedirect: '/' })
+    );
+}
 // email auth
 if (config.email) {
     app.post('/register', urlencodedParser, function (req, res, next) {
-- 
cgit v1.2.3