add ldap authentication

config/initializers/omniauth.rb

@@ -1,11 +1,14 @@
 # frozen_string_literal: true
 
 # List of supported Omniauth providers.
-Rails.application.config.providers = [:google, :twitter]
+Rails.application.config.providers = [:google, :twitter, :ldap]
 
 # Set which providers are configured.
 Rails.application.config.omniauth_google = ENV['GOOGLE_OAUTH2_ID'].present? && ENV['GOOGLE_OAUTH2_SECRET'].present?
 Rails.application.config.omniauth_twitter = ENV['TWITTER_ID'].present? && ENV['TWITTER_SECRET'].present?
+Rails.application.config.omniauth_ldap = ENV['LDAP_SERVER'].present? && ENV['LDAP_UID'].present? &&
+                                         ENV['LDAP_BASE'].present? && ENV['LDAP_BIND_DN'].present? &&
+                                         ENV['LDAP_PASSWORD'].present?
 Rails.application.config.omniauth_bn_launcher = Rails.configuration.loadbalanced_configuration
 
 SETUP_PROC = lambda do |env|
@@ -16,9 +19,9 @@ end
 Rails.application.config.middleware.use OmniAuth::Builder do
   if Rails.configuration.omniauth_bn_launcher
     provider :bn_launcher, client_id: ENV['CLIENT_ID'],
-             client_secret: ENV['CLIENT_SECRET'],
-             client_options: { site: ENV['BN_LAUNCHER_REDIRECT_URI'] },
-             setup: SETUP_PROC
+      client_secret: ENV['CLIENT_SECRET'],
+      client_options: { site: ENV['BN_LAUNCHER_REDIRECT_URI'] },
+      setup: SETUP_PROC
   end
 
   provider :twitter, ENV['TWITTER_ID'], ENV['TWITTER_SECRET']
@@ -28,4 +31,19 @@ Rails.application.config.middleware.use OmniAuth::Builder do
     access_type: 'online',
     name: 'google',
     hd: ENV['GOOGLE_OAUTH2_HD'].blank? ? nil : ENV['GOOGLE_OAUTH2_HD']
+
+  provider :ldap,
+    host: ENV['LDAP_SERVER'],
+    port: ENV['LDAP_PORT'] || '389',
+    method: ENV['LDAP_METHOD'].blank? ? :plain : ENV['LDAP_METHOD'].to_sym,
+    allow_username_or_email_login: true,
+    uid: ENV['LDAP_UID'],
+    base: ENV['LDAP_BASE'],
+    bind_dn: ENV['LDAP_BIND_DN'],
+    password: ENV['LDAP_PASSWORD']
 end
+
+# Redirect back to login in development mode.
+OmniAuth.config.on_failure = proc { |env|
+  OmniAuth::FailureEndpoint.new(env).redirect_to_failure
+}

config/locales/en.yml

@@ -42,6 +42,7 @@ en:
       settings: Settings
       signout: Sign out
   info_update_success: Information successfully updated.
+  invalid_credentials: Login failed due to invalid credentials. Are you sure you entered them correctly?
   invite_message: "To invite someone to the meeting, send them this link:"
   landing:
     about: A simple front end for your BigBlueButton Open Source Web Conferencing Server.
@@ -49,8 +50,8 @@ en:
     video: Watch a tutorial on using Greenlight
     upgrade: Show me how to upgrade to 2.0!
     version: We've released a new version of Greenlight, but your database isn't compatible.
+  ldap_error: Unable to connect to the LDAP server. Please check your LDAP configuration in the env file and ensure your server is running.
   login: Login
-  login_failed: Login failed due to invalid credentials. Are you sure you typed them correctly?
   modal:
     create_room:
       auto_join: Automatically join me into the room.
@@ -66,6 +67,7 @@ en:
     login:
       or: or
       with: Login with %{provider}
+  omniauth_error: An error occured while authenticating with omniauth. Please try again or contact an administrator!
   password: Password
   recording:
     email: Email Recording