Closed kernsb closed 4 years ago
Thanks, @kernsb!
I'm assuming, but want to make sure, this is backwards compatible with any other install that might have the old LDAP fields in play in local_settings.php?
To my knowledge, yes. Most of what I did only executes when “use_ad_ldap” is set to true.
The only line that could even possibly have any issue would be the ldap filter line (198) where I included “objectClass=user“ for efficiency and the optional additional filter.
I’m 99% sure that is all standard ldap filtering, but I don’t have access to a vanilla ldap to test against, myself.
@kernsb Okay great!
cc'ing @ccc2lu who committed the original LDAP work. I'll go ahead and run the pull request (and add the relevant fields to the "Changes to config files" wiki page... @ccc2lu can you let us know if this causes any problems?
Thanks!
Additions to allow compatibility with AD LDAP.
In user model:
In local settings:
Example config entries for AD connecting over LDAPS and limited to "Scalar Users" group for access:
` // LDAP authentication settings $config['use_ldap'] = (getenv('SCALAR_USE_LDAP') ? getenv('SCALAR_USE_LDAP') : true); // Default: off $config['ldap_server'] = (getenv('SCALAR_LDAP_SERVER') ? getenv('SCALAR_LDAP_SERVER') : "ldap://company.domain.com"); // Use 'ldap://' prefix even if connecting to ldaps $config['ldap_port'] = (getenv('SCALAR_LDAP_PORT') ? getenv('SCALAR_LDAP_PORT') : 636); $config['ldap_basedn'] = (getenv('SCALAR_LDAP_BASEDN') ? getenv('SCALAR_LDAP_BASEDN') : "DC=company,DC=domain,DC=com"); $config['ldap_uname_field'] = (getenv('SCALAR_LDAP_UNAME_FIELD') ? getenv('SCALAR_LDAP_UNAME_FIELD') : "sAMAccountName"); // Default 'uid', For AD use 'sAMAccountName' $config['ldap_filter'] = (getenv('SCALAR_LDAP_FILTER') ? getenv('SCALAR_LDAP_FILTER') : '(memberOf=CN=Scalar Users,OU=Groups,DC=company,DC=domain,DC=com)');
// Active Directory LDAP settings $config['use_ad_ldap'] = (getenv('SCALAR_USE_AD_LDAP') ? getenv('SCALAR_USE_AD_LDAP') : true); // Default: off $config['ad_bind_user'] = (getenv('SCALAR_AD_BIND_USER') ? getenv('SCALAR_AD_BIND_USER') : "CN=Service Account,OU=Users,DC=company,DC=domain,DC=com"); // Use LDAP Distinguished Name $config['ad_bind_pass'] = (getenv('SCALAR_AD_BIND_PASS') ? getenv('SCALAR_AD_BIND_PASS') : "serviceAccountPassword"); `