From bd8dc9bd0c9857470f14189c15572cab18bf8ab1 Mon Sep 17 00:00:00 2001 From: Mathieu Brunot Date: Sun, 1 Dec 2019 18:52:21 +0100 Subject: [PATCH] :sparkles: Add an LDAP Mail attribute config (#12053) Signed-off-by: mathieu.brunot --- .env.nanobox | 2 ++ .env.production.sample | 3 ++- app/models/concerns/ldap_authenticable.rb | 4 ++-- config/initializers/devise.rb | 5 ++++- 4 files changed, 10 insertions(+), 4 deletions(-) diff --git a/.env.nanobox b/.env.nanobox index fc6c3c42f5..03aa01a340 100644 --- a/.env.nanobox +++ b/.env.nanobox @@ -183,6 +183,8 @@ SMTP_FROM_ADDRESS=notifications@${APP_NAME}.nanoapp.io # LDAP_BIND_DN= # LDAP_PASSWORD= # LDAP_UID=cn +# LDAP_MAIL=mail +# LDAP_SEARCH_FILTER=(|(%{uid}=%{email})(%{mail}=%{email})) # LDAP_UID_CONVERSION_ENABLED=true # LDAP_UID_CONVERSION_SEARCH=., - # LDAP_UID_CONVERSION_REPLACE=_ diff --git a/.env.production.sample b/.env.production.sample index 6b078c7b28..9cab992e33 100644 --- a/.env.production.sample +++ b/.env.production.sample @@ -178,7 +178,8 @@ STREAMING_CLUSTER_NUM=1 # LDAP_BIND_DN= # LDAP_PASSWORD= # LDAP_UID=cn -# LDAP_SEARCH_FILTER=%{uid}=%{email} +# LDAP_MAIL=mail +# LDAP_SEARCH_FILTER=(|(%{uid}=%{email})(%{mail}=%{email})) # LDAP_UID_CONVERSION_ENABLED=true # LDAP_UID_CONVERSION_SEARCH=., - # LDAP_UID_CONVERSION_REPLACE=_ diff --git a/app/models/concerns/ldap_authenticable.rb b/app/models/concerns/ldap_authenticable.rb index 2d2e1edbb5..e3f94bb6ce 100644 --- a/app/models/concerns/ldap_authenticable.rb +++ b/app/models/concerns/ldap_authenticable.rb @@ -6,7 +6,7 @@ module LdapAuthenticable class_methods do def authenticate_with_ldap(params = {}) ldap = Net::LDAP.new(ldap_options) - filter = format(Devise.ldap_search_filter, uid: Devise.ldap_uid, email: params[:email]) + filter = format(Devise.ldap_search_filter, uid: Devise.ldap_uid, mail: Devise.ldap_mail, email: params[:email]) if (user_info = ldap.bind_as(base: Devise.ldap_base, filter: filter, password: params[:password])) ldap_get_user(user_info.first) @@ -25,7 +25,7 @@ module LdapAuthenticable resource = joins(:account).find_by(accounts: { username: safe_username }) if resource.blank? - resource = new(email: attributes[:mail].first, agreement: true, account_attributes: { username: safe_username }, admin: false, external: true, confirmed_at: Time.now.utc) + resource = new(email: attributes[Devise.ldap_mail.to_sym].first, agreement: true, account_attributes: { username: safe_username }, admin: false, external: true, confirmed_at: Time.now.utc) resource.save! end diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb index fa9fd8cc44..59e69ad375 100644 --- a/config/initializers/devise.rb +++ b/config/initializers/devise.rb @@ -53,6 +53,8 @@ module Devise @@ldap_base = nil mattr_accessor :ldap_uid @@ldap_uid = nil + mattr_accessor :ldap_mail + @@ldap_mail = nil mattr_accessor :ldap_bind_dn @@ldap_bind_dn = nil mattr_accessor :ldap_password @@ -369,8 +371,9 @@ Devise.setup do |config| config.ldap_bind_dn = ENV.fetch('LDAP_BIND_DN') config.ldap_password = ENV.fetch('LDAP_PASSWORD') config.ldap_uid = ENV.fetch('LDAP_UID', 'cn') + config.ldap_mail = ENV.fetch('LDAP_MAIL', 'mail') config.ldap_tls_no_verify = ENV['LDAP_TLS_NO_VERIFY'] == 'true' - config.ldap_search_filter = ENV.fetch('LDAP_SEARCH_FILTER', '%{uid}=%{email}') + config.ldap_search_filter = ENV.fetch('LDAP_SEARCH_FILTER', '(|(%{uid}=%{email})(%{mail}=%{email}))') config.ldap_uid_conversion_enabled = ENV['LDAP_UID_CONVERSION_ENABLED'] == 'true' config.ldap_uid_conversion_search = ENV.fetch('LDAP_UID_CONVERSION_SEARCH', '.,- ') config.ldap_uid_conversion_replace = ENV.fetch('LDAP_UID_CONVERSION_REPLACE', '_')