mirror of
https://github.com/wekan/wekan.git
synced 2025-12-16 23:40:13 +01:00
Option to login to the LDAP server with the user's own username and password, instead of an administrator key. Default: false (use administrator key).
With new setting: LDAP_USER_AUTHENTICATION=true Added to Snap, Docker and Source. Thanks to xet7 ! Related https://github.com/wekan/wekan/pull/2399
This commit is contained in:
Lauri Ojansivu
parent
c37a454bd5
commit
3bbc805ee4
7 changed files with 19 additions and 1 deletions
|
|
@ -61,6 +61,7 @@ ENV BUILD_DEPS="apt-utils bsdtar gnupg gosu wget curl bzip2 build-essential pyth
|
||||||
LDAP_ENCRYPTION=false \
|
LDAP_ENCRYPTION=false \
|
||||||
LDAP_CA_CERT="" \
|
LDAP_CA_CERT="" \
|
||||||
LDAP_REJECT_UNAUTHORIZED=false \
|
LDAP_REJECT_UNAUTHORIZED=false \
|
||||||
|
LDAP_USER_AUTHENTICATION=false \
|
||||||
LDAP_USER_SEARCH_FILTER="" \
|
LDAP_USER_SEARCH_FILTER="" \
|
||||||
LDAP_USER_SEARCH_SCOPE="" \
|
LDAP_USER_SEARCH_SCOPE="" \
|
||||||
LDAP_USER_SEARCH_FIELD="" \
|
LDAP_USER_SEARCH_FIELD="" \
|
||||||
|
|
|
||||||
|
|
@ -400,6 +400,9 @@ services:
|
||||||
# Reject Unauthorized Certificate
|
# Reject Unauthorized Certificate
|
||||||
#- LDAP_REJECT_UNAUTHORIZED=false
|
#- LDAP_REJECT_UNAUTHORIZED=false
|
||||||
#
|
#
|
||||||
|
# Option to login to the LDAP server with the user's own username and password, instead of an administrator key. Default: false (use administrator key).
|
||||||
|
#- LDAP_USER_AUTHENTICATION="true"
|
||||||
|
#
|
||||||
# Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed
|
# Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed
|
||||||
#- LDAP_USER_SEARCH_FILTER=
|
#- LDAP_USER_SEARCH_FILTER=
|
||||||
#
|
#
|
||||||
|
|
|
||||||
|
|
@ -191,6 +191,8 @@
|
||||||
# LDAP_REJECT_UNAUTHORIZED : Reject Unauthorized Certificate
|
# LDAP_REJECT_UNAUTHORIZED : Reject Unauthorized Certificate
|
||||||
# example : export LDAP_REJECT_UNAUTHORIZED=true
|
# example : export LDAP_REJECT_UNAUTHORIZED=true
|
||||||
#export LDAP_REJECT_UNAUTHORIZED=false
|
#export LDAP_REJECT_UNAUTHORIZED=false
|
||||||
|
# Option to login to the LDAP server with the user's own username and password, instead of an administrator key. Default: false (use administrator key).
|
||||||
|
#export LDAP_USER_AUTHENTICATION=true
|
||||||
# LDAP_USER_SEARCH_FILTER : Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed
|
# LDAP_USER_SEARCH_FILTER : Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed
|
||||||
# example : export LDAP_USER_SEARCH_FILTER=
|
# example : export LDAP_USER_SEARCH_FILTER=
|
||||||
#export LDAP_USER_SEARCH_FILTER=
|
#export LDAP_USER_SEARCH_FILTER=
|
||||||
|
|
|
||||||
|
|
@ -3,7 +3,7 @@
|
||||||
# All supported keys are defined here together with descriptions and default values
|
# All supported keys are defined here together with descriptions and default values
|
||||||
|
|
||||||
# list of supported keys
|
# list of supported keys
|
||||||
keys="DEBUG MONGODB_BIND_UNIX_SOCKET MONGODB_BIND_IP MONGODB_PORT MAIL_URL MAIL_FROM ROOT_URL PORT DISABLE_MONGODB CADDY_ENABLED CADDY_BIND_PORT WITH_API ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURES_BEFORE ACCOUNTS_LOCKOUT_KNOWN_USERS_PERIOD ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURE_WINDOW ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURES_BERORE ACCOUNTS_LOCKOUT_UNKNOWN_USERS_LOCKOUT_PERIOD ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURE_WINDOW EMAIL_NOTIFICATION_TIMEOUT CORS MATOMO_ADDRESS MATOMO_SITE_ID MATOMO_DO_NOT_TRACK MATOMO_WITH_USERNAME BROWSER_POLICY_ENABLED TRUSTED_URL WEBHOOKS_ATTRIBUTES OAUTH2_ENABLED OAUTH2_LOGIN_STYLE OAUTH2_CLIENT_ID OAUTH2_SECRET OAUTH2_SERVER_URL OAUTH2_AUTH_ENDPOINT OAUTH2_USERINFO_ENDPOINT OAUTH2_TOKEN_ENDPOINT OAUTH2_ID_MAP OAUTH2_USERNAME_MAP OAUTH2_FULLNAME_MAP OAUTH2_EMAIL_MAP LDAP_ENABLE LDAP_PORT LDAP_HOST LDAP_BASEDN LDAP_LOGIN_FALLBACK LDAP_RECONNECT LDAP_TIMEOUT LDAP_IDLE_TIMEOUT LDAP_CONNECT_TIMEOUT LDAP_AUTHENTIFICATION LDAP_AUTHENTIFICATION_USERDN LDAP_AUTHENTIFICATION_PASSWORD LDAP_LOG_ENABLED LDAP_BACKGROUND_SYNC LDAP_BACKGROUND_SYNC_INTERVAL LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS LDAP_ENCRYPTION LDAP_CA_CERT LDAP_REJECT_UNAUTHORIZED LDAP_USER_SEARCH_FILTER LDAP_USER_SEARCH_SCOPE LDAP_USER_SEARCH_FIELD LDAP_SEARCH_PAGE_SIZE LDAP_SEARCH_SIZE_LIMIT LDAP_GROUP_FILTER_ENABLE LDAP_GROUP_FILTER_OBJECTCLASS LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT LDAP_GROUP_FILTER_GROUP_NAME LDAP_UNIQUE_IDENTIFIER_FIELD LDAP_UTF8_NAMES_SLUGIFY LDAP_USERNAME_FIELD LDAP_FULLNAME_FIELD LDAP_MERGE_EXISTING_USERS LDAP_SYNC_USER_DATA LDAP_SYNC_USER_DATA_FIELDMAP LDAP_SYNC_GROUP_ROLES LDAP_DEFAULT_DOMAIN LDAP_EMAIL_MATCH_ENABLE LDAP_EMAIL_MATCH_REQUIRE LDAP_EMAIL_MATCH_VERIFIED LDAP_EMAIL_FIELD LDAP_SYNC_ADMIN_STATUS LDAP_SYNC_ADMIN_GROUPS HEADER_LOGIN_ID HEADER_LOGIN_FIRSTNAME HEADER_LOGIN_LASTNAME HEADER_LOGIN_EMAIL LOGOUT_WITH_TIMER LOGOUT_IN LOGOUT_ON_HOURS LOGOUT_ON_MINUTES DEFAULT_AUTHENTICATION_METHOD"
|
keys="DEBUG MONGODB_BIND_UNIX_SOCKET MONGODB_BIND_IP MONGODB_PORT MAIL_URL MAIL_FROM ROOT_URL PORT DISABLE_MONGODB CADDY_ENABLED CADDY_BIND_PORT WITH_API ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURES_BEFORE ACCOUNTS_LOCKOUT_KNOWN_USERS_PERIOD ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURE_WINDOW ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURES_BERORE ACCOUNTS_LOCKOUT_UNKNOWN_USERS_LOCKOUT_PERIOD ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURE_WINDOW EMAIL_NOTIFICATION_TIMEOUT CORS MATOMO_ADDRESS MATOMO_SITE_ID MATOMO_DO_NOT_TRACK MATOMO_WITH_USERNAME BROWSER_POLICY_ENABLED TRUSTED_URL WEBHOOKS_ATTRIBUTES OAUTH2_ENABLED OAUTH2_LOGIN_STYLE OAUTH2_CLIENT_ID OAUTH2_SECRET OAUTH2_SERVER_URL OAUTH2_AUTH_ENDPOINT OAUTH2_USERINFO_ENDPOINT OAUTH2_TOKEN_ENDPOINT OAUTH2_ID_MAP OAUTH2_USERNAME_MAP OAUTH2_FULLNAME_MAP OAUTH2_EMAIL_MAP LDAP_ENABLE LDAP_PORT LDAP_HOST LDAP_BASEDN LDAP_LOGIN_FALLBACK LDAP_RECONNECT LDAP_TIMEOUT LDAP_IDLE_TIMEOUT LDAP_CONNECT_TIMEOUT LDAP_AUTHENTIFICATION LDAP_AUTHENTIFICATION_USERDN LDAP_AUTHENTIFICATION_PASSWORD LDAP_LOG_ENABLED LDAP_BACKGROUND_SYNC LDAP_BACKGROUND_SYNC_INTERVAL LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS LDAP_ENCRYPTION LDAP_CA_CERT LDAP_REJECT_UNAUTHORIZED LDAP_USER_AUTHENTICATION LDAP_USER_SEARCH_FILTER LDAP_USER_SEARCH_SCOPE LDAP_USER_SEARCH_FIELD LDAP_SEARCH_PAGE_SIZE LDAP_SEARCH_SIZE_LIMIT LDAP_GROUP_FILTER_ENABLE LDAP_GROUP_FILTER_OBJECTCLASS LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT LDAP_GROUP_FILTER_GROUP_NAME LDAP_UNIQUE_IDENTIFIER_FIELD LDAP_UTF8_NAMES_SLUGIFY LDAP_USERNAME_FIELD LDAP_FULLNAME_FIELD LDAP_MERGE_EXISTING_USERS LDAP_SYNC_USER_DATA LDAP_SYNC_USER_DATA_FIELDMAP LDAP_SYNC_GROUP_ROLES LDAP_DEFAULT_DOMAIN LDAP_EMAIL_MATCH_ENABLE LDAP_EMAIL_MATCH_REQUIRE LDAP_EMAIL_MATCH_VERIFIED LDAP_EMAIL_FIELD LDAP_SYNC_ADMIN_STATUS LDAP_SYNC_ADMIN_GROUPS HEADER_LOGIN_ID HEADER_LOGIN_FIRSTNAME HEADER_LOGIN_LASTNAME HEADER_LOGIN_EMAIL LOGOUT_WITH_TIMER LOGOUT_IN LOGOUT_ON_HOURS LOGOUT_ON_MINUTES DEFAULT_AUTHENTICATION_METHOD"
|
||||||
|
|
||||||
# default values
|
# default values
|
||||||
DESCRIPTION_DEBUG="Debug OIDC OAuth2 etc. Example: sudo snap set wekan debug='true'"
|
DESCRIPTION_DEBUG="Debug OIDC OAuth2 etc. Example: sudo snap set wekan debug='true'"
|
||||||
|
|
@ -250,6 +250,10 @@ DESCRIPTION_LDAP_REJECT_UNAUTHORIZED="Reject Unauthorized Certificate"
|
||||||
DEFAULT_LDAP_REJECT_UNAUTHORIZED="false"
|
DEFAULT_LDAP_REJECT_UNAUTHORIZED="false"
|
||||||
KEY_LDAP_REJECT_UNAUTHORIZED="ldap-reject-unauthorized"
|
KEY_LDAP_REJECT_UNAUTHORIZED="ldap-reject-unauthorized"
|
||||||
|
|
||||||
|
DESCRIPTION_LDAP_USER_AUTHENTICATION="Option to login to the LDAP server with the user's own username and password, instead of an administrator key. Default: false (use administrator key)."
