Closed Hacksawfred3232 closed 1 year ago
I've implemented this in the development build, so you've now got the following settings:
public bool UseLDAPLogins = false;
public string LDAPAuthDomain = "";
public string LDAPGroupPrefix = "AMP_";
public string LDAPUserDomain = "";
public bool LDAPADPre2000 = false;
public bool LDAPStripDomainFromFilter = false;
Still unable to get this working. Tested with stock AD
Still unable to get this working. Tested with stock AD
Depending on how Microsoft has configured it stock, you may have to use stunnel4 to force AMP to talk securely to the LDAP server's TLS setup. Also, see issue #912 for a short term mitigation. And stay off dev branch for now until otherwise told.
Feature Request
Feature Information:
TL;DR: Allow users to customize how the filter and the username is passed to the backend LDAP server.
So, revisiting LDAP authentication, I managed to come up with solutions to overcome some of the problems I was encountering before. I'm now able to use my SAMBA AD-DC controller because I should be able to force AMP to use a TLS connection through the helpful use of Stunnel4. And repeating some of the steps using LDAPSearch in the help forums has shown that - unless Novell uses some ass backwards methods vs LDAPSearch - that I should able to set this up without a hitch. One slight problem. This is the code for LDAP login as referenced from here ( https://discourse.cubecoders.com/t/amp-ldap-integration-non-functional-linux/4204/3 ):
Translated to LDAPSearch...
Which, on the surface, looks okay. However, for those using SAMBA AD-DC, this happens instead:
For reference, what I tried is the following:
Okay, enough rambling, what should be added?
Two parameters: Login.LDAPUserDomain -> The domain name to prefix/suffix to the user Login.LDAPPre2000k -> If True, "LDAPUserDomain\user", else "user@LDAPUserDomain".
Note that the parameters above should not affect what is passed to the filter. So for example: Let's say the server is hosted at localhost. If LDAPUserDomain is set to "example.com", LDAPPre2000k is to false, the username is "johndoe", and the password is "123546", the resulting search (in LDAPSearch format) should be:
That seems a little too much. Any other ideas?
Just the one. Login.LDAPStripDomainFromFilter -> If the user passes in a username in the format of "domain\username" or "username@domain", the domain (alongside the "@" and "\") should be stripped from what is passed into the filter.
Might be more complex to code in, but it will be more ubiquitous to end users.
I confirm: