From 2bd48bc45c86d19db1038fcf160433b46f53340f Mon Sep 17 00:00:00 2001
From: Tobias <thaegi@gmx.de>
Date: Sun, 4 Aug 2019 11:12:21 +0200
Subject: add settings field for LDAP user authentication field

---
 Dockerfile                         | 1 +
 docker-compose.yml                 | 3 +++
 packages/wekan-ldap/server/ldap.js | 3 ++-
 releases/virtualbox/start-wekan.sh | 2 ++
 snap-src/bin/config                | 6 +++++-
 snap-src/bin/wekan-help            | 3 +++
 start-wekan.bat                    | 3 +++
 start-wekan.sh                     | 2 ++
 8 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index a87183b0..17eccf5d 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -70,6 +70,7 @@ ENV BUILD_DEPS="apt-utils bsdtar gnupg gosu wget curl bzip2 g++ build-essential
     LDAP_CA_CERT="" \
     LDAP_REJECT_UNAUTHORIZED=false \
     LDAP_USER_AUTHENTICATION=false \
+    LDAP_USER_AUTHENTICATION_FIELD=uid \
     LDAP_USER_SEARCH_FILTER="" \
     LDAP_USER_SEARCH_SCOPE="" \
     LDAP_USER_SEARCH_FIELD="" \
diff --git a/docker-compose.yml b/docker-compose.yml
index d1a237c3..64d11cd0 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -454,6 +454,9 @@ services:
       # Option to login to the LDAP server with the user's own username and password, instead of an administrator key. Default: false (use administrator key).
       #- LDAP_USER_AUTHENTICATION="true"
       #
+      # Which field is used to find the user for the user authentication. Default: uid.
+      #- LDAP_USER_AUTHENTICATION_FIELD="uid"
+      #
       # Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed
       #- LDAP_USER_SEARCH_FILTER=
       #
diff --git a/packages/wekan-ldap/server/ldap.js b/packages/wekan-ldap/server/ldap.js
index 56429dce..bd2cd1fb 100644
--- a/packages/wekan-ldap/server/ldap.js
+++ b/packages/wekan-ldap/server/ldap.js
@@ -27,6 +27,7 @@ export default class LDAP {
       BaseDN                             : this.constructor.settings_get('LDAP_BASEDN'),
       Internal_Log_Level                 : this.constructor.settings_get('INTERNAL_LOG_LEVEL'),
       User_Authentication                : this.constructor.settings_get('LDAP_USER_AUTHENTICATION'),
+      User_Authentication_Field          : this.constructor.settings_get('LDAP_USER_AUTHENTICATION_FIELD'),
       User_Attributes                    : this.constructor.settings_get('LDAP_USER_ATTRIBUTES'),
       User_Search_Filter                 : this.constructor.settings_get('LDAP_USER_SEARCH_FILTER'),
       User_Search_Scope                  : this.constructor.settings_get('LDAP_USER_SEARCH_SCOPE'),
@@ -226,7 +227,7 @@ export default class LDAP {
 
     if (!this.options.BaseDN) throw new Error('BaseDN is not provided');
 
-    const userDn = `uid=${username},${this.options.BaseDN}`;
+    const userDn = `${this.options.User_Authentication_Field}=${username},${this.options.BaseDN}`;
 
     this.bindSync(userDn, password);
     this.domainBinded = true;
diff --git a/releases/virtualbox/start-wekan.sh b/releases/virtualbox/start-wekan.sh
index a1b0fa69..8ade2f7f 100755
--- a/releases/virtualbox/start-wekan.sh
+++ b/releases/virtualbox/start-wekan.sh
@@ -245,6 +245,8 @@
         #export LDAP_REJECT_UNAUTHORIZED=false
         # Option to login to the LDAP server with the user's own username and password, instead of an administrator key. Default: false (use administrator key).
         #export LDAP_USER_AUTHENTICATION=true
+        # Which field is used to find the user for the user authentication. Default: uid.
+        #export LDAP_USER_AUTHENTICATION_FIELD=uid
         # LDAP_USER_SEARCH_FILTER : Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed
         # example :  export LDAP_USER_SEARCH_FILTER=
         #export LDAP_USER_SEARCH_FILTER=
diff --git a/snap-src/bin/config b/snap-src/bin/config
index 522635cd..551c9fde 100755
--- a/snap-src/bin/config
+++ b/snap-src/bin/config
@@ -3,7 +3,7 @@
 # All supported keys are defined here together with descriptions and default values
 
 # list of supported keys
-keys="DEBUG MONGODB_BIND_UNIX_SOCKET MONGODB_BIND_IP MONGODB_PORT MAIL_URL MAIL_FROM ROOT_URL PORT DISABLE_MONGODB CADDY_ENABLED CADDY_BIND_PORT WITH_API RICHER_CARD_COMMENT_EDITOR ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURES_BEFORE ACCOUNTS_LOCKOUT_KNOWN_USERS_PERIOD ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURE_WINDOW ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURES_BERORE ACCOUNTS_LOCKOUT_UNKNOWN_USERS_LOCKOUT_PERIOD ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURE_WINDOW  MAX_IMAGE_PIXEL IMAGE_COMPRESS_RATIO BIGEVENTS_PATTERN NOTIFY_DUE_DAYS_BEFORE_AND_AFTER NOTIFY_DUE_AT_HOUR_OF_DAY EMAIL_NOTIFICATION_TIMEOUT CORS CORS_ALLOW_HEADERS CORS_EXPOSE_HEADERS MATOMO_ADDRESS MATOMO_SITE_ID MATOMO_DO_NOT_TRACK MATOMO_WITH_USERNAME BROWSER_POLICY_ENABLED TRUSTED_URL WEBHOOKS_ATTRIBUTES OAUTH2_ENABLED OAUTH2_LOGIN_STYLE OAUTH2_CLIENT_ID OAUTH2_SECRET OAUTH2_SERVER_URL OAUTH2_AUTH_ENDPOINT OAUTH2_USERINFO_ENDPOINT OAUTH2_TOKEN_ENDPOINT OAUTH2_ID_MAP OAUTH2_USERNAME_MAP OAUTH2_FULLNAME_MAP OAUTH2_ID_TOKEN_WHITELIST_FIELDS OAUTH2_EMAIL_MAP OAUTH2_REQUEST_PERMISSIONS LDAP_ENABLE LDAP_PORT LDAP_HOST LDAP_BASEDN LDAP_LOGIN_FALLBACK LDAP_RECONNECT LDAP_TIMEOUT LDAP_IDLE_TIMEOUT LDAP_CONNECT_TIMEOUT LDAP_AUTHENTIFICATION LDAP_AUTHENTIFICATION_USERDN LDAP_AUTHENTIFICATION_PASSWORD LDAP_LOG_ENABLED LDAP_BACKGROUND_SYNC LDAP_BACKGROUND_SYNC_INTERVAL LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS LDAP_ENCRYPTION LDAP_CA_CERT LDAP_REJECT_UNAUTHORIZED LDAP_USER_AUTHENTICATION LDAP_USER_SEARCH_FILTER LDAP_USER_SEARCH_SCOPE LDAP_USER_SEARCH_FIELD LDAP_SEARCH_PAGE_SIZE LDAP_SEARCH_SIZE_LIMIT LDAP_GROUP_FILTER_ENABLE LDAP_GROUP_FILTER_OBJECTCLASS LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT LDAP_GROUP_FILTER_GROUP_NAME LDAP_UNIQUE_IDENTIFIER_FIELD LDAP_UTF8_NAMES_SLUGIFY LDAP_USERNAME_FIELD LDAP_FULLNAME_FIELD LDAP_MERGE_EXISTING_USERS LDAP_SYNC_USER_DATA LDAP_SYNC_USER_DATA_FIELDMAP LDAP_SYNC_GROUP_ROLES LDAP_DEFAULT_DOMAIN LDAP_EMAIL_MATCH_ENABLE LDAP_EMAIL_MATCH_REQUIRE LDAP_EMAIL_MATCH_VERIFIED LDAP_EMAIL_FIELD LDAP_SYNC_ADMIN_STATUS LDAP_SYNC_ADMIN_GROUPS HEADER_LOGIN_ID HEADER_LOGIN_FIRSTNAME HEADER_LOGIN_LASTNAME HEADER_LOGIN_EMAIL LOGOUT_WITH_TIMER LOGOUT_IN LOGOUT_ON_HOURS LOGOUT_ON_MINUTES DEFAULT_AUTHENTICATION_METHOD"
+keys="DEBUG MONGODB_BIND_UNIX_SOCKET MONGODB_BIND_IP MONGODB_PORT MAIL_URL MAIL_FROM ROOT_URL PORT DISABLE_MONGODB CADDY_ENABLED CADDY_BIND_PORT WITH_API RICHER_CARD_COMMENT_EDITOR ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURES_BEFORE ACCOUNTS_LOCKOUT_KNOWN_USERS_PERIOD ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURE_WINDOW ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURES_BERORE ACCOUNTS_LOCKOUT_UNKNOWN_USERS_LOCKOUT_PERIOD ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURE_WINDOW  MAX_IMAGE_PIXEL IMAGE_COMPRESS_RATIO BIGEVENTS_PATTERN NOTIFY_DUE_DAYS_BEFORE_AND_AFTER NOTIFY_DUE_AT_HOUR_OF_DAY EMAIL_NOTIFICATION_TIMEOUT CORS CORS_ALLOW_HEADERS CORS_EXPOSE_HEADERS MATOMO_ADDRESS MATOMO_SITE_ID MATOMO_DO_NOT_TRACK MATOMO_WITH_USERNAME BROWSER_POLICY_ENABLED TRUSTED_URL WEBHOOKS_ATTRIBUTES OAUTH2_ENABLED OAUTH2_LOGIN_STYLE OAUTH2_CLIENT_ID OAUTH2_SECRET OAUTH2_SERVER_URL OAUTH2_AUTH