search

requarks / wiki-v1

Legacy version (1.x) of Wiki.js
https://wiki.js.org
GNU Affero General Public License v3.0
101 stars 75 forks source link

LDAP fails with users inside a group #157

Open KeiichiKun opened 5 years ago

KeiichiKun commented 5 years ago

Actual behavior

Connection to ldap not working (web interface returns wrong usename/password)

Expected behavior

Login should not failed

Steps to reproduce the behavior

The AD structure is like

DC=mydomain,DC=dom --> OU=Firstou --> OU=Secondou --> CN=myuser and DC=mydomain,DC=dom --> CN=Users --> CN=Mygroup --> 2 members inside the group

In config.yml

ldap: enabled: true url: 'ldap://myip:389' bindDn: 'CN=myuser,OU=Secondou,OU=Firstou,DC=mydomain,DC=dom' bindCredentials: mypassword searchBase: 'CN=Mygroup,CN=Users,DC=mydomain,DC=dom' searchFilter: '(samaccountname={{username}})' tlsEnabled: false tlsCertPath: 'C:\example\root_ca_cert.crt'

The username will never be equal to samaccountname, maybe because samaccountname returns mygroup samaccountname, and not samaccountname of members inside the group

How can i achieve this?

Thanks

NGPixel commented 5 years ago

The search filter can be anything, it doesn't have to be samaccountname. Use the LDAP field which matches the username or email.

KeiichiKun commented 5 years ago

Yes, but all fields I can use are always referring to the group, not the members inside the group..