LDAP AD Simple Auth: Added settings for all Wekan Standalone (non-Sandstorm) platforms.

Thanks to xet7 !
2026-01-07 01:58:49 +01:00 · 2021-07-24 19:20:47 +03:00 · 2021-07-24 19:20:47 +03:00 · fe40f35d6d
commit fe40f35d6d
parent c0d1ed714e
8 changed files with 243 additions and 45 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -439,16 +439,48 @@ services:
      #
      # The host server for the LDAP server
      #- LDAP_HOST=localhost
-	    #
-      # set to true, if you want to connect with Active Directory by Simple Authentication
-      - LDAP_AD_SIMPLE_AUTH=true
      #
-      # set to true, if the login user is used for binding
-      - LDAP_USER_AUTHENTICATION=true
+      #-----------------------------------------------------------------
+      # ==== LDAP AD Simple Auth ====
+      #
+      # Set to true, if you want to connect with Active Directory by Simple Authentication.
+      # When using AD Simple Auth, LDAP_BASEDN is not needed.
+      #
+      # Example:
+      #- LDAP_AD_SIMPLE_AUTH=true
+      #
+      # === LDAP User Authentication ===
+      #
+      # a) Option to login to the LDAP server with the user's own username and password, instead of
+      #    an administrator key. Default: false (use administrator key).
+      #
+      # b) When using AD Simple Auth, set to true, when login user is used for binding,
+      #    and LDAP_BASEDN is not needed.
+      #
+      # Example:
+      #- LDAP_USER_AUTHENTICATION=true
+      #
+      # Which field is used to find the user for the user authentication. Default: uid.
+      #- LDAP_USER_AUTHENTICATION_FIELD=uid
+      #
+      # === LDAP Default Domain ===
+      #
+      # a) In case AD SimpleAuth is configured, the default domain is appended to the given
+      #    loginname for creating the correct username for the bind request to AD.
+      #
+      # b) The default domain of the ldap it is used to create email if the field is not map
+      #     correctly with the LDAP_SYNC_USER_DATA_FIELDMAP
+      #
+      # Example :
+      #- LDAP_DEFAULT_DOMAIN=mydomain.com
+      #
+      #-----------------------------------------------------------------
+      # ==== LDAP BASEDN Auth ====
      #
      # The base DN for the LDAP Tree
      #- LDAP_BASEDN=ou=user,dc=example,dc=org
      #
+      #-----------------------------------------------------------------
      # Fallback on the default authentication method
      #- LDAP_LOGIN_FALLBACK=false
      #
@ -499,12 +531,6 @@ services:
      # Reject Unauthorized Certificate
      #- LDAP_REJECT_UNAUTHORIZED=false
      #
-      # Option to login to the LDAP server with the user's own username and password, instead of an administrator key. Default: false (use administrator key).
-      #- LDAP_USER_AUTHENTICATION=true
-      #
-      # Which field is used to find the user for the user authentication. Default: uid.
-      #- LDAP_USER_AUTHENTICATION_FIELD=uid
-      #
      # Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed
      #- LDAP_USER_SEARCH_FILTER=
      #
@ -570,10 +596,8 @@ services:
      #
      #- LDAP_SYNC_GROUP_ROLES=
      #
-      # The default domain of the ldap it is used to create email if the field is not map correctly with the LDAP_SYNC_USER_DATA_FIELDMAP
-      # In case SimpleAuth with AD is configured, the default domain is appended to the given loginname for creating the correct username for the bind request to AD
-      # example :
-      #- LDAP_DEFAULT_DOMAIN=mydomain.com
+      # The default domain of the ldap it is used to create email if the field is not map correctly
+      # with the LDAP_SYNC_USER_DATA_FIELDMAP is defined in setting LDAP_DEFAULT_DOMAIN above.
      #
      # Enable/Disable syncing of admin status based on ldap groups:
      #- LDAP_SYNC_ADMIN_STATUS=true