WIP attempt to do non anonymous ldap connect #908
Sem revisores
Rótulos
Sem rótulos
A: API
A: Backend
A: Federation
A: Front-End
A: I18N
A: Meta
A: Security
Build
C: Bug
C: Discussion
C: Enhancement
C: Feature
Compatibility
Dependency
Design
Documentation
Good first issue
Help welcome
Mobile
Rendering
S: Blocked
S: Duplicate
S: Incomplete
S: Instance specific
S: Invalid
S: Needs Voting/Discussion
S: Ready for review
Suggestion
S: Voted on Loomio
S: Wontfix
Sem etapa
Nenhum planeamento
Sem encarregados
2 Participantes
Notificações
Data de vencimento
Sem data de vencimento definida.
Dependências
Não estão definidas dependências.
Referência: Plume/Plume#908
Carregando…
Adicionar tabela
Criar uma nova questão referindo esta
Nenhuma descrição fornecida.
Eliminar o ramo "ldap-non-anon"
Eliminar um ramo é algo permanente. Embora o ramo eliminado possa continuar a existir por um breve período de tempo antes de ser realmente removido, a operação NÃO PODERÁ ser desfeita na maioria dos casos. Quer continuar?
attempt at fixing #902
@pwFoo could you test if it works for you?
I have to finish some other tasks and need to learn how to compile project based on a pull request first...
If you know how to compile from sources, you can run
git checkout ldap-non-anon
before running cargo commands. You might need to rungit fetch
before git checkout if it does not find the branchFirst a binddn is connected and than in a second step verify the real user.
Build is done, how to configure the additional LDAP parameters for bind?
it's
LDAP_USER
andLDAP_PASSWORD
, as environment variables or in .envLogin works, but I think need some improvements.
I see the ldap query and can compare it with a working one. Looks like your implementation do two bindings instead of one?
plume ldap
Working application
ToDo
1. Rename bind user ENV
2. That part should be removed! Second bind!
3. search filter
Binded user need to search for the "real" user. And the search filter need to be configurable like that filter part
LDAP_FILTER example. search attribute is given by
(uid=%u)
part and%u
is replaced by the login user name.Configurable search base and search filter would be most flexible I think?
Hi @trinity-1686a,
what do you think about the suggested changes?
Ver instruções para a linha de comandos
Conferir
No seu repositório, irá criar um novo ramo para que possa testar as modificações.