Add setting ldap.usernameField

This determines which ldap field is used as the username on
HackMD. By default, the "id" is used as username, too. The id
is taken from the fields `uidNumber`, `uid` or
`sAMAccountName`. To give the user more flexibility, they can
now choose the field used for the username instead.
This commit is contained in:
Lukas Kalbertodt 2017-12-09 11:17:06 +01:00
parent 1b7d621fd1
commit 612b2d1811
5 changed files with 11 additions and 1 deletions

View file

@ -170,6 +170,7 @@ There are some configs you need to change in the files below
| HMD_LDAP_SEARCHBASE | `o=users,dc=example,dc=com` | LDAP directory to begin search from | | HMD_LDAP_SEARCHBASE | `o=users,dc=example,dc=com` | LDAP directory to begin search from |
| HMD_LDAP_SEARCHFILTER | `(uid={{username}})` | LDAP filter to search with | | HMD_LDAP_SEARCHFILTER | `(uid={{username}})` | LDAP filter to search with |
| HMD_LDAP_SEARCHATTRIBUTES | no example | LDAP attributes to search with | | HMD_LDAP_SEARCHATTRIBUTES | no example | LDAP attributes to search with |
| HMD_LDAP_USERNAMEFIELD | `uid` | The LDAP field which is used as the username on HackMD |
| HMD_LDAP_TLS_CA | `server-cert.pem, root.pem` | Root CA for LDAP TLS in PEM format (use comma to separate) | | HMD_LDAP_TLS_CA | `server-cert.pem, root.pem` | Root CA for LDAP TLS in PEM format (use comma to separate) |
| HMD_LDAP_PROVIDERNAME | `My institution` | Optional name to be displayed at login form indicating the LDAP provider | | HMD_LDAP_PROVIDERNAME | `My institution` | Optional name to be displayed at login form indicating the LDAP provider |
| HMD_SAML_IDPSSOURL | `https://idp.example.com/sso` | authentication endpoint of IdP. for details, see [guide](docs/guides/auth.md#saml-onelogin). | | HMD_SAML_IDPSSOURL | `https://idp.example.com/sso` | authentication endpoint of IdP. for details, see [guide](docs/guides/auth.md#saml-onelogin). |

View file

@ -71,6 +71,7 @@
"searchBase": "change this", "searchBase": "change this",
"searchFilter": "change this", "searchFilter": "change this",
"searchAttributes": "change this", "searchAttributes": "change this",
"usernameField": "change this e.g. uid"
"tlsOptions": { "tlsOptions": {
"changeme": "See https://nodejs.org/api/tls.html#tls_tls_connect_options_callback" "changeme": "See https://nodejs.org/api/tls.html#tls_tls_connect_options_callback"
} }

View file

@ -96,6 +96,7 @@ module.exports = {
searchBase: undefined, searchBase: undefined,
searchFilter: undefined, searchFilter: undefined,
searchAttributes: undefined, searchAttributes: undefined,
usernameField: undefined,
tlsca: undefined tlsca: undefined
}, },
saml: { saml: {

View file

@ -71,6 +71,7 @@ module.exports = {
searchBase: process.env.HMD_LDAP_SEARCHBASE, searchBase: process.env.HMD_LDAP_SEARCHBASE,
searchFilter: process.env.HMD_LDAP_SEARCHFILTER, searchFilter: process.env.HMD_LDAP_SEARCHFILTER,
searchAttributes: process.env.HMD_LDAP_SEARCHATTRIBUTES, searchAttributes: process.env.HMD_LDAP_SEARCHATTRIBUTES,
usernameField: process.env.HMD_LDAP_USERNAMEFIELD,
tlsca: process.env.HMD_LDAP_TLS_CA tlsca: process.env.HMD_LDAP_TLS_CA
}, },
saml: { saml: {

View file

@ -24,9 +24,15 @@ passport.use(new LDAPStrategy({
} }
}, function (user, done) { }, function (user, done) {
var uuid = user.uidNumber || user.uid || user.sAMAccountName var uuid = user.uidNumber || user.uid || user.sAMAccountName
var username = uuid
if (config.ldap.usernameField && user[config.ldap.usernameField]) {
username = user[config.ldap.usernameField]
}
var profile = { var profile = {
id: 'LDAP-' + uuid, id: 'LDAP-' + uuid,
username: uuid, username: username,
displayName: user.displayName, displayName: user.displayName,
emails: user.mail ? [user.mail] : [], emails: user.mail ? [user.mail] : [],
avatarUrl: null, avatarUrl: null,