add user_format_string to allow use with AD

TomGoedeme commented 1 month ago

Description

We encountered issues with LDAP login integration using our Active Directory (AD) when binding with the user_attr format. This update introduces a new user_format property in the LDAP configuration. This property accepts a Python format string, which defaults to the previous configuration but allows for custom user string formats.

config example:

  ldap:
    dn: OU=BASE,DC=foo,DC=local
    group_attr: memberOf
    red_group: "CN=Some Security Group Name,OU=Security Groups,OU=BASE,DC=foo,DC=local"
    server: ldaps://dc-prod04.foo.local:636
    user_attr: userPrincipalName
    user_format: "{user}"

Type of change

Please delete options that are not relevant.

[ ] Bug fix (non-breaking change which fixes an issue)
[x] New feature (non-breaking change which adds functionality)
[ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
[ ] This change requires a documentation update

How Has This Been Tested?

Current testing is broken on Caldera(see #3013). But this is being used in production.

Checklist:

[x] My code follows the style guidelines of this project
[x] I have performed a self-review of my own code
[ ] I have made corresponding changes to the documentation
[ ] I have added tests that prove my fix is effective or that my feature works

uruwhy commented 3 days ago

@TomGoedeme If you want to get credit for a documentation update, you can also open a PR for updating the existing LDAP instructions in the fieldmanual plugin

uruwhy commented 2 days ago

@elegantmoose tested and approved

elegantmoose commented 2 days ago

Thank you @TomGoedeme !

mitre / caldera