From 402d484182bd58e8fb56d847c01fb2ca071310d6 Mon Sep 17 00:00:00 2001 From: Steven Waters Date: Thu, 21 Feb 2019 09:02:47 +0000 Subject: Added LDAP email environment variables Support for LDAP matching existing accounts with e-mail address. --- Dockerfile | 8 ++++++++ docker-compose.yml | 16 ++++++++++++++++ releases/virtualbox/start-wekan.sh | 12 ++++++++++++ snap-src/bin/config | 18 +++++++++++++++++- snap-src/bin/wekan-help | 13 +++++++++++++ start-wekan.bat | 16 ++++++++++++++++ start-wekan.sh | 12 ++++++++++++ 7 files changed, 94 insertions(+), 1 deletion(-) mode change 100755 => 100644 releases/virtualbox/start-wekan.sh mode change 100755 => 100644 snap-src/bin/config mode change 100755 => 100644 snap-src/bin/wekan-help mode change 100755 => 100644 start-wekan.sh diff --git a/Dockerfile b/Dockerfile index 7957c72c..16ac6913 100644 --- a/Dockerfile +++ b/Dockerfile @@ -67,6 +67,10 @@ ARG LDAP_UNIQUE_IDENTIFIER_FIELD ARG LDAP_UTF8_NAMES_SLUGIFY ARG LDAP_USERNAME_FIELD ARG LDAP_FULLNAME_FIELD +ARG LDAP_EMAIL_FIELD +ARG LDAP_EMAIL_MATCH_ENABLE +ARG LDAP_EMAIL_MATCH_REQUIRE +ARG LDAP_EMAIL_MATCH_VERIFIED ARG LDAP_MERGE_EXISTING_USERS ARG LDAP_SYNC_USER_DATA ARG LDAP_SYNC_USER_DATA_FIELDMAP @@ -149,6 +153,10 @@ ENV BUILD_DEPS="apt-utils bsdtar gnupg gosu wget curl bzip2 build-essential pyth LDAP_USERNAME_FIELD="" \ LDAP_FULLNAME_FIELD="" \ LDAP_MERGE_EXISTING_USERS=false \ + LDAP_EMAIL_FIELD="" \ + LDAP_EMAIL_MATCH_ENABLE=false \ + LDAP_EMAIL_MATCH_REQUIRE=false \ + LDAP_EMAIL_MATCH_VERIFIED=false \ LDAP_SYNC_USER_DATA=false \ LDAP_SYNC_USER_DATA_FIELDMAP="" \ LDAP_SYNC_GROUP_ROLES="" \ diff --git a/docker-compose.yml b/docker-compose.yml index a9f11569..81cafb84 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -469,6 +469,22 @@ services: # LDAP_MERGE_EXISTING_USERS : # example : LDAP_MERGE_EXISTING_USERS=true #- LDAP_MERGE_EXISTING_USERS=false + # + # LDAP_EMAIL_MATCH_ENABLE : allow existing account matching by e-mail address when username does not match + # example: LDAP_EMAIL_MATCH_ENABLE=true + #- LDAP_EMAIL_MATCH_ENABLE=false + # + # LDAP_EMAIL_MATCH_REQUIRE : require existing account matching by e-mail address when username does match + # example: LDAP_EMAIL_MATCH_REQUIRE=true + #- LDAP_EMAIL_MATCH_REQUIRE=false + # + # LDAP_EMAIL_MATCH_VERIFIED : require existing account email address to be verified for matching + # example: LDAP_EMAIL_MATCH_VERIFIED=true + #- LDAP_EMAIL_MATCH_VERIFIED=false + # + # LDAP_EMAIL_FIELD : which field contains the LDAP e-mail address + # example: LDAP_EMAIL_FIELD=mail + #- LDAP_EMAIL_FIELD= #----------------------------------------------------------------- # LDAP_SYNC_USER_DATA : # example : LDAP_SYNC_USER_DATA=true diff --git a/releases/virtualbox/start-wekan.sh b/releases/virtualbox/start-wekan.sh old mode 100755 new mode 100644 index d8ac716e..2f2e9ea3 --- a/releases/virtualbox/start-wekan.sh +++ b/releases/virtualbox/start-wekan.sh @@ -227,6 +227,18 @@ # LDAP_MERGE_EXISTING_USERS : # example : export LDAP_MERGE_EXISTING_USERS=true #export LDAP_MERGE_EXISTING_USERS=false + # LDAP_EMAIL_MATCH_ENABLE : allow existing account matching by e-mail address when username does not match + # example: LDAP_EMAIL_MATCH_ENABLE=true + #export LDAP_EMAIL_MATCH_ENABLE=false + # LDAP_EMAIL_MATCH_REQUIRE : require existing account matching by e-mail address when username does match + # example: LDAP_EMAIL_MATCH_REQUIRE=true + #export LDAP_EMAIL_MATCH_REQUIRE=false + # LDAP_EMAIL_MATCH_VERIFIED : require existing account email address to be verified for matching + # example: LDAP_EMAIL_MATCH_VERIFIED=true + #export LDAP_EMAIL_MATCH_VERIFIED=false + # LDAP_EMAIL_FIELD : which field contains the LDAP e-mail address + # example: LDAP_EMAIL_FIELD=mail + #export LDAP_EMAIL_FIELD= # LDAP_SYNC_USER_DATA : # example : export LDAP_SYNC_USER_DATA=true #export LDAP_SYNC_USER_DATA=false diff --git a/snap-src/bin/config b/snap-src/bin/config old mode 100755 new mode 100644 index e674afa0..c961c3d4 --- a/snap-src/bin/config +++ b/snap-src/bin/config @@ -3,7 +3,7 @@ # All supported keys are defined here together with descriptions and default values # list of supported keys -keys="DEBUG MONGODB_BIND_UNIX_SOCKET MONGODB_BIND_IP MONGODB_PORT MAIL_URL MAIL_FROM ROOT_URL PORT DISABLE_MONGODB CADDY_ENABLED CADDY_BIND_PORT WITH_API CORS MATOMO_ADDRESS MATOMO_SITE_ID MATOMO_DO_NOT_TRACK MATOMO_WITH_USERNAME BROWSER_POLICY_ENABLED TRUSTED_URL WEBHOOKS_ATTRIBUTES OAUTH2_ENABLED OAUTH2_CLIENT_ID OAUTH2_SECRET OAUTH2_SERVER_URL OAUTH2_AUTH_ENDPOINT OAUTH2_USERINFO_ENDPOINT OAUTH2_TOKEN_ENDPOINT OAUTH2_ID_MAP OAUTH2_USERNAME_MAP OAUTH2_FULLNAME_MAP OAUTH2_EMAIL_MAP OAUTH2_ID_TOKEN_WHITELIST_FIELDS OAUTH2_REQUEST_PERMISSIONS LDAP_ENABLE LDAP_PORT LDAP_HOST LDAP_BASEDN LDAP_LOGIN_FALLBACK LDAP_RECONNECT LDAP_TIMEOUT LDAP_IDLE_TIMEOUT LDAP_CONNECT_TIMEOUT LDAP_AUTHENTIFICATION LDAP_AUTHENTIFICATION_USERDN LDAP_AUTHENTIFICATION_PASSWORD LDAP_LOG_ENABLED LDAP_BACKGROUND_SYNC LDAP_BACKGROUND_SYNC_INTERVAL LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS LDAP_ENCRYPTION LDAP_CA_CERT LDAP_REJECT_UNAUTHORIZED LDAP_USER_SEARCH_FILTER LDAP_USER_SEARCH_SCOPE LDAP_USER_SEARCH_FIELD LDAP_SEARCH_PAGE_SIZE LDAP_SEARCH_SIZE_LIMIT LDAP_GROUP_FILTER_ENABLE LDAP_GROUP_FILTER_OBJECTCLASS LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT LDAP_GROUP_FILTER_GROUP_NAME LDAP_UNIQUE_IDENTIFIER_FIELD LDAP_UTF8_NAMES_SLUGIFY LDAP_USERNAME_FIELD LDAP_FULLNAME_FIELD LDAP_MERGE_EXISTING_USERS LDAP_SYNC_USER_DATA LDAP_SYNC_USER_DATA_FIELDMAP LDAP_SYNC_GROUP_ROLES LDAP_DEFAULT_DOMAIN LOGOUT_WITH_TIMER LOGOUT_IN LOGOUT_ON_HOURS LOGOUT_ON_MINUTES DEFAULT_AUTHENTICATION_METHOD" +keys="DEBUG MONGODB_BIND_UNIX_SOCKET MONGODB_BIND_IP MONGODB_PORT MAIL_URL MAIL_FROM ROOT_URL PORT DISABLE_MONGODB CADDY_ENABLED CADDY_BIND_PORT WITH_API CORS MATOMO_ADDRESS MATOMO_SITE_ID MATOMO_DO_NOT_TRACK MATOMO_WITH_USERNAME BROWSER_POLICY_ENABLED TRUSTED_URL WEBHOOKS_ATTRIBUTES OAUTH2_ENABLED OAUTH2_CLIENT_ID OAUTH2_SECRET OAUTH2_SERVER_URL OAUTH2_AUTH_ENDPOINT OAUTH2_USERINFO_ENDPOINT OAUTH2_TOKEN_ENDPOINT OAUTH2_ID_MAP OAUTH2_USERNAME_MAP OAUTH2_FULLNAME_MAP OAUTH2_EMAIL_MAP OAUTH2_ID_TOKEN_WHITELIST_FIELDS OAUTH2_REQUEST_PERMISSIONS LDAP_ENABLE LDAP_PORT LDAP_HOST LDAP_BASEDN LDAP_LOGIN_FALLBACK LDAP_RECONNECT LDAP_TIMEOUT LDAP_IDLE_TIMEOUT LDAP_CONNECT_TIMEOUT LDAP_AUTHENTIFICATION LDAP_AUTHENTIFICATION_USERDN LDAP_AUTHENTIFICATION_PASSWORD LDAP_LOG_ENABLED LDAP_BACKGROUND_SYNC LDAP_BACKGROUND_SYNC_INTERVAL LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS LDAP_ENCRYPTION LDAP_CA_CERT LDAP_REJECT_UNAUTHORIZED LDAP_USER_SEARCH_FILTER LDAP_USER_SEARCH_SCOPE LDAP_USER_SEARCH_FIELD LDAP_SEARCH_PAGE_SIZE LDAP_SEARCH_SIZE_LIMIT LDAP_GROUP_FILTER_ENABLE LDAP_GROUP_FILTER_OBJECTCLASS LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT LDAP_GROUP_FILTER_GROUP_NAME LDAP_UNIQUE_IDENTIFIER_FIELD LDAP_UTF8_NAMES_SLUGIFY LDAP_USERNAME_FIELD LDAP_FULLNAME_FIELD LDAP_MERGE_EXISTING_USERS LDAP_SYNC_USER_DATA LDAP_SYNC_USER_DATA_FIELDMAP LDAP_SYNC_GROUP_ROLES LDAP_DEFAULT_DOMAIN LDAP_EMAIL_MATCH_ENABLE LDAP_EMAIL_MATCH_REQUIRE LDAP_EMAIL_MATCH_VERIFIED LDAP_EMAIL_FIELD LOGOUT_WITH_TIMER LOGOUT_IN LOGOUT_ON_HOURS LOGOUT_ON_MINUTES DEFAULT_AUTHENTICATION_METHOD" # default values DESCRIPTION_DEBUG="Debug OIDC OAuth2 etc. Example: sudo snap set wekan debug='true'" @@ -290,6 +290,22 @@ DESCRIPTION_LDAP_MERGE_EXISTING_USERS="ldap-merge-existing-users . Default: fals DEFAULT_LDAP_MERGE_EXISTING_USERS="false" KEY_LDAP_MERGE_EXISTING_USERS="ldap-merge-existing-users" +DESCRIPTION_LDAP_EMAIL_MATCH_ENABLE="ldap-email-match-enable . Default: false" +DEFAULT_LDAP_EMAIL_MATCH_ENABLE="false" +KEY_LDAP_EMAIL_MATCH_ENABLE="ldap-email-match-enable" + +DESCRIPTION_LDAP_EMAIL_MATCH_REQUIRE="ldap-email-match-require . Default: false" +DEFAULT_LDAP_EMAIL_MATCH_REQUIRE="false" +KEY_LDAP_EMAIL_MATCH_REQUIRE="ldap-email-match-require" + +DESCRIPTION_LDAP_EMAIL_MATCH_VERIFIED="ldap-email-match-verified . Default: false" +DEFAULT_LDAP_EMAIL_MATCH_VERIFIED="false" +KEY_LDAP_EMAIL_MATCH_VERIFIED="ldap-email-match-verified" + +DESCRIPTION_LDAP_EMAIL_FIELD="Which field contains the ldap e-mail address" +DEFAULT_LDAP_EMAIL_FIELD="" +KEY_LDAP_EMAIL_FIELD="ldap-email-field" + DESCRIPTION_LDAP_SYNC_USER_DATA="ldap-sync-user-data . Default: false" DEFAULT_LDAP_SYNC_USER_DATA="false" KEY_LDAP_SYNC_USER_DATA="ldap-sync-user-data" diff --git a/snap-src/bin/wekan-help b/snap-src/bin/wekan-help old mode 100755 new mode 100644 index 80cbc7ad..48c24633 --- a/snap-src/bin/wekan-help +++ b/snap-src/bin/wekan-help @@ -276,6 +276,19 @@ echo -e "\n" echo -e "Ldap Merge Existing Users." echo -e "\t$ snap set $SNAP_NAME ldap-merge-existing-users='true'" echo -e "\n" +echo -e "Ldap Email Match Enable." +echo -e "\t$ snap set $SNAP_NAME ldap-email-match-enable='true'" +echo -e "\n" +echo -e "Ldap Email Match Require." +echo -e "\t$ snap set $SNAP_NAME ldap-email-match-require='true'" +echo -e "\n" +echo -e "Ldap Email Match Verified." +echo -e "\t$ snap set $SNAP_NAME ldap-email-match-verfied='false'" +echo -e "\n" +echo -e "Ldap Fullname Field." +echo -e "Which field contains the ldap email address:" +echo -e "\t$ snap set $SNAP_NAME ldap-fullname-field='fullname'" +echo -e "\n" echo -e "Ldap Sync User Data." echo -e "Enable synchronization of user data:" echo -e "\t$ snap set $SNAP_NAME ldap-sync-user-data='true'" diff --git a/start-wekan.bat b/start-wekan.bat index 9d6305b6..7ccf0c0e 100644 --- a/start-wekan.bat +++ b/start-wekan.bat @@ -221,6 +221,22 @@ REM # LDAP_MERGE_EXISTING_USERS : REM # example : LDAP_MERGE_EXISTING_USERS=true REM SET LDAP_MERGE_EXISTING_USERS=false +REM # LDAP_EMAIL_MATCH_ENABLE : allow existing account matching by e-mail address when username does not match +REM # example: LDAP_EMAIL_MATCH_ENABLE=true +REM SET LDAP_EMAIL_MATCH_ENABLE=false + +REM # LDAP_EMAIL_MATCH_REQUIRE : require existing account matching by e-mail address when username does match +REM # example: LDAP_EMAIL_MATCH_REQUIRE=true +REM SET LDAP_EMAIL_MATCH_REQUIRE=false + +REM # LDAP_EMAIL_MATCH_VERIFIED : require existing account email address to be verified for matching +REM # example: LDAP_EMAIL_MATCH_VERIFIED=true +REM SET LDAP_EMAIL_MATCH_VERIFIED=false + +REM # LDAP_EMAIL_FIELD : which field contains the LDAP e-mail address +REM # example: LDAP_EMAIL_FIELD=mail +REM SET LDAP_EMAIL_FIELD= + REM # LDAP_SYNC_USER_DATA : REM # example : LDAP_SYNC_USER_DATA=true REM SET LDAP_SYNC_USER_DATA=false diff --git a/start-wekan.sh b/start-wekan.sh old mode 100755 new mode 100644 index bbfbff2b..c9745af9 --- a/start-wekan.sh +++ b/start-wekan.sh @@ -245,6 +245,18 @@ function wekan_repo_check(){ # LDAP_MERGE_EXISTING_USERS : # example : export LDAP_MERGE_EXISTING_USERS=true #export LDAP_MERGE_EXISTING_USERS=false + # LDAP_EMAIL_MATCH_ENABLE : allow existing account matching by e-mail address when username does not match + # example: LDAP_EMAIL_MATCH_ENABLE=true + #export LDAP_EMAIL_MATCH_ENABLE=false + # LDAP_EMAIL_MATCH_REQUIRE : require existing account matching by e-mail address when username does match + # example: LDAP_EMAIL_MATCH_REQUIRE=true + #export LDAP_EMAIL_MATCH_REQUIRE=false + # LDAP_EMAIL_MATCH_VERIFIED : require existing account email address to be verified for matching + # example: LDAP_EMAIL_MATCH_VERIFIED=true + #export LDAP_EMAIL_MATCH_VERIFIED=false + # LDAP_EMAIL_FIELD : which field contains the LDAP e-mail address + # example: LDAP_EMAIL_FIELD=mail + #export LDAP_EMAIL_FIELD= # LDAP_SYNC_USER_DATA : # example : export LDAP_SYNC_USER_DATA=true #export LDAP_SYNC_USER_DATA=false -- cgit v1.2.3-1-g7c22