Add options to admin page for attribute mapping

lib/form/admin/securityPassportLdap.js

@@ -14,6 +14,7 @@ module.exports = form(
       // https://regex101.com/r/jK8lpO/1
       .is(/^(,?[^,=\s]+=[^,=\s]+){1,}$/, 'Bind DN is invalid. <small><a href="https://regex101.com/r/jK8lpO/1">&gt;&gt; Regex</a></small>'),
   field('settingForm[security:passport-ldap:bindDNPassword]'),
-  field('settingForm[security:passport-ldap:searchFilter]')
+  field('settingForm[security:passport-ldap:searchFilter]'),
+  field('settingForm[security:passport-ldap:attrMapUsername]')
 );
 

lib/models/config.js

@@ -60,6 +60,7 @@ module.exports = function(crowi) {
       'security:passport-ldap:bindDN' : undefined,
       'security:passport-ldap:bindDNPassword' : undefined,
       'security:passport-ldap:searchFilter' : undefined,
+      'security:passport-ldap:attrMapUsername' : undefined,
 
       'aws:bucket'          : 'crowi',
       'aws:region'          : 'ap-northeast-1',

lib/service/passport.js

@@ -112,6 +112,9 @@ class PassportService {
 
     debug('LdapStrategy: setting up..');
 
+    const attrMapUsername = config.crowi['security:passport-ldap:attrMapUsername'] || 'uid';
+    debug(`LdapStrategy: attrMapUsername=${attrMapUsername}`);
+
     passport.use(new LdapStrategy(this.getLdapConfigurationFunc(config, {passReqToCallback: true}),
       (req, ldapAccountInfo, done) => {
         debug("LDAP authentication has succeeded", ldapAccountInfo);
@@ -121,9 +124,10 @@ class PassportService {
         // it is guaranteed that username that is input from form can be acquired
         // because this processes after authentication
         const ldapAccountId = this.getLdapAccountIdFromReq(req);
-        // TODO ensure to be able to select the way to determine username
-        const usernameToBeRegistered = ldapAccountInfo['uid'];
 
+        const usernameToBeRegistered = ldapAccountInfo[attrMapUsername];
+
+        // find or register(create) user
         ExternalAccount.findOrRegister('ldap', ldapAccountId, usernameToBeRegistered)
           .then((externalAccount) => {
             return externalAccount.getPopulatedUser();

lib/views/admin/widget/passport/ldap.html

@@ -110,6 +110,18 @@
         </div>
       </div>
 
+      <h4>Attribute Mapping</h4>
+
+      <p class="well well-sm">Specification of mappings when creating new users</p>
+
+      <div class="form-group">
+          <label for="settingForm[security:passport-ldap:attrMapUsername]" class="col-xs-3 control-label">username</label>
+          <div class="col-xs-6">
+            <input class="form-control" type="text" placeholder="Default: uid"
+                name="settingForm[security:passport-ldap:attrMapUsername]" value="{{ settingForm['security:passport-ldap:attrMapUsername'] || '' }}">
+          </div>
+        </div>
+
     </div><!-- /.passport-ldap-configurations -->
 
     <div class="form-group">