|
@@ -156,11 +156,14 @@ class PassportService {
|
|
|
*/
|
|
*/
|
|
|
getLdapConfigurationFunc(config, opts) {
|
|
getLdapConfigurationFunc(config, opts) {
|
|
|
// get configurations
|
|
// get configurations
|
|
|
- const isUserBind = config.crowi['security:passport-ldap:isUserBind'];
|
|
|
|
|
- const serverUrl = config.crowi['security:passport-ldap:serverUrl'];
|
|
|
|
|
- const bindDN = config.crowi['security:passport-ldap:bindDN'];
|
|
|
|
|
- const bindCredentials = config.crowi['security:passport-ldap:bindDNPassword'];
|
|
|
|
|
- const searchFilter = config.crowi['security:passport-ldap:searchFilter'] || '(uid={{username}})';
|
|
|
|
|
|
|
+ const isUserBind = config.crowi['security:passport-ldap:isUserBind'];
|
|
|
|
|
+ const serverUrl = config.crowi['security:passport-ldap:serverUrl'];
|
|
|
|
|
+ const bindDN = config.crowi['security:passport-ldap:bindDN'];
|
|
|
|
|
+ const bindCredentials = config.crowi['security:passport-ldap:bindDNPassword'];
|
|
|
|
|
+ const searchFilter = config.crowi['security:passport-ldap:searchFilter'] || '(uid={{username}})';
|
|
|
|
|
+ const groupSearchBase = config.crowi['security:passport-ldap:groupSearchBase'];
|
|
|
|
|
+ const groupSearchFilter = config.crowi['security:passport-ldap:groupSearchFilter'];
|
|
|
|
|
+ const groupDnProperty = config.crowi['security:passport-ldap:groupDnProperty'] || 'uid';
|
|
|
|
|
|
|
|
// parse serverUrl
|
|
// parse serverUrl
|
|
|
// see: https://regex101.com/r/0tuYBB/1
|
|
// see: https://regex101.com/r/0tuYBB/1
|
|
@@ -180,6 +183,9 @@ class PassportService {
|
|
|
debug(`LdapStrategy: bindCredentials=${bindCredentials}`);
|
|
debug(`LdapStrategy: bindCredentials=${bindCredentials}`);
|
|
|
}
|
|
}
|
|
|
debug(`LdapStrategy: searchFilter=${searchFilter}`);
|
|
debug(`LdapStrategy: searchFilter=${searchFilter}`);
|
|
|
|
|
+ debug(`LdapStrategy: groupSearchBase=${groupSearchBase}`);
|
|
|
|
|
+ debug(`LdapStrategy: groupSearchFilter=${groupSearchFilter}`);
|
|
|
|
|
+ debug(`LdapStrategy: groupDnProperty=${groupDnProperty}`);
|
|
|
|
|
|
|
|
return (req, callback) => {
|
|
return (req, callback) => {
|
|
|
// get credentials from form data
|
|
// get credentials from form data
|
|
@@ -193,12 +199,17 @@ class PassportService {
|
|
|
bindDN.replace(/{{username}}/, loginForm.username):
|
|
bindDN.replace(/{{username}}/, loginForm.username):
|
|
|
bindDN;
|
|
bindDN;
|
|
|
const fixedBindCredentials = (isUserBind) ? loginForm.password : bindCredentials;
|
|
const fixedBindCredentials = (isUserBind) ? loginForm.password : bindCredentials;
|
|
|
|
|
+ let serverOpt = { url, bindDN: fixedBindDN, bindCredentials: fixedBindCredentials, searchBase, searchFilter };
|
|
|
|
|
+
|
|
|
|
|
+ if (groupSearchBase && groupSearchFilter) {
|
|
|
|
|
+ serverOpt = Object.assign({ groupSearchBase, groupSearchFilter, groupDnProperty}, serverOpt);
|
|
|
|
|
+ }
|
|
|
|
|
|
|
|
process.nextTick(() => {
|
|
process.nextTick(() => {
|
|
|
const mergedOpts = Object.assign({
|
|
const mergedOpts = Object.assign({
|
|
|
usernameField: PassportService.USERNAME_FIELD,
|
|
usernameField: PassportService.USERNAME_FIELD,
|
|
|
passwordField: PassportService.PASSWORD_FIELD,
|
|
passwordField: PassportService.PASSWORD_FIELD,
|
|
|
- server: { url, bindDN: fixedBindDN, bindCredentials: fixedBindCredentials, searchBase, searchFilter },
|
|
|
|
|
|
|
+ server: serverOpt,
|
|
|
}, opts);
|
|
}, opts);
|
|
|
debug('ldap configuration: ', mergedOpts);
|
|
debug('ldap configuration: ', mergedOpts);
|
|
|
callback(null, mergedOpts);
|
|
callback(null, mergedOpts);
|
Yuki Takei