From 77ff3c2ff21a0330eae0bda81f386dd203b5f70b Mon Sep 17 00:00:00 2001
From: Morgan Kesler <keslerm@dasbiersec.com>
Date: Tue, 5 Nov 2019 11:59:36 +0100
Subject: [PATCH] Add direct bind option for LDAP authentication

---
 api/config/settings/common.py | 3 +++
 docs/installation/ldap.rst    | 1 +
 2 files changed, 4 insertions(+)

diff --git a/api/config/settings/common.py b/api/config/settings/common.py
index 7b391b552..e5ac5a344 100644
--- a/api/config/settings/common.py
+++ b/api/config/settings/common.py
@@ -460,6 +460,9 @@ if AUTH_LDAP_ENABLED:
         "%(user)s"
     )
     AUTH_LDAP_START_TLS = env.bool("LDAP_START_TLS", default=False)
+    AUTH_LDAP_BIND_AS_AUTHENTICATING_USER = env(
+        "AUTH_LDAP_BIND_AS_AUTHENTICATING_USER", default=False
+    )
 
     DEFAULT_USER_ATTR_MAP = [
         "first_name:givenName",
diff --git a/docs/installation/ldap.rst b/docs/installation/ldap.rst
index a30bb5e6b..dc5582f7d 100644
--- a/docs/installation/ldap.rst
+++ b/docs/installation/ldap.rst
@@ -31,6 +31,7 @@ Basic features:
 * ``LDAP_START_TLS``: Set to ``True`` to enable LDAP StartTLS support. Default: ``False``.
 * ``LDAP_ROOT_DN``: The LDAP search root DN, e.g. ``dc=my,dc=domain,dc=com``; supports multiple entries in a space-delimited list, e.g. ``dc=users,dc=domain,dc=com dc=admins,dc=domain,dc=com``.
 * ``LDAP_USER_ATTR_MAP``: A mapping of Django user attributes to LDAP values, e.g. ``first_name:givenName, last_name:sn, username:cn, email:mail``. Default: ``first_name:givenName, last_name:sn, username:cn, email:mail``.
+* ``AUTH_LDAP_BIND_AS_AUTHENTICATING_USER``: Controls whether direct binding is used. Default: ``False``.
 
 Group features:
 
-- 
GitLab