MISP / misp-docker

A production ready Dockered MISP
GNU General Public License v3.0
166 stars 96 forks source link

LDAP "createUser" and "updateUser" configuration setting in MISP core/files/configure_misp.sh #177

Open escamudo opened 1 week ago

escamudo commented 1 week ago

Is it possible to add the "createUser" and "updateUser" setting to misp-docker/core/files/configure_misp.sh to enable automatic user information updates with each LDAP login?

The "updateUser" would allow MISP roles for LDAP groups to be refreshed automatically on the user's next login, ensuring that any role changes are immediately applied to users within the LDAP group. ( https://www.circl.lu/doc/misp/appendices/#appendix-f-ldap-authentication )

LDAP_DEFAULT_ROLE_ID="{\"ldap_misp_group_publisher\": 4, \"ldap_misp_group_admins\": 1}"

core/files/configure_misp.sh :

    sudo -u www-data php /var/www/MISP/tests/modify_config.php modify "{
        \"ApacheSecureAuth\": {
            \"apacheEnv\": \"${LDAP_APACHE_ENV}\",
            \"ldapServer\": \"${LDAP_SERVER}\",
            \"starttls\": ${LDAP_STARTTLS},
            \"ldapProtocol\": ${LDAP_OPT_PROTOCOL_VERSION},
            \"ldapNetworkTimeout\": ${LDAP_OPT_NETWORK_TIMEOUT},
            \"ldapReaderUser\": \"${LDAP_READER_USER}\",
            \"ldapReaderPassword\": \"${LDAP_READER_PASSWORD}\",
            \"ldapDN\": \"${LDAP_DN}\",
            \"ldapSearchFilter\": \"${LDAP_SEARCH_FILTER}\",
            \"ldapSearchAttribut\": \"${LDAP_SEARCH_ATTRIBUTE}\",
            \"ldapFilter\": ${LDAP_FILTER},
            #################### TO ADD ####################
            \"createUser\": ${LDAP_CREATE_USER},
            \"updateUser\": ${LDAP_UPDATE_USER},
            ###############################################
            \"ldapDefaultRoleId\": ${LDAP_DEFAULT_ROLE_ID},
            \"ldapDefaultOrg\": \"${LDAP_DEFAULT_ORG}\",
            \"ldapAllowReferrals\": ${LDAP_OPT_REFERRALS},
            \"ldapEmailField\": ${LDAP_EMAIL_FIELD}
        }
    }" > /dev/null
ostefano commented 1 week ago

How would those vars be initialized?

Can you create a PR?