|
||||||
|
DEFAULT_LDAP_USER_AUTHENTICATION="false"
|
||||||
|
KEY_LDAP_USER_AUTHENTICATION="ldap-user-authentication"
|
||||||
|
|
||||||
DESCRIPTION_LDAP_USER_SEARCH_FILTER="Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed"
|
DESCRIPTION_LDAP_USER_SEARCH_FILTER="Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed"
|
||||||
DEFAULT_LDAP_USER_SEARCH_FILTER=""
|
DEFAULT_LDAP_USER_SEARCH_FILTER=""
|
||||||
KEY_LDAP_USER_SEARCH_FILTER="ldap-user-search-filter"
|
KEY_LDAP_USER_SEARCH_FILTER="ldap-user-search-filter"
|
||||||
|
|
|
||||||
|
|
@ -234,6 +234,9 @@ echo -e "Ldap Reject Unauthorized."
|
||||||
echo -e "Reject Unauthorized Certificate:"
|
echo -e "Reject Unauthorized Certificate:"
|
||||||
echo -e "\t$ snap set $SNAP_NAME ldap-reject-unauthorized='true'"
|
echo -e "\t$ snap set $SNAP_NAME ldap-reject-unauthorized='true'"
|
||||||
echo -e "\n"
|
echo -e "\n"
|
||||||
|
echo -e "Option to login to the LDAP server with the user's own username and password, instead of an administrator key. Default: false (use administrator key)."
|
||||||
|
echo -e "\t$ snap set $SNAP_NAME ldap-user-authentication='true'"
|
||||||
|
echo -e "\n"
|
||||||
echo -e "Ldap User Search Filter."
|
echo -e "Ldap User Search Filter."
|
||||||
echo -e "Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed:"
|
echo -e "Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed:"
|
||||||
echo -e "\t$ snap set $SNAP_NAME ldap-user-search-filter=''"
|
echo -e "\t$ snap set $SNAP_NAME ldap-user-search-filter=''"
|
||||||
|
|
|
||||||
|
|
@ -173,6 +173,9 @@ REM # LDAP_REJECT_UNAUTHORIZED : Reject Unauthorized Certificate
|
||||||
REM # example : LDAP_REJECT_UNAUTHORIZED=true
|
REM # example : LDAP_REJECT_UNAUTHORIZED=true
|
||||||
REM SET LDAP_REJECT_UNAUTHORIZED=false
|
REM SET LDAP_REJECT_UNAUTHORIZED=false
|
||||||
|
|
||||||
|
REM # Option to login to the LDAP server with the user's own username and password, instead of an administrator key. Default: false (use administrator key).
|
||||||
|
REM SET LDAP_USER_AUTHENTICATION=true
|
||||||
|
|
||||||
REM # LDAP_USER_SEARCH_FILTER : Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed
|
REM # LDAP_USER_SEARCH_FILTER : Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed
|
||||||
REM # example : LDAP_USER_SEARCH_FILTER=
|
REM # example : LDAP_USER_SEARCH_FILTER=
|
||||||
REM SET LDAP_USER_SEARCH_FILTER=
|
REM SET LDAP_USER_SEARCH_FILTER=
|
||||||
|
|
|
||||||
|
|
@ -210,6 +210,8 @@ function wekan_repo_check(){
|
||||||
# LDAP_REJECT_UNAUTHORIZED : Reject Unauthorized Certificate
|
# LDAP_REJECT_UNAUTHORIZED : Reject Unauthorized Certificate
|
||||||
# example : export LDAP_REJECT_UNAUTHORIZED=true
|
# example : export LDAP_REJECT_UNAUTHORIZED=true
|
||||||
#export LDAP_REJECT_UNAUTHORIZED=false
|
#export LDAP_REJECT_UNAUTHORIZED=false
|
||||||
|
# Option to login to the LDAP server with the user's own username and password, instead of an administrator key. Default: false (use administrator key).
|
||||||
|
#export LDAP_USER_AUTHENTICATION=true
|
||||||
# LDAP_USER_SEARCH_FILTER : Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed
|
# LDAP_USER_SEARCH_FILTER : Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed
|
||||||
# example : export LDAP_USER_SEARCH_FILTER=
|
# example : export LDAP_USER_SEARCH_FILTER=
|
||||||
#export LDAP_USER_SEARCH_FILTER=
|
#export LDAP_USER_SEARCH_FILTER=
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue