[LDAP] Allow to bind to an admin with a different FQDN
By directly providing the full DN Signed-off-by: Thomas Citharel <tcit@tcit.fr>
This commit is contained in:
parent
bc8ea10bb0
commit
0f5941a046
|
@ -146,6 +146,8 @@ config :mobilizon, :ldap,
|
||||||
base: System.get_env("LDAP_BASE") || "dc=example,dc=com",
|
base: System.get_env("LDAP_BASE") || "dc=example,dc=com",
|
||||||
uid: System.get_env("LDAP_UID") || "cn",
|
uid: System.get_env("LDAP_UID") || "cn",
|
||||||
require_bind_for_search: !(System.get_env("LDAP_REQUIRE_BIND_FOR_SEARCH") == "false"),
|
require_bind_for_search: !(System.get_env("LDAP_REQUIRE_BIND_FOR_SEARCH") == "false"),
|
||||||
|
# Either the admin UID matching the field in `uid`,
|
||||||
|
# Either a tuple with the fully qualified DN: {:full, uid=admin,dc=example.com,dc=local}
|
||||||
bind_uid: System.get_env("LDAP_BIND_UID"),
|
bind_uid: System.get_env("LDAP_BIND_UID"),
|
||||||
bind_password: System.get_env("LDAP_BIND_PASSWORD")
|
bind_password: System.get_env("LDAP_BIND_PASSWORD")
|
||||||
|
|
||||||
|
|
|
@ -97,6 +97,15 @@ defmodule Mobilizon.Service.Auth.LDAPAuthenticator do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
# Bind user with full DN
|
||||||
|
@spec bind_user(any(), String.t(), String.t(), {:full, String.t()}, String.t()) ::
|
||||||
|
User.t() | any()
|
||||||
|
defp bind_user(connection, _base, _uid, {:full, field}, password) do
|
||||||
|
Logger.debug("Binding to LDAP with \"#{field}\"")
|
||||||
|
:eldap.simple_bind(connection, field, password)
|
||||||
|
end
|
||||||
|
|
||||||
|
# Bind user with only uid field on top of base
|
||||||
@spec bind_user(any(), String.t(), String.t(), String.t(), String.t()) ::
|
@spec bind_user(any(), String.t(), String.t(), String.t(), String.t()) ::
|
||||||
User.t() | any()
|
User.t() | any()
|
||||||
defp bind_user(connection, base, uid, field, password) do
|
defp bind_user(connection, base, uid, field, password) do
|
||||||
|
|
Loading…
Reference in a new issue