Additional LDAP Authentication Methods (#1287)

This patch allows anonymous and user based authentication to LDAP servers. This change is based on a patch against bn-ldap-authentication: - https://github.com/blindsidenetworks/bn-ldap-authentication/pull/2 The patch introduces a new environment variable `LDAP_AUTH` which controls the authentication method used against the LDAP server: - `anonymous` enables an anonymous bind to the LDAP with no password being used. - `user` uses the user's own credentials to search for his data, enabling authenticated login to LDAP without the need for a user with global read privileges. The default still remains at using a bind user, allowing for a seamless upgrade path from the previous version. This fixes #1082 Co-authored-by: Jesus Federico <jesus@123it.ca>
2020-04-16 20:10:14 +02:00
parent 9d14b561a5
commit 10ef20363a
3 changed files with 4 additions and 2 deletions
--- a/config/initializers/omniauth.rb
+++ b/config/initializers/omniauth.rb
@ -11,8 +11,7 @@ Rails.application.config.providers = []
 # Set which providers are configured.
 Rails.application.config.omniauth_bn_launcher = Rails.configuration.loadbalanced_configuration
 Rails.application.config.omniauth_ldap = ENV['LDAP_SERVER'].present? && ENV['LDAP_UID'].present? &&
-                                         ENV['LDAP_BASE'].present? && ENV['LDAP_BIND_DN'].present? &&
-                                         ENV['LDAP_PASSWORD'].present?
+                                         ENV['LDAP_BASE'].present?
 Rails.application.config.omniauth_twitter = ENV['TWITTER_ID'].present? && ENV['TWITTER_SECRET'].present?
 Rails.application.config.omniauth_google = ENV['GOOGLE_OAUTH2_ID'].present? && ENV['GOOGLE_OAUTH2_SECRET'].present?
 Rails.application.config.omniauth_office365 = ENV['OFFICE365_KEY'].present? &&