mirror of
https://github.com/nitnelave/lldap.git
synced 2023-04-12 14:25:13 +00:00
ldap: return actual "cn" value instead of "uid" in LDAP messages
This commit is contained in:
parent
e1e1d6cd20
commit
bd90a3a426
@ -42,6 +42,6 @@ authentication_backend:
|
|||||||
display_name_attribute: displayName
|
display_name_attribute: displayName
|
||||||
# The username and password of the admin user.
|
# The username and password of the admin user.
|
||||||
# "admin" should be the admin username you set in the LLDAP configuration
|
# "admin" should be the admin username you set in the LLDAP configuration
|
||||||
user: cn=admin,ou=people,dc=example,dc=com
|
user: uid=admin,ou=people,dc=example,dc=com
|
||||||
# Password can also be set using a secret: https://www.authelia.com/docs/configuration/secrets.html
|
# Password can also be set using a secret: https://www.authelia.com/docs/configuration/secrets.html
|
||||||
password: 'REPLACE_ME'
|
password: 'REPLACE_ME'
|
||||||
|
@ -16,13 +16,13 @@ LDAP_BASE_DN=ou=people,dc=example,dc=com
|
|||||||
|
|
||||||
# The full DN and password of the user used to search the server
|
# The full DN and password of the user used to search the server
|
||||||
# Can both be left as false to bind anonymously
|
# Can both be left as false to bind anonymously
|
||||||
LDAP_DN=cn=admin,ou=people,dc=example,dc=com
|
LDAP_DN=uid=admin,ou=people,dc=example,dc=com
|
||||||
LDAP_PASS=YOUR-ADMIN-PASSWORD-HERE
|
LDAP_PASS=YOUR-ADMIN-PASSWORD-HERE
|
||||||
|
|
||||||
# A filter to use when searching for users
|
# A filter to use when searching for users
|
||||||
# The user-provided user-name used to replace any occurrences of '${user}'
|
# The user-provided user-name used to replace any occurrences of '${user}'
|
||||||
# If you're setting this option via other means, such as within a docker-compose.yml,
|
# If you're setting this option via other means, such as within a docker-compose.yml,
|
||||||
# you may need escape the $, often using $$ or \$ instead.
|
# you may need escape the $, often using $$ or \$ instead.
|
||||||
LDAP_USER_FILTER=(&(uid=${user}))
|
LDAP_USER_FILTER=(&(uid=${user}))
|
||||||
|
|
||||||
# Set the LDAP version to use when connecting to the server
|
# Set the LDAP version to use when connecting to the server
|
||||||
|
@ -4,7 +4,7 @@ This example will help you to create user in dolibarr from your users in your ll
|
|||||||
|
|
||||||
## To connect ldap->dolibarr
|
## To connect ldap->dolibarr
|
||||||
|
|
||||||
In Dolibarr, install the LDAP module from Home -> Modules/Applications
|
In Dolibarr, install the LDAP module from `Home` -> `Modules/Applications`
|
||||||
Go to the configuration of this module and fill it like this:
|
Go to the configuration of this module and fill it like this:
|
||||||
|
|
||||||
|
|
||||||
@ -17,24 +17,23 @@ Go to the configuration of this module and fill it like this:
|
|||||||
- Server port: port `3890`
|
- Server port: port `3890`
|
||||||
- Server DN: `dc=example,dc=com`
|
- Server DN: `dc=example,dc=com`
|
||||||
- Use TLS: `No`
|
- Use TLS: `No`
|
||||||
- Administrator DN: `cn=admin,ou=people,dc=example,dc=com`
|
- Administrator DN: `uid=admin,ou=people,dc=example,dc=com`
|
||||||
- Administrator password: `secret`
|
- Administrator password: `secret`
|
||||||
|
|
||||||
Click on modify then "TEST LDAP CONNECTION".
|
Click on modify then "TEST LDAP CONNECTION".
|
||||||
You should get this result on the bottom:
|
You should get this result on the bottom:
|
||||||
```
|
```
|
||||||
TCP connect to LDAP server successful (Server=ldap://example.com, Port=389)
|
TCP connect to LDAP server successful (Server=ldap://example.com, Port=389)
|
||||||
Connect/Authenticate to LDAP server successful (Server=ldap://example.com, Port=389, Admin=cn=admin,ou=people,dc=example,dc=com, Password=**********)
|
Connect/Authenticate to LDAP server successful (Server=ldap://example.com, Port=389, Admin=uid=admin,ou=people,dc=example,dc=com, Password=**********)
|
||||||
LDAP server configured for version 3
|
LDAP server configured for version 3
|
||||||
```
|
```
|
||||||
|
|
||||||
And two new tabs will appear on the top:
|
And two new tabs will appear on the top: `Users` and `Groups`.
|
||||||
Users and Groups
|
|
||||||
|
|
||||||
We will use only Users in this example to get the users we want to import.
|
We will use only `Users` in this example to get the users we want to import.
|
||||||
The tab Groups would be to import groups.
|
The tab `Groups` would be to import groups.
|
||||||
|
|
||||||
Click on the Users tab and fill it like this:
|
Click on the `Users` tab and fill it like this:
|
||||||
- Users' DN: `ou=people,dc=example,dc=com`
|
- Users' DN: `ou=people,dc=example,dc=com`
|
||||||
- List of objectClass: `person`
|
- List of objectClass: `person`
|
||||||
- Search filter: `memberOf=cn=yournamegroup,ou=groups,dc=example,dc=com`
|
- Search filter: `memberOf=cn=yournamegroup,ou=groups,dc=example,dc=com`
|
||||||
@ -47,20 +46,20 @@ Click on the Users tab and fill it like this:
|
|||||||
- Login `uid`
|
- Login `uid`
|
||||||
- Email address `mail`
|
- Email address `mail`
|
||||||
|
|
||||||
Click on "MODIFY" and then on "TEST A LDAP SEARCH"
|
Click on "MODIFY" and then on "TEST A LDAP SEARCH".
|
||||||
|
|
||||||
You should get the number of users in the group or all users if you didn't use a filter.
|
You should get the number of users in the group or all users if you didn't use a filter.
|
||||||
|
|
||||||
|
|
||||||
## To import ldap users into the dolibarr database (needed to login with those users):
|
## To import ldap users into the dolibarr database (needed to login with those users):
|
||||||
|
|
||||||
Navigate to Users & Groups -> New Users
|
Navigate to `Users & Groups` -> `New Users`.
|
||||||
Click on the blank form "Users in LDAP database", you will get the list of the users in the group filled above. With the "GET" button, you will import the selected user.
|
Click on the blank form "Users in LDAP database", you will get the list of the users in the group filled above. With the "GET" button, you will import the selected user.
|
||||||
|
|
||||||
|
|
||||||
## To enable LDAP login:
|
## To enable LDAP login:
|
||||||
|
|
||||||
Modify your `conf.php` in your dolibarr folder in `htdocs/conf`
|
Modify your `conf.php` in your dolibarr folder in `htdocs/conf`.
|
||||||
Replace
|
Replace
|
||||||
```
|
```
|
||||||
// Authentication settings
|
// Authentication settings
|
||||||
@ -76,9 +75,9 @@ $dolibarr_main_auth_ldap_host='ldap://127.0.0.1:3890';
|
|||||||
$dolibarr_main_auth_ldap_port='3890';
|
$dolibarr_main_auth_ldap_port='3890';
|
||||||
$dolibarr_main_auth_ldap_version='3';
|
$dolibarr_main_auth_ldap_version='3';
|
||||||
$dolibarr_main_auth_ldap_servertype='openldap';
|
$dolibarr_main_auth_ldap_servertype='openldap';
|
||||||
$dolibarr_main_auth_ldap_login_attribute='cn';
|
$dolibarr_main_auth_ldap_login_attribute='uid';
|
||||||
$dolibarr_main_auth_ldap_dn='ou=people,dc=example,dc=com';
|
$dolibarr_main_auth_ldap_dn='ou=people,dc=example,dc=com';
|
||||||
$dolibarr_main_auth_ldap_admin_login='cn=admin,ou=people,dc=example,dc=com';
|
$dolibarr_main_auth_ldap_admin_login='uid=admin,ou=people,dc=example,dc=com';
|
||||||
$dolibarr_main_auth_ldap_admin_pass='secret';
|
$dolibarr_main_auth_ldap_admin_pass='secret';
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -4,7 +4,7 @@ Replace `dc=example,dc=com` with your LLDAP configured domain.
|
|||||||
|
|
||||||
### LDAP Bind User
|
### LDAP Bind User
|
||||||
```
|
```
|
||||||
cn=admin,ou=people,dc=example,dc=com
|
uid=admin,ou=people,dc=example,dc=com
|
||||||
```
|
```
|
||||||
|
|
||||||
### LDAP Base DN for searches
|
### LDAP Base DN for searches
|
||||||
@ -12,6 +12,18 @@ cn=admin,ou=people,dc=example,dc=com
|
|||||||
ou=people,dc=example,dc=com
|
ou=people,dc=example,dc=com
|
||||||
```
|
```
|
||||||
|
|
||||||
|
### LDAP Attributes
|
||||||
|
|
||||||
|
```
|
||||||
|
uid, mail
|
||||||
|
```
|
||||||
|
|
||||||
|
### LDAP Name Attribute
|
||||||
|
|
||||||
|
```
|
||||||
|
uid
|
||||||
|
```
|
||||||
|
|
||||||
### User Filter
|
### User Filter
|
||||||
|
|
||||||
If you have a `media` group, you can use:
|
If you have a `media` group, you can use:
|
||||||
|
@ -18,7 +18,7 @@ LDAP_URL=ldap://IP:3890
|
|||||||
LDAP_BASE=ou=people,dc=example,dc=com
|
LDAP_BASE=ou=people,dc=example,dc=com
|
||||||
|
|
||||||
# LDAP user DN.
|
# LDAP user DN.
|
||||||
LDAP_BINDDN=cn=admin,ou=people,dc=example,dc=com
|
LDAP_BINDDN=uid=admin,ou=people,dc=example,dc=com
|
||||||
|
|
||||||
# LLDAP admin password.
|
# LLDAP admin password.
|
||||||
LDAP_BINDPW=password
|
LDAP_BINDPW=password
|
||||||
|
@ -25,7 +25,7 @@ The key settings are:
|
|||||||
- Connection URL: `ldap://<your-lldap-container>:3890`
|
- Connection URL: `ldap://<your-lldap-container>:3890`
|
||||||
- Users DN: `ou=people,dc=example,dc=com` (or whatever `dc` you have)
|
- Users DN: `ou=people,dc=example,dc=com` (or whatever `dc` you have)
|
||||||
- Bind Type: `simple`
|
- Bind Type: `simple`
|
||||||
- Bind DN: `cn=admin,ou=people,dc=example,dc=com` (replace with your admin user and `dc`)
|
- Bind DN: `uid=admin,ou=people,dc=example,dc=com` (replace with your admin user and `dc`)
|
||||||
- Bind Credential: your LLDAP admin password
|
- Bind Credential: your LLDAP admin password
|
||||||
|
|
||||||
Test the connection and authentication, it should work.
|
Test the connection and authentication, it should work.
|
||||||
|
@ -85,7 +85,7 @@ fn get_user_id_from_distinguished_name(
|
|||||||
|| (parts[0].0 != "cn" && parts[0].0 != "uid")
|
|| (parts[0].0 != "cn" && parts[0].0 != "uid")
|
||||||
{
|
{
|
||||||
bail!(
|
bail!(
|
||||||
r#"Unexpected user DN format. Got "{}", expected: "cn=username,ou=people,{}""#,
|
r#"Unexpected user DN format. Got "{}", expected: "uid=username,ou=people,{}""#,
|
||||||
dn,
|
dn,
|
||||||
base_dn_str
|
base_dn_str
|
||||||
);
|
);
|
||||||
@ -93,7 +93,7 @@ fn get_user_id_from_distinguished_name(
|
|||||||
Ok(UserId::new(&parts[0].1))
|
Ok(UserId::new(&parts[0].1))
|
||||||
} else {
|
} else {
|
||||||
bail!(
|
bail!(
|
||||||
r#"Unexpected user DN format. Got "{}", expected: "cn=username,ou=people,{}""#,
|
r#"Unexpected user DN format. Got "{}", expected: "uid=username,ou=people,{}""#,
|
||||||
dn,
|
dn,
|
||||||
base_dn_str
|
base_dn_str
|
||||||
);
|
);
|
||||||
@ -125,7 +125,11 @@ fn make_ldap_search_user_result_entry(
|
|||||||
base_dn_str: &str,
|
base_dn_str: &str,
|
||||||
attributes: &[String],
|
attributes: &[String],
|
||||||
) -> Result<LdapSearchResultEntry> {
|
) -> Result<LdapSearchResultEntry> {
|
||||||
let dn = format!("cn={},ou=people,{}", user.user_id.as_str(), base_dn_str);
|
let dn = format!(
|
||||||
|
"cn={},ou=people,{}",
|
||||||
|
user.display_name.as_str(),
|
||||||
|
base_dn_str
|
||||||
|
);
|
||||||
Ok(LdapSearchResultEntry {
|
Ok(LdapSearchResultEntry {
|
||||||
dn: dn.clone(),
|
dn: dn.clone(),
|
||||||
attributes: attributes
|
attributes: attributes
|
||||||
@ -864,7 +868,7 @@ mod tests {
|
|||||||
.times(1)
|
.times(1)
|
||||||
.return_once(|_| {
|
.return_once(|_| {
|
||||||
Ok(vec![User {
|
Ok(vec![User {
|
||||||
user_id: UserId::new("test"),
|
display_name: "test".to_string(),
|
||||||
..Default::default()
|
..Default::default()
|
||||||
}])
|
}])
|
||||||
});
|
});
|
||||||
@ -1009,7 +1013,7 @@ mod tests {
|
|||||||
ldap_handler.do_search(&request).await,
|
ldap_handler.do_search(&request).await,
|
||||||
vec![
|
vec![
|
||||||
LdapOp::SearchResultEntry(LdapSearchResultEntry {
|
LdapOp::SearchResultEntry(LdapSearchResultEntry {
|
||||||
dn: "cn=bob_1,ou=people,dc=example,dc=com".to_string(),
|
dn: "cn=Bôb Böbberson,ou=people,dc=example,dc=com".to_string(),
|
||||||
attributes: vec![
|
attributes: vec![
|
||||||
LdapPartialAttribute {
|
LdapPartialAttribute {
|
||||||
atype: "objectClass".to_string(),
|
atype: "objectClass".to_string(),
|
||||||
@ -1022,7 +1026,7 @@ mod tests {
|
|||||||
},
|
},
|
||||||
LdapPartialAttribute {
|
LdapPartialAttribute {
|
||||||
atype: "dn".to_string(),
|
atype: "dn".to_string(),
|
||||||
vals: vec!["cn=bob_1,ou=people,dc=example,dc=com".to_string()]
|
vals: vec!["cn=Bôb Böbberson,ou=people,dc=example,dc=com".to_string()]
|
||||||
},
|
},
|
||||||
LdapPartialAttribute {
|
LdapPartialAttribute {
|
||||||
atype: "uid".to_string(),
|
atype: "uid".to_string(),
|
||||||
@ -1051,7 +1055,7 @@ mod tests {
|
|||||||
],
|
],
|
||||||
}),
|
}),
|
||||||
LdapOp::SearchResultEntry(LdapSearchResultEntry {
|
LdapOp::SearchResultEntry(LdapSearchResultEntry {
|
||||||
dn: "cn=jim,ou=people,dc=example,dc=com".to_string(),
|
dn: "cn=Jimminy Cricket,ou=people,dc=example,dc=com".to_string(),
|
||||||
attributes: vec![
|
attributes: vec![
|
||||||
LdapPartialAttribute {
|
LdapPartialAttribute {
|
||||||
atype: "objectClass".to_string(),
|
atype: "objectClass".to_string(),
|
||||||
@ -1064,7 +1068,7 @@ mod tests {
|
|||||||
},
|
},
|
||||||
LdapPartialAttribute {
|
LdapPartialAttribute {
|
||||||
atype: "dn".to_string(),
|
atype: "dn".to_string(),
|
||||||
vals: vec!["cn=jim,ou=people,dc=example,dc=com".to_string()]
|
vals: vec!["cn=Jimminy Cricket,ou=people,dc=example,dc=com".to_string()]
|
||||||
},
|
},
|
||||||
LdapPartialAttribute {
|
LdapPartialAttribute {
|
||||||
atype: "uid".to_string(),
|
atype: "uid".to_string(),
|
||||||
@ -1409,7 +1413,7 @@ mod tests {
|
|||||||
.times(1)
|
.times(1)
|
||||||
.return_once(|_| {
|
.return_once(|_| {
|
||||||
Ok(vec![User {
|
Ok(vec![User {
|
||||||
user_id: UserId::new("bob_1"),
|
display_name: "bob_1".to_string(),
|
||||||
..Default::default()
|
..Default::default()
|
||||||
}])
|
}])
|
||||||
});
|
});
|
||||||
@ -1473,7 +1477,7 @@ mod tests {
|
|||||||
ldap_handler.do_search(&request).await,
|
ldap_handler.do_search(&request).await,
|
||||||
vec![
|
vec![
|
||||||
LdapOp::SearchResultEntry(LdapSearchResultEntry {
|
LdapOp::SearchResultEntry(LdapSearchResultEntry {
|
||||||
dn: "cn=bob_1,ou=people,dc=example,dc=com".to_string(),
|
dn: "cn=Bôb Böbberson,ou=people,dc=example,dc=com".to_string(),
|
||||||
attributes: vec![
|
attributes: vec![
|
||||||
LdapPartialAttribute {
|
LdapPartialAttribute {
|
||||||
atype: "objectClass".to_string(),
|
atype: "objectClass".to_string(),
|
||||||
@ -1486,7 +1490,7 @@ mod tests {
|
|||||||
},
|
},
|
||||||
LdapPartialAttribute {
|
LdapPartialAttribute {
|
||||||
atype: "dn".to_string(),
|
atype: "dn".to_string(),
|
||||||
vals: vec!["cn=bob_1,ou=people,dc=example,dc=com".to_string()]
|
vals: vec!["cn=Bôb Böbberson,ou=people,dc=example,dc=com".to_string()]
|
||||||
},
|
},
|
||||||
LdapPartialAttribute {
|
LdapPartialAttribute {
|
||||||
atype: "cn".to_string(),
|
atype: "cn".to_string(),
|
||||||
@ -1623,7 +1627,7 @@ mod tests {
|
|||||||
ldap_handler.handle_ldap_message(request).await,
|
ldap_handler.handle_ldap_message(request).await,
|
||||||
Some(vec![make_extended_response(
|
Some(vec![make_extended_response(
|
||||||
LdapResultCode::InvalidDNSyntax,
|
LdapResultCode::InvalidDNSyntax,
|
||||||
r#"Invalid username: "Unexpected user DN format. Got \"cn=bob,ou=groups,ou=people,dc=example,dc=com\", expected: \"cn=username,ou=people,dc=example,dc=com\"""#.to_string(),
|
r#"Invalid username: "Unexpected user DN format. Got \"cn=bob,ou=groups,ou=people,dc=example,dc=com\", expected: \"uid=username,ou=people,dc=example,dc=com\"""#.to_string(),
|
||||||
)])
|
)])
|
||||||
);
|
);
|
||||||
let request = LdapOp::ExtendedRequest(LdapExtendedRequest {
|
let request = LdapOp::ExtendedRequest(LdapExtendedRequest {
|
||||||
|
Loading…
Reference in New Issue
Block a user