Added: auth_ldap_skip_group_check when ldap_compare is not supported (#13926)
* Adding an option (auth_ldap_skip_group_check) to bypass ldap_compare if the server does not support the option * add auth_ldap_skip_group_check to config_definitions.json * update resources/lang/en/settings.php * add missing comma * rename auth_ldap_skip_group_check to auth_ldap_require_groupmembership and change logic Co-authored-by: Tony Murray <murraytony@gmail.com>
This commit is contained in:
micko
GitHub
parent
9f388c932f
commit
c3cf527301
|
|
@ -29,6 +29,12 @@ class LdapAuthorizer extends AuthorizerBase
|
|||
if ((Config::has('auth_ldap_binduser') || Config::has('auth_ldap_binddn')) && Config::has('auth_ldap_bindpassword')) {
|
||||
$this->bind();
|
||||
}
|
||||
|
||||
if (Config::get('auth_ldap_require_groupmembership') === false) {
|
||||
// skip group check if the server does not support ldap_compare (hint: google gsuite ldap)
|
||||
return true;
|
||||
}
|
||||
|
||||
$ldap_groups = $this->getGroupList();
|
||||
if (empty($ldap_groups)) {
|
||||
// no groups, don't check membership
|
||||
|
|
|
|||
|
|
@ -578,6 +578,13 @@
|
|||
"order": 0,
|
||||
"type": "text"
|
||||
},
|
||||
"auth_ldap_require_groupmembership": {
|
||||
"default": true,
|
||||
"group": "auth",
|
||||
"section": "ldap",
|
||||
"order": 4,
|
||||
"type": "boolean"
|
||||
},
|
||||
"auth_ldap_starttls": {
|
||||
"default": "disabled",
|
||||
"group": "auth",
|
||||
|
|
|
|||
|
|
@ -365,6 +365,10 @@ return [
|
|||
'description' => 'Group access',
|
||||
'help' => 'Define groups that have access and level',
|
||||
],
|
||||
'auth_ldap_require_groupmembership' => [
|
||||
'description' => 'LDAP Group membership verification',
|
||||
'help' => 'Perform (or skip) ldap_compare when the provider allows (or does not) for the Compare action.',
|
||||
],
|
||||
'auth_ldap_port' => [
|
||||
'description' => 'LDAP port',
|
||||
'help' => 'Port to connect to servers on. For LDAP it should be 389, for LDAPS it should be 636',
|
||||
|
|
|
|||
Loading…
Reference in New Issue