Skip to content

Commit

Permalink
GH-1879 Make LDAP objectClass configurable through "typeAttribute" pr…
Browse files Browse the repository at this point in the history
…operty (Resolve #1879)
  • Loading branch information
dzikoysk committed Aug 11, 2023
1 parent 62deca6 commit b2ec513
Show file tree
Hide file tree
Showing 4 changed files with 15 additions and 11 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@ internal class LdapAuthenticator(
createSearchContext()
.flatMap {
it.search(
ldapFilterQuery = "(&(objectClass=person)($userAttribute={0}))", // find user entry with search user,
ldapFilterQuery = "(&(objectClass=$typeAttribute)($userAttribute={0}))", // find user entry with search user,
ldapFilterQueryArguments = arrayOf(credentials.name),
requestedAttributes = arrayOf(userAttribute)
)
Expand All @@ -93,7 +93,7 @@ internal class LdapAuthenticator(
}
.flatMap {
it.search(
ldapFilterQuery = "(&(objectClass=person)($userAttribute={0})$userFilter)", // filter result with user-filter from configuration
ldapFilterQuery = "(&(objectClass=$typeAttribute)($userAttribute={0})$userFilter)", // filter result with user-filter from configuration
ldapFilterQueryArguments = arrayOf(credentials.name),
requestedAttributes = arrayOf(userAttribute)
)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -44,10 +44,12 @@ data class LdapSettings(
val searchUserDn: String = "cn=reposilite,ou=admins,dc=domain,dc=com",
@get:Doc(title = "Search-User Password", description = "Search user's password")
val searchUserPassword: String = "reposilite-admin-secret",
@get:Doc(title = "Type Attribute", description = "Attribute in LDAP that represents given type/group (objectClass)")
val typeAttribute: String = "person",
@get:Doc(title = "User Attribute", description = "Attribute in LDAP that represents unique username used to create access token")
val userAttribute: String = "cn",
@get:Doc(title = "User Filter", description = "LDAP user filter")
val userFilter: String = "(&(objectClass=person)(ou=Maven Users))",
val userFilter: String = "(&(objectClass=$typeAttribute)(ou=Maven Users))",
@get:Doc(title = "User Type", description = "Should the created through LDAP access token be TEMPORARY or PERSISTENT")
val userType: AccessTokenType = PERSISTENT
) : SharedSettings
17 changes: 9 additions & 8 deletions reposilite-site/data/guides/authentication/ldap.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,14 +10,15 @@ If you feel that current implementation could be improved or slightly changed, l
First of all, you have to enable LDAP authenticator in [shared settings]().
Then, you can configure configuration to your LDAP server.

| Property | Example value | Description |
| :--: | :---: | :---: |
| baseDn | dc=company,dc=com | Base DN with users |
| searchUserDn | cn=reposilite,ou=admins,dc=domain,dc=com | User used to perform searches in LDAP server (requires permissions to read all LDAP entries) |
| searchUserPassword | reposilite-admin-secret | Search user's password |
| userAttribute | cn | Attribute in LDAP that represents unique username used to create access token |
| userFilter | (&(objectClass=person)(ou=Maven Users)) | LDAP user filter |
| userType | TEMPORARY or PERSISTENT | Type of mapped token |
| Property | Example value | Description |
|:------------------:|:----------------------------------------:|:--------------------------------------------------------------------------------------------:|
| baseDn | dc=company,dc=com | Base DN with users |
| searchUserDn | cn=reposilite,ou=admins,dc=domain,dc=com | User used to perform searches in LDAP server (requires permissions to read all LDAP entries) |
| searchUserPassword | reposilite-admin-secret | Search user's password |
| typeAttribute | person | Attribute in LDAP that object type (objectClass) |
| userAttribute | cn | Attribute in LDAP that represents unique username used to create access token |
| userFilter | (&(objectClass=person)(ou=Maven Users)) | LDAP user filter |
| userType | TEMPORARY or PERSISTENT | Type of mapped token |

`Tip` If you're not familiar with LDAP,
you may also try to find some detailed docs about LDAP integration in other open source tools such as e.g. [GitLab Docs / LDAP](https://docs.gitlab.com/ee/administration/auth/ldap/).
Expand Down
1 change: 1 addition & 0 deletions reposilite-site/data/guides/installation/settings.md
Original file line number Diff line number Diff line change
Expand Up @@ -193,6 +193,7 @@ Example output:
"baseDn": "dc=company,dc=com",
"searchUserDn": "cn=reposilite,ou=admins,dc=domain,dc=com",
"searchUserPassword": "reposilite-admin-secret",
"typeAttribute": "person",
"userAttribute": "cn",
"userFilter": "(&(objectClass=person)(ou=Maven Users))",
"userType": "PERSISTENT"
Expand Down

0 comments on commit b2ec513

Please sign in to comment.