MISP / misp-docker

A production ready Dockered MISP
GNU General Public License v3.0
169 stars 101 forks source link

LDAP "createUser" and "updateUser" configuration setting in MISP core/files/configure_misp.sh #177

Open escamudo opened 3 weeks ago

escamudo commented 3 weeks ago

Is it possible to add the "createUser" and "updateUser" setting to misp-docker/core/files/configure_misp.sh to enable automatic user information updates with each LDAP login?

The "updateUser" would allow MISP roles for LDAP groups to be refreshed automatically on the user's next login, ensuring that any role changes are immediately applied to users within the LDAP group. ( https://www.circl.lu/doc/misp/appendices/#appendix-f-ldap-authentication )

LDAP_DEFAULT_ROLE_ID="{\"ldap_misp_group_publisher\": 4, \"ldap_misp_group_admins\": 1}"

core/files/configure_misp.sh :

    sudo -u www-data php /var/www/MISP/tests/modify_config.php modify "{
        \"ApacheSecureAuth\": {
            \"apacheEnv\": \"${LDAP_APACHE_ENV}\",
            \"ldapServer\": \"${LDAP_SERVER}\",
            \"starttls\": ${LDAP_STARTTLS},
            \"ldapProtocol\": ${LDAP_OPT_PROTOCOL_VERSION},
            \"ldapNetworkTimeout\": ${LDAP_OPT_NETWORK_TIMEOUT},
            \"ldapReaderUser\": \"${LDAP_READER_USER}\",
            \"ldapReaderPassword\": \"${LDAP_READER_PASSWORD}\",
            \"ldapDN\": \"${LDAP_DN}\",
            \"ldapSearchFilter\": \"${LDAP_SEARCH_FILTER}\",
            \"ldapSearchAttribut\": \"${LDAP_SEARCH_ATTRIBUTE}\",
            \"ldapFilter\": ${LDAP_FILTER},
            #################### TO ADD ####################
            \"createUser\": ${LDAP_CREATE_USER},
            \"updateUser\": ${LDAP_UPDATE_USER},
            ###############################################
            \"ldapDefaultRoleId\": ${LDAP_DEFAULT_ROLE_ID},
            \"ldapDefaultOrg\": \"${LDAP_DEFAULT_ORG}\",
            \"ldapAllowReferrals\": ${LDAP_OPT_REFERRALS},
            \"ldapEmailField\": ${LDAP_EMAIL_FIELD}
        }
    }" > /dev/null
ostefano commented 3 weeks ago

How would those vars be initialized?

Can you create a PR?