Verified Commit c0e6763b authored by Agate's avatar Agate 💬

Improved user attrs map configuration (more permissive syntax)

parent 6f9813c1
Pipeline #1878 failed with stages
in 1 minute and 36 seconds
...@@ -332,21 +332,17 @@ if AUTH_LDAP_ENABLED: ...@@ -332,21 +332,17 @@ if AUTH_LDAP_ENABLED:
) )
AUTH_LDAP_START_TLS = env.bool("LDAP_START_TLS", default=False) AUTH_LDAP_START_TLS = env.bool("LDAP_START_TLS", default=False)
LDAP_USER_ATTR_MAP = env("LDAP_USER_ATTR_MAP", default="") DEFAULT_USER_ATTR_MAP = [
if LDAP_USER_ATTR_MAP: "first_name:givenName",
# Build custom attribute map from variable "last_name:sn",
AUTH_LDAP_USER_ATTR_MAP = {} "username:cn",
for ATTR_FIELD in LDAP_USER_ATTR_MAP.split(","): "email:mail",
DJANGO_FIELD, LDAP_FIELD = ATTR_FIELD.split(":") ]
AUTH_LDAP_USER_ATTR_MAP[DJANGO_FIELD] = LDAP_FIELD LDAP_USER_ATTR_MAP = env.list("LDAP_USER_ATTR_MAP", default=DEFAULT_USER_ATTR_MAP)
else: AUTH_LDAP_USER_ATTR_MAP = {}
# Standard attribute map for m in LDAP_USER_ATTR_MAP:
AUTH_LDAP_USER_ATTR_MAP = { funkwhale_field, ldap_field = m.split(":")
"first_name": "givenName", AUTH_LDAP_USER_ATTR_MAP[funkwhale_field.strip()] = ldap_field.strip()
"last_name": "sn",
"username": "cn",
"email": "mail",
}
# Determine root DN supporting multiple root DNs # Determine root DN supporting multiple root DNs
AUTH_LDAP_ROOT_DN = env("LDAP_ROOT_DN") AUTH_LDAP_ROOT_DN = env("LDAP_ROOT_DN")
......
...@@ -30,7 +30,7 @@ Basic features: ...@@ -30,7 +30,7 @@ Basic features:
* ``LDAP_SEARCH_FILTER``: The LDAP user filter, using ``{0}`` as the username placeholder, e.g. ``(|(cn={0})(mail={0}))``; uses standard LDAP search syntax. Default: ``(uid={0})``. * ``LDAP_SEARCH_FILTER``: The LDAP user filter, using ``{0}`` as the username placeholder, e.g. ``(|(cn={0})(mail={0}))``; uses standard LDAP search syntax. Default: ``(uid={0})``.
* ``LDAP_START_TLS``: Set to ``True`` to enable LDAP StartTLS support. Default: ``False``. * ``LDAP_START_TLS``: Set to ``True`` to enable LDAP StartTLS support. Default: ``False``.
* ``LDAP_ROOT_DN``: The LDAP search root DN, e.g. ``dc=my,dc=domain,dc=com``; supports multiple entries in a space-delimited list, e.g. ``dc=users,dc=domain,dc=com dc=admins,dc=domain,dc=com``. * ``LDAP_ROOT_DN``: The LDAP search root DN, e.g. ``dc=my,dc=domain,dc=com``; supports multiple entries in a space-delimited list, e.g. ``dc=users,dc=domain,dc=com dc=admins,dc=domain,dc=com``.
* ``LDAP_USER_ATTR_MAP``: A mapping of Django user attributes to LDAP values, e.g. ``first_name:givenName,last_name:sn,username:cn,email:mail``. Default: ``first_name:givenName,last_name:sn,username:cn,email:mail``. * ``LDAP_USER_ATTR_MAP``: A mapping of Django user attributes to LDAP values, e.g. ``first_name:givenName, last_name:sn, username:cn, email:mail``. Default: ``first_name:givenName, last_name:sn, username:cn, email:mail``.
Group features: Group features:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment