Add ldap search filter (#8151)

master
Immae 6 years ago committed by Eugen Rochko
parent aaac14b8ad
commit b0f4fe456b
  1. 1
      .env.production.sample
  2. 3
      config/initializers/devise.rb
  3. 3
      lib/devise/ldap_authenticatable.rb

@ -162,6 +162,7 @@ STREAMING_CLUSTER_NUM=1
# LDAP_BIND_DN= # LDAP_BIND_DN=
# LDAP_PASSWORD= # LDAP_PASSWORD=
# LDAP_UID=cn # LDAP_UID=cn
# LDAP_SEARCH_FILTER="%{uid}=%{email}"
# PAM authentication (optional) # PAM authentication (optional)
# PAM authentication uses for the email generation the "email" pam variable # PAM authentication uses for the email generation the "email" pam variable

@ -59,6 +59,8 @@ module Devise
@@ldap_password = nil @@ldap_password = nil
mattr_accessor :ldap_tls_no_verify mattr_accessor :ldap_tls_no_verify
@@ldap_tls_no_verify = false @@ldap_tls_no_verify = false
mattr_accessor :ldap_search_filter
@@ldap_search_filter = nil
class Strategies::PamAuthenticatable class Strategies::PamAuthenticatable
def valid? def valid?
@ -362,5 +364,6 @@ Devise.setup do |config|
config.ldap_password = ENV.fetch('LDAP_PASSWORD') config.ldap_password = ENV.fetch('LDAP_PASSWORD')
config.ldap_uid = ENV.fetch('LDAP_UID', 'cn') config.ldap_uid = ENV.fetch('LDAP_UID', 'cn')
config.ldap_tls_no_verify = ENV['LDAP_TLS_NO_VERIFY'] == 'true' config.ldap_tls_no_verify = ENV['LDAP_TLS_NO_VERIFY'] == 'true'
config.ldap_search_filter = ENV.fetch('LDAP_SEARCH_FILTER', '%{uid}=%{email}')
end end
end end

@ -24,7 +24,8 @@ module Devise
connect_timeout: 10 connect_timeout: 10
) )
if (user_info = ldap.bind_as(base: Devise.ldap_base, filter: "(#{Devise.ldap_uid}=#{email})", password: password)) filter = format(Devise.ldap_search_filter, uid: Devise.ldap_uid, email: email)
if (user_info = ldap.bind_as(base: Devise.ldap_base, filter: filter, password: password))
user = User.ldap_get_user(user_info.first) user = User.ldap_get_user(user_info.first)
success!(user) success!(user)
else else

Loading…
Cancel
Save