Andreas/wekan
1
0
Fork 0
mirror of https://github.com/wekan/wekan.git synced 2025-12-16 23:40:13 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Merge branch 'edge' into meteor-1.8

Browse source
This commit is contained in:
Lauri Ojansivu 2019-05-10 23:20:17 +03:00
commit df69ade422
13 changed files with 173 additions and 104 deletions
Download patch file Download diff file Expand all files Collapse all files

15
CHANGELOG.md
View file

@ -1,9 +1,22 @@
# v2.68 2019-05-10 Wekan release
This release adds the following new features:
- [Option to login to the LDAP server with the user's own username and password, instead of an administrator
key](https://github.com/wekan/wekan/pull/2399). Default: false (use administrator key).
With new setting: LDAP_USER_AUTHENTICATION=true.
Thanks to thiagofernando.
- [Added above new LDAP_USER_AUTHENTION=true option to Snap, Docker and Source settings](https://github.com/wekan/wekan/commit/3bbc805ee42e3c1638b50260d3fafc2b5f936923).
Thanks to xet7.
Thanks to above GitHub users for their contributions and translators for their translations.
# v2.67 2019-05-10 Wekan release # v2.67 2019-05-10 Wekan release
This release adds the following new features: This release adds the following new features:
- [Move board to Archive button at each board at All Boards page](https://github.com/wekan/wekan/commit/828f6ea321020eda77fea399df52889e2081dfac). - [Move board to Archive button at each board at All Boards page](https://github.com/wekan/wekan/commit/828f6ea321020eda77fea399df52889e2081dfac).
Thanks to xet7. Related #2389 Thanks to xet7. Related [#2389](https://github.com/wekan/wekan/issues/2389).
- [If adding Subtasks does not work on old board, added wiki page how to make it work again](https://github.com/wekan/wekan/wiki/Subtasks). - [If adding Subtasks does not work on old board, added wiki page how to make it work again](https://github.com/wekan/wekan/wiki/Subtasks).
Thanks to xet7. Thanks to xet7.

1
Dockerfile
View file

@ -61,6 +61,7 @@ ENV BUILD_DEPS="apt-utils bsdtar gnupg gosu wget curl bzip2 build-essential pyth
LDAP_ENCRYPTION=false \ LDAP_ENCRYPTION=false \
LDAP_CA_CERT="" \ LDAP_CA_CERT="" \
LDAP_REJECT_UNAUTHORIZED=false \ LDAP_REJECT_UNAUTHORIZED=false \
LDAP_USER_AUTHENTICATION=false \
LDAP_USER_SEARCH_FILTER="" \ LDAP_USER_SEARCH_FILTER="" \
LDAP_USER_SEARCH_SCOPE="" \ LDAP_USER_SEARCH_SCOPE="" \
LDAP_USER_SEARCH_FIELD="" \ LDAP_USER_SEARCH_FIELD="" \

2
Stackerfile.yml
View file

@ -1,5 +1,5 @@
appId: wekan-public/apps/77b94f60-dec9-0136-304e-16ff53095928 appId: wekan-public/apps/77b94f60-dec9-0136-304e-16ff53095928
appVersion: "v2.67.0" appVersion: "v2.68.0"
files: files:
userUploads: userUploads:
- README.md - README.md

3
docker-compose.yml
View file

@ -400,6 +400,9 @@ services:
# Reject Unauthorized Certificate # Reject Unauthorized Certificate
#- LDAP_REJECT_UNAUTHORIZED=false #- LDAP_REJECT_UNAUTHORIZED=false
# #
# Option to login to the LDAP server with the user's own username and password, instead of an administrator key. Default: false (use administrator key).
#- LDAP_USER_AUTHENTICATION="true"
#
# Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed # Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed
#- LDAP_USER_SEARCH_FILTER= #- LDAP_USER_SEARCH_FILTER=
# #

2
package.json
View file

@ -1,6 +1,6 @@
{ {
"name": "wekan", "name": "wekan",
"version": "v2.67.0", "version": "v2.68.0",
"description": "Open-Source kanban", "description": "Open-Source kanban",
"private": true, "private": true,
"scripts": { "scripts": {

34
packages/wekan-ldap/server/ldap.js
View file

@ -3,6 +3,7 @@ import util from 'util';
import Bunyan from 'bunyan'; import Bunyan from 'bunyan';
import {log_debug, log_info, log_warn, log_error} from './logger'; import {log_debug, log_info, log_warn, log_error} from './logger';
export default class LDAP { export default class LDAP {
constructor() { constructor() {
this.ldapjs = ldapjs; this.ldapjs = ldapjs;
@ -25,6 +26,8 @@ export default class LDAP {
Authentication_Fallback : this.constructor.settings_get('LDAP_LOGIN_FALLBACK'), Authentication_Fallback : this.constructor.settings_get('LDAP_LOGIN_FALLBACK'),
BaseDN : this.constructor.settings_get('LDAP_BASEDN'), BaseDN : this.constructor.settings_get('LDAP_BASEDN'),
Internal_Log_Level : this.constructor.settings_get('INTERNAL_LOG_LEVEL'), Internal_Log_Level : this.constructor.settings_get('INTERNAL_LOG_LEVEL'),
User_Authentication : this.constructor.settings_get('LDAP_USER_AUTHENTICATION'),
User_Attributes : this.constructor.settings_get('LDAP_USER_ATTRIBUTES'),
User_Search_Filter : this.constructor.settings_get('LDAP_USER_SEARCH_FILTER'), User_Search_Filter : this.constructor.settings_get('LDAP_USER_SEARCH_FILTER'),
User_Search_Scope : this.constructor.settings_get('LDAP_USER_SEARCH_SCOPE'), User_Search_Scope : this.constructor.settings_get('LDAP_USER_SEARCH_SCOPE'),
User_Search_Field : this.constructor.settings_get('LDAP_USER_SEARCH_FIELD'), User_Search_Field : this.constructor.settings_get('LDAP_USER_SEARCH_FIELD'),
@ -52,6 +55,7 @@ export default class LDAP {
log_warn(`Lookup for unset variable: ${name}`); log_warn(`Lookup for unset variable: ${name}`);
} }
} }
connectSync(...args) { connectSync(...args) {
if (!this._connectSync) { if (!this._connectSync) {
this._connectSync = Meteor.wrapAsync(this.connectAsync, this); this._connectSync = Meteor.wrapAsync(this.connectAsync, this);
@ -60,6 +64,7 @@ export default class LDAP {
} }
searchAllSync(...args) { searchAllSync(...args) {
if (!this._searchAllSync) { if (!this._searchAllSync) {
this._searchAllSync = Meteor.wrapAsync(this.searchAllAsync, this); this._searchAllSync = Meteor.wrapAsync(this.searchAllAsync, this);
} }
@ -208,6 +213,25 @@ export default class LDAP {
return `(&${filter.join('')})`; return `(&${filter.join('')})`;
} }
bindUserIfNecessary(username, password) {
if (this.domainBinded === true) {
return;
}
if (!this.options.User_Authentication) {
return;
}
if (!this.options.BaseDN) throw new Error('BaseDN is not provided');
const userDn = `uid=${username},${this.options.BaseDN}`;
this.bindSync(userDn, password);
this.domainBinded = true;
}
bindIfNecessary() { bindIfNecessary() {
if (this.domainBinded === true) { if (this.domainBinded === true) {
return; return;
@ -218,19 +242,21 @@ export default class LDAP {
} }
log_info('Binding UserDN', this.options.Authentication_UserDN); log_info('Binding UserDN', this.options.Authentication_UserDN);
this.bindSync(this.options.Authentication_UserDN, this.options.Authentication_Password); this.bindSync(this.options.Authentication_UserDN, this.options.Authentication_Password);
this.domainBinded = true; this.domainBinded = true;
} }
searchUsersSync(username, page) { searchUsersSync(username, page) {
this.bindIfNecessary(); this.bindIfNecessary();
const searchOptions = { const searchOptions = {
filter : this.getUserFilter(username), filter : this.getUserFilter(username),
scope : this.options.User_Search_Scope || 'sub', scope : this.options.User_Search_Scope || 'sub',
sizeLimit: this.options.Search_Size_Limit, sizeLimit: this.options.Search_Size_Limit,
}; };
if (!!this.options.User_Attributes) searchOptions.attributes = this.options.User_Attributes.split(',');
if (this.options.Search_Page_Size > 0) { if (this.options.Search_Page_Size > 0) {
searchOptions.paged = { searchOptions.paged = {
pageSize : this.options.Search_Page_Size, pageSize : this.options.Search_Page_Size,
@ -430,11 +456,13 @@ export default class LDAP {
log_info(title); log_info(title);
// Force LDAP idle to wait the record processing // Force LDAP idle to wait the record processing
this.client._updateIdle(true); this.client._updateIdle(true);
page(null, entries, {end, next: () => { page(null, entries, {
end, next: () => {
// Reset idle timer // Reset idle timer
this.client._updateIdle(); this.client._updateIdle();
next && next(); next && next();
}}); }
});
}; };
this.client.search(BaseDN, options, (error, res) => { this.client.search(BaseDN, options, (error, res) => {

