Merge pull request #650 from LukasKalbertodt/ldap-username-field

SISheogorath · web-flow · commit 454e0f8612ac · 2017-12-12T10:40:14.000+01:00
Add setting `ldap.usernameField`
diff --git a/README.md b/README.md
@@ -170,6 +170,7 @@ There are some configs you need to change in the files below
 | HMD_LDAP_SEARCHBASE | `o=users,dc=example,dc=com` | LDAP directory to begin search from |
 | HMD_LDAP_SEARCHFILTER | `(uid={{username}})` | LDAP filter to search with |
 | HMD_LDAP_SEARCHATTRIBUTES | `displayName, mail` | LDAP attributes to search with (use comma to separate) |
+| HMD_LDAP_USERNAMEFIELD | `uid` | The LDAP field which is used as the username on HackMD |
 | HMD_LDAP_TLS_CA | `server-cert.pem, root.pem` | Root CA for LDAP TLS in PEM format (use comma to separate) |
 | HMD_LDAP_PROVIDERNAME | `My institution` | Optional name to be displayed at login form indicating the LDAP provider |
 | HMD_SAML_IDPSSOURL | `https://idp.example.com/sso` | authentication endpoint of IdP. for details, see [guide](docs/guides/auth.md#saml-onelogin). |
diff --git a/config.json.example b/config.json.example
@@ -71,6 +71,7 @@
             "searchBase": "change this",
             "searchFilter": "change this",
             "searchAttributes": ["change this"],
+            "usernameField": "change this e.g. uid"
             "tlsOptions": {
                 "changeme": "See https://nodejs.org/api/tls.html#tls_tls_connect_options_callback"
             }
diff --git a/lib/config/default.js b/lib/config/default.js
@@ -96,6 +96,7 @@ module.exports = {
     searchBase: undefined,
     searchFilter: undefined,
     searchAttributes: undefined,
+    usernameField: undefined,
     tlsca: undefined
   },
   saml: {
diff --git a/lib/config/environment.js b/lib/config/environment.js
@@ -71,6 +71,7 @@ module.exports = {
     searchBase: process.env.HMD_LDAP_SEARCHBASE,
     searchFilter: process.env.HMD_LDAP_SEARCHFILTER,
     searchAttributes: toArrayConfig(process.env.HMD_LDAP_SEARCHATTRIBUTES),
+    usernameField: process.env.HMD_LDAP_USERNAMEFIELD,
     tlsca: process.env.HMD_LDAP_TLS_CA
   },
   saml: {
diff --git a/lib/web/auth/ldap/index.js b/lib/web/auth/ldap/index.js
@@ -24,9 +24,15 @@ passport.use(new LDAPStrategy({
   }
 }, function (user, done) {
   var uuid = user.uidNumber || user.uid || user.sAMAccountName
+  var username = uuid
+
+  if (config.ldap.usernameField && user[config.ldap.usernameField]) {
+    username = user[config.ldap.usernameField]
+  }
+
   var profile = {
     id: 'LDAP-' + uuid,
-    username: uuid,
+    username: username,
     displayName: user.displayName,
     emails: user.mail ? [user.mail] : [],
     avatarUrl: null,

Original file line number	Diff line number	Diff line change
`@@ -71,6 +71,7 @@`
`71`	`71`	`"searchBase": "change this",`
`72`	`72`	`"searchFilter": "change this",`
`73`	`73`	`"searchAttributes": ["change this"],`
	`74`	`+ "usernameField": "change this e.g. uid"`
`74`	`75`	`"tlsOptions": {`
`75`	`76`	`"changeme": "See https://nodejs.org/api/tls.html#tls_tls_connect_options_callback"`
`76`	`77`	`}`