diff options
author | Immae <immae@users.noreply.github.com> | 2018-08-15 18:12:44 +0200 |
---|---|---|
committer | Eugen Rochko <eugen@zeonfederated.com> | 2018-08-15 18:12:44 +0200 |
commit | b0f4fe456b15bfe74b9feca247d0ac67a8ba21fb (patch) | |
tree | 943ec75db646369361d72d6464b5715f3cdf59f6 | |
parent | aaac14b8ad1a2a9e3d58871feb07b1e78c5316c3 (diff) |
Add ldap search filter (#8151)
-rw-r--r-- | .env.production.sample | 1 | ||||
-rw-r--r-- | config/initializers/devise.rb | 3 | ||||
-rw-r--r-- | lib/devise/ldap_authenticatable.rb | 3 |
3 files changed, 6 insertions, 1 deletions
diff --git a/.env.production.sample b/.env.production.sample index ebb078878..349daedd8 100644 --- a/.env.production.sample +++ b/.env.production.sample @@ -162,6 +162,7 @@ STREAMING_CLUSTER_NUM=1 # LDAP_BIND_DN= # LDAP_PASSWORD= # LDAP_UID=cn +# LDAP_SEARCH_FILTER="%{uid}=%{email}" # PAM authentication (optional) # PAM authentication uses for the email generation the "email" pam variable diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb index 8532c9d9a..cd9bacf68 100644 --- a/config/initializers/devise.rb +++ b/config/initializers/devise.rb @@ -59,6 +59,8 @@ module Devise @@ldap_password = nil mattr_accessor :ldap_tls_no_verify @@ldap_tls_no_verify = false + mattr_accessor :ldap_search_filter + @@ldap_search_filter = nil class Strategies::PamAuthenticatable def valid? @@ -362,5 +364,6 @@ Devise.setup do |config| config.ldap_password = ENV.fetch('LDAP_PASSWORD') config.ldap_uid = ENV.fetch('LDAP_UID', 'cn') config.ldap_tls_no_verify = ENV['LDAP_TLS_NO_VERIFY'] == 'true' + config.ldap_search_filter = ENV.fetch('LDAP_SEARCH_FILTER', '%{uid}=%{email}') end end diff --git a/lib/devise/ldap_authenticatable.rb b/lib/devise/ldap_authenticatable.rb index ef786fbb7..534c7a851 100644 --- a/lib/devise/ldap_authenticatable.rb +++ b/lib/devise/ldap_authenticatable.rb @@ -24,7 +24,8 @@ module Devise connect_timeout: 10 ) - if (user_info = ldap.bind_as(base: Devise.ldap_base, filter: "(#{Devise.ldap_uid}=#{email})", password: password)) + filter = format(Devise.ldap_search_filter, uid: Devise.ldap_uid, email: email) + if (user_info = ldap.bind_as(base: Devise.ldap_base, filter: filter, password: password)) user = User.ldap_get_user(user_info.first) success!(user) else |