14
packages/wekan-ldap/server/loginHandler.js
View file

@ -41,7 +41,14 @@ Accounts.registerLoginHandler('ldap', function(loginRequest) {
let ldapUser; let ldapUser;
try { try {
ldap.connectSync(); ldap.connectSync();
if (!!LDAP.settings_get('LDAP_USER_AUTHENTICATION')) {
ldap.bindUserIfNecessary(loginRequest.username, loginRequest.ldapPass);
ldapUser = ldap.searchUsersSync(loginRequest.username)[0];
} else {
const users = ldap.searchUsersSync(loginRequest.username); const users = ldap.searchUsersSync(loginRequest.username);
if (users.length !== 1) { if (users.length !== 1) {
@ -58,11 +65,14 @@ Accounts.registerLoginHandler('ldap', function(loginRequest) {
} else { } else {
log_info('Wrong password for', loginRequest.username); log_info('Wrong password for', loginRequest.username);
} }
}
} catch (error) { } catch (error) {
log_error(error); log_error(error);
} }
if (ldapUser === undefined) { if (!ldapUser) {
if (LDAP.settings_get('LDAP_LOGIN_FALLBACK') === true) { if (LDAP.settings_get('LDAP_LOGIN_FALLBACK') === true) {
return fallbackDefaultAccountSystem(self, loginRequest.username, loginRequest.ldapPass); return fallbackDefaultAccountSystem(self, loginRequest.username, loginRequest.ldapPass);
} }
@ -76,7 +86,6 @@ Accounts.registerLoginHandler('ldap', function(loginRequest) {
const Unique_Identifier_Field = getLdapUserUniqueID(ldapUser); const Unique_Identifier_Field = getLdapUserUniqueID(ldapUser);
let user; let user;
// Attempt to find user by unique identifier // Attempt to find user by unique identifier
if (Unique_Identifier_Field) { if (Unique_Identifier_Field) {
@ -105,6 +114,7 @@ Accounts.registerLoginHandler('ldap', function(loginRequest) {
email = getLdapEmail(ldapUser); email = getLdapEmail(ldapUser);
} }
if (!user) { if (!user) {
if(email && LDAP.settings_get('LDAP_EMAIL_MATCH_REQUIRE') === true) { if(email && LDAP.settings_get('LDAP_EMAIL_MATCH_REQUIRE') === true) {
if(LDAP.settings_get('LDAP_EMAIL_MATCH_VERIFIED') === true) { if(LDAP.settings_get('LDAP_EMAIL_MATCH_VERIFIED') === true) {

2
releases/virtualbox/start-wekan.sh
View file

@ -191,6 +191,8 @@
# LDAP_REJECT_UNAUTHORIZED : Reject Unauthorized Certificate # LDAP_REJECT_UNAUTHORIZED : Reject Unauthorized Certificate
# example : export LDAP_REJECT_UNAUTHORIZED=true # example : export LDAP_REJECT_UNAUTHORIZED=true
#export LDAP_REJECT_UNAUTHORIZED=false #export LDAP_REJECT_UNAUTHORIZED=false
# Option to login to the LDAP server with the user's own username and password, instead of an administrator key. Default: false (use administrator key).
#export LDAP_USER_AUTHENTICATION=true
# LDAP_USER_SEARCH_FILTER : Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed # LDAP_USER_SEARCH_FILTER : Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed
# example : export LDAP_USER_SEARCH_FILTER= # example : export LDAP_USER_SEARCH_FILTER=
#export LDAP_USER_SEARCH_FILTER= #export LDAP_USER_SEARCH_FILTER=

4
sandstorm-pkgdef.capnp
View file

@ -22,10 +22,10 @@ const pkgdef :Spk.PackageDefinition = (
appTitle = (defaultText = "Wekan"), appTitle = (defaultText = "Wekan"),
# The name of the app as it is displayed to the user. # The name of the app as it is displayed to the user.
appVersion = 269, appVersion = 270,
# Increment this for every release. # Increment this for every release.
appMarketingVersion = (defaultText = "2.67.0~2019-05-10"), appMarketingVersion = (defaultText = "2.68.0~2019-05-10"),
# Human-readable presentation of the app version. # Human-readable presentation of the app version.
minUpgradableAppVersion = 0, minUpgradableAppVersion = 0,

6
snap-src/bin/config
View file

@ -3,7 +3,7 @@
# All supported keys are defined here together with descriptions and default values # All supported keys are defined here together with descriptions and default values
# list of supported keys # list of supported keys
keys="DEBUG MONGODB_BIND_UNIX_SOCKET MONGODB_BIND_IP MONGODB_PORT MAIL_URL MAIL_FROM ROOT_URL PORT DISABLE_MONGODB CADDY_ENABLED CADDY_BIND_PORT WITH_API ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURES_BEFORE ACCOUNTS_LOCKOUT_KNOWN_USERS_PERIOD ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURE_WINDOW ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURES_BERORE ACCOUNTS_LOCKOUT_UNKNOWN_USERS_LOCKOUT_PERIOD ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURE_WINDOW EMAIL_NOTIFICATION_TIMEOUT CORS MATOMO_ADDRESS MATOMO_SITE_ID MATOMO_DO_NOT_TRACK MATOMO_WITH_USERNAME BROWSER_POLICY_ENABLED TRUSTED_URL WEBHOOKS_ATTRIBUTES OAUTH2_ENABLED OAUTH2_LOGIN_STYLE OAUTH2_CLIENT_ID OAUTH2_SECRET OAUTH2_SERVER_URL OAUTH2_AUTH_ENDPOINT OAUTH2_USERINFO_ENDPOINT OAUTH2_TOKEN_ENDPOINT OAUTH2_ID_MAP OAUTH2_USERNAME_MAP OAUTH2_FULLNAME_MAP OAUTH2_EMAIL_MAP LDAP_ENABLE LDAP_PORT LDAP_HOST LDAP_BASEDN LDAP_LOGIN_FALLBACK LDAP_RECONNECT LDAP_TIMEOUT LDAP_IDLE_TIMEOUT LDAP_CONNECT_TIMEOUT LDAP_AUTHENTIFICATION LDAP_AUTHENTIFICATION_USERDN LDAP_AUTHENTIFICATION_PASSWORD LDAP_LOG_ENABLED LDAP_BACKGROUND_SYNC LDAP_BACKGROUND_SYNC_INTERVAL LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS LDAP_ENCRYPTION LDAP_CA_CERT LDAP_REJECT_UNAUTHORIZED LDAP_USER_SEARCH_FILTER LDAP_USER_SEARCH_SCOPE LDAP_USER_SEARCH_FIELD LDAP_SEARCH_PAGE_SIZE LDAP_SEARCH_SIZE_LIMIT LDAP_GROUP_FILTER_ENABLE LDAP_GROUP_FILTER_OBJECTCLASS LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT LDAP_GROUP_FILTER_GROUP_NAME LDAP_UNIQUE_IDENTIFIER_FIELD LDAP_UTF8_NAMES_SLUGIFY LDAP_USERNAME_FIELD LDAP_FULLNAME_FIELD LDAP_MERGE_EXISTING_USERS LDAP_SYNC_USER_DATA LDAP_SYNC_USER_DATA_FIELDMAP LDAP_SYNC_GROUP_ROLES LDAP_DEFAULT_DOMAIN LDAP_EMAIL_MATCH_ENABLE LDAP_EMAIL_MATCH_REQUIRE LDAP_EMAIL_MATCH_VERIFIED LDAP_EMAIL_FIELD LDAP_SYNC_ADMIN_STATUS LDAP_SYNC_ADMIN_GROUPS HEADER_LOGIN_ID HEADER_LOGIN_FIRSTNAME HEADER_LOGIN_LASTNAME HEADER_LOGIN_EMAIL LOGOUT_WITH_TIMER LOGOUT_IN LOGOUT_ON_HOURS LOGOUT_ON_MINUTES DEFAULT_AUTHENTICATION_METHOD" keys="DEBUG MONGODB_BIND_UNIX_SOCKET MONGODB_BIND_IP MONGODB_PORT MAIL_URL MAIL_FROM ROOT_URL PORT DISABLE_MONGODB CADDY_ENABLED CADDY_BIND_PORT WITH_API ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURES_BEFORE ACCOUNTS_LOCKOUT_KNOWN_USERS_PERIOD ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURE_WINDOW ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURES_BERORE ACCOUNTS_LOCKOUT_UNKNOWN_USERS_LOCKOUT_PERIOD ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURE_WINDOW EMAIL_NOTIFICATION_TIMEOUT CORS MATOMO_ADDRESS MATOMO_SITE_ID MATOMO_DO_NOT_TRACK MATOMO_WITH_USERNAME BROWSER_POLICY_ENABLED TRUSTED_URL WEBHOOKS_ATTRIBUTES OAUTH2_ENABLED OAUTH2_LOGIN_STYLE OAUTH2_CLIENT_ID OAUTH2_SECRET OAUTH2_SERVER_URL OAUTH2_AUTH_ENDPOINT OAUTH2_USERINFO_ENDPOINT OAUTH2_TOKEN_ENDPOINT OAUTH2_ID_MAP OAUTH2_USERNAME_MAP OAUTH2_FULLNAME_MAP OAUTH2_EMAIL_MAP LDAP_ENABLE LDAP_PORT LDAP_HOST LDAP_BASEDN LDAP_LOGIN_FALLBACK LDAP_RECONNECT LDAP_TIMEOUT LDAP_IDLE_TIMEOUT LDAP_CONNECT_TIMEOUT LDAP_AUTHENTIFICATION LDAP_AUTHENTIFICATION_USERDN LDAP_AUTHENTIFICATION_PASSWORD LDAP_LOG_ENABLED LDAP_BACKGROUND_SYNC LDAP_BACKGROUND_SYNC_INTERVAL LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS LDAP_ENCRYPTION LDAP_CA_CERT LDAP_REJECT_UNAUTHORIZED LDAP_USER_AUTHENTICATION LDAP_USER_SEARCH_FILTER LDAP_USER_SEARCH_SCOPE LDAP_USER_SEARCH_FIELD LDAP_SEARCH_PAGE_SIZE LDAP_SEARCH_SIZE_LIMIT LDAP_GROUP_FILTER_ENABLE LDAP_GROUP_FILTER_OBJECTCLASS LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT LDAP_GROUP_FILTER_GROUP_NAME LDAP_UNIQUE_IDENTIFIER_FIELD LDAP_UTF8_NAMES_SLUGIFY LDAP_USERNAME_FIELD LDAP_FULLNAME_FIELD LDAP_MERGE_EXISTING_USERS LDAP_SYNC_USER_DATA LDAP_SYNC_USER_DATA_FIELDMAP LDAP_SYNC_GROUP_ROLES LDAP_DEFAULT_DOMAIN LDAP_EMAIL_MATCH_ENABLE LDAP_EMAIL_MATCH_REQUIRE LDAP_EMAIL_MATCH_VERIFIED LDAP_EMAIL_FIELD LDAP_SYNC_ADMIN_STATUS LDAP_SYNC_ADMIN_GROUPS HEADER_LOGIN_ID HEADER_LOGIN_FIRSTNAME HEADER_LOGIN_LASTNAME HEADER_LOGIN_EMAIL LOGOUT_WITH_TIMER LOGOUT_IN LOGOUT_ON_HOURS LOGOUT_ON_MINUTES DEFAULT_AUTHENTICATION_METHOD"
# default values # default values
DESCRIPTION_DEBUG="Debug OIDC OAuth2 etc. Example: sudo snap set wekan debug='true'" DESCRIPTION_DEBUG="Debug OIDC OAuth2 etc. Example: sudo snap set wekan debug='true'"
@ -250,6 +250,10 @@ DESCRIPTION_LDAP_REJECT_UNAUTHORIZED="Reject Unauthorized Certificate"
DEFAULT_LDAP_REJECT_UNAUTHORIZED="false" DEFAULT_LDAP_REJECT_UNAUTHORIZED="false"
KEY_LDAP_REJECT_UNAUTHORIZED="ldap-reject-unauthorized" KEY_LDAP_REJECT_UNAUTHORIZED="ldap-reject-unauthorized"
DESCRIPTION_LDAP_USER_AUTHENTICATION="Option to login to the LDAP server with the user's own username and password, instead of an administrator key. Default: false (use administrator key)."
DEFAULT_LDAP_USER_AUTHENTICATION="false"
KEY_LDAP_USER_AUTHENTICATION="ldap-user-authentication"
DESCRIPTION_LDAP_USER_SEARCH_FILTER="Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed" DESCRIPTION_LDAP_USER_SEARCH_FILTER="Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed"
DEFAULT_LDAP_USER_SEARCH_FILTER="" DEFAULT_LDAP_USER_SEARCH_FILTER=""
KEY_LDAP_USER_SEARCH_FILTER="ldap-user-search-filter" KEY_LDAP_USER_SEARCH_FILTER="ldap-user-search-filter"

3
snap-src/bin/wekan-help
View file

@ -234,6 +234,9 @@ echo -e "Ldap Reject Unauthorized."
echo -e "Reject Unauthorized Certificate:" echo -e "Reject Unauthorized Certificate:"
echo -e "\t$ snap set $SNAP_NAME ldap-reject-unauthorized='true'" echo -e "\t$ snap set $SNAP_NAME ldap-reject-unauthorized='true'"
echo -e "\n" echo -e "\n"
echo -e "Option to login to the LDAP server with the user's own username and password, instead of an administrator key. Default: false (use administrator key)."
echo -e "\t$ snap set $SNAP_NAME ldap-user-authentication='true'"
echo -e "\n"
echo -e "Ldap User Search Filter." echo -e "Ldap User Search Filter."
echo -e "Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed:" echo -e "Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed:"
echo -e "\t$ snap set $SNAP_NAME ldap-user-search-filter=''" echo -e "\t$ snap set $SNAP_NAME ldap-user-search-filter=''"

3
start-wekan.bat
View file

@ -173,6 +173,9 @@ REM # LDAP_REJECT_UNAUTHORIZED : Reject Unauthorized Certificate
REM # example : LDAP_REJECT_UNAUTHORIZED=true REM # example : LDAP_REJECT_UNAUTHORIZED=true
REM SET LDAP_REJECT_UNAUTHORIZED=false REM SET LDAP_REJECT_UNAUTHORIZED=false
REM # Option to login to the LDAP server with the user's own username and password, instead of an administrator key. Default: false (use administrator key).
REM SET LDAP_USER_AUTHENTICATION=true
REM # LDAP_USER_SEARCH_FILTER : Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed REM # LDAP_USER_SEARCH_FILTER : Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed
REM # example : LDAP_USER_SEARCH_FILTER= REM # example : LDAP_USER_SEARCH_FILTER=
REM SET LDAP_USER_SEARCH_FILTER= REM SET LDAP_USER_SEARCH_FILTER=

2
start-wekan.sh
View file

@ -193,6 +193,8 @@
# LDAP_REJECT_UNAUTHORIZED : Reject Unauthorized Certificate # LDAP_REJECT_UNAUTHORIZED : Reject Unauthorized Certificate
# example : export LDAP_REJECT_UNAUTHORIZED=true # example : export LDAP_REJECT_UNAUTHORIZED=true
#export LDAP_REJECT_UNAUTHORIZED=false #export LDAP_REJECT_UNAUTHORIZED=false
# Option to login to the LDAP server with the user's own username and password, instead of an administrator key. Default: false (use administrator key).
#export LDAP_USER_AUTHENTICATION=true
# LDAP_USER_SEARCH_FILTER : Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed # LDAP_USER_SEARCH_FILTER : Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed
# example : export LDAP_USER_SEARCH_FILTER= # example : export LDAP_USER_SEARCH_FILTER=
#export LDAP_USER_SEARCH_FILTER= #export LDAP_USER_SEARCH_FILTER=