✨ Convert LDAP username (#12461)
* ✨ Convert LDAP username #12021 Signed-off-by: mathieu.brunot <mathieu.brunot@monogramm.io> * 🐛 Fix conversion var use Signed-off-by: mathieu.brunot <mathieu.brunot@monogramm.io> * 🐛 Fix LDAP uid conversion test Signed-off-by: mathieu.brunot <mathieu.brunot@monogramm.io> * 👌 Remove comments with ref to PR Signed-off-by: mathieu.brunot <mathieu.brunot@monogramm.io> * 👌 Remove unnecessary paranthesis Signed-off-by: mathieu.brunot <mathieu.brunot@monogramm.io> * 🔧 Move space in conversion string Signed-off-by: mathieu.brunot <mathieu.brunot@monogramm.io>
This commit is contained in:
parent
c8d82ef3c3
commit
d70268f099
@ -183,6 +183,9 @@ SMTP_FROM_ADDRESS=notifications@${APP_NAME}.nanoapp.io
|
|||||||
# LDAP_BIND_DN=
|
# LDAP_BIND_DN=
|
||||||
# LDAP_PASSWORD=
|
# LDAP_PASSWORD=
|
||||||
# LDAP_UID=cn
|
# LDAP_UID=cn
|
||||||
|
# LDAP_UID_CONVERSION_ENABLED=true
|
||||||
|
# LDAP_UID_CONVERSION_SEARCH=., -
|
||||||
|
# LDAP_UID_CONVERSION_REPLACE=_
|
||||||
|
|
||||||
# PAM authentication (optional)
|
# PAM authentication (optional)
|
||||||
# PAM authentication uses for the email generation the "email" pam variable
|
# PAM authentication uses for the email generation the "email" pam variable
|
||||||
|
@ -179,6 +179,9 @@ STREAMING_CLUSTER_NUM=1
|
|||||||
# LDAP_PASSWORD=
|
# LDAP_PASSWORD=
|
||||||
# LDAP_UID=cn
|
# LDAP_UID=cn
|
||||||
# LDAP_SEARCH_FILTER=%{uid}=%{email}
|
# LDAP_SEARCH_FILTER=%{uid}=%{email}
|
||||||
|
# LDAP_UID_CONVERSION_ENABLED=true
|
||||||
|
# LDAP_UID_CONVERSION_SEARCH=., -
|
||||||
|
# LDAP_UID_CONVERSION_REPLACE=_
|
||||||
|
|
||||||
# PAM authentication (optional)
|
# PAM authentication (optional)
|
||||||
# PAM authentication uses for the email generation the "email" pam variable
|
# PAM authentication uses for the email generation the "email" pam variable
|
||||||
|
@ -14,10 +14,18 @@ module LdapAuthenticable
|
|||||||
end
|
end
|
||||||
|
|
||||||
def ldap_get_user(attributes = {})
|
def ldap_get_user(attributes = {})
|
||||||
resource = joins(:account).find_by(accounts: { username: attributes[Devise.ldap_uid.to_sym].first })
|
safe_username = attributes[Devise.ldap_uid.to_sym].first
|
||||||
|
if Devise.ldap_uid_conversion_enabled
|
||||||
|
keys = Regexp.union(Devise.ldap_uid_conversion_search.chars)
|
||||||
|
replacement = Devise.ldap_uid_conversion_replace
|
||||||
|
|
||||||
|
safe_username = safe_username.gsub(keys, replacement)
|
||||||
|
end
|
||||||
|
|
||||||
|
resource = joins(:account).find_by(accounts: { username: safe_username })
|
||||||
|
|
||||||
if resource.blank?
|
if resource.blank?
|
||||||
resource = new(email: attributes[:mail].first, agreement: true, account_attributes: { username: attributes[Devise.ldap_uid.to_sym].first }, admin: false, external: true, confirmed_at: Time.now.utc)
|
resource = new(email: attributes[:mail].first, agreement: true, account_attributes: { username: safe_username }, admin: false, external: true, confirmed_at: Time.now.utc)
|
||||||
resource.save!
|
resource.save!
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -61,6 +61,12 @@ module Devise
|
|||||||
@@ldap_tls_no_verify = false
|
@@ldap_tls_no_verify = false
|
||||||
mattr_accessor :ldap_search_filter
|
mattr_accessor :ldap_search_filter
|
||||||
@@ldap_search_filter = nil
|
@@ldap_search_filter = nil
|
||||||
|
mattr_accessor :ldap_uid_conversion_enabled
|
||||||
|
@@ldap_uid_conversion_enabled = false
|
||||||
|
mattr_accessor :ldap_uid_conversion_search
|
||||||
|
@@ldap_uid_conversion_search = nil
|
||||||
|
mattr_accessor :ldap_uid_conversion_replace
|
||||||
|
@@ldap_uid_conversion_replace = nil
|
||||||
|
|
||||||
class Strategies::PamAuthenticatable
|
class Strategies::PamAuthenticatable
|
||||||
def valid?
|
def valid?
|
||||||
@ -365,5 +371,8 @@ Devise.setup do |config|
|
|||||||
config.ldap_uid = ENV.fetch('LDAP_UID', 'cn')
|
config.ldap_uid = ENV.fetch('LDAP_UID', 'cn')
|
||||||
config.ldap_tls_no_verify = ENV['LDAP_TLS_NO_VERIFY'] == 'true'
|
config.ldap_tls_no_verify = ENV['LDAP_TLS_NO_VERIFY'] == 'true'
|
||||||
config.ldap_search_filter = ENV.fetch('LDAP_SEARCH_FILTER', '%{uid}=%{email}')
|
config.ldap_search_filter = ENV.fetch('LDAP_SEARCH_FILTER', '%{uid}=%{email}')
|
||||||
|
config.ldap_uid_conversion_enabled = ENV['LDAP_UID_CONVERSION_ENABLED'] == 'true'
|
||||||
|
config.ldap_uid_conversion_search = ENV.fetch('LDAP_UID_CONVERSION_SEARCH', '.,- ')
|
||||||
|
config.ldap_uid_conversion_replace = ENV.fetch('LDAP_UID_CONVERSION_REPLACE', '_')
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
Loading…
Reference in New Issue
Block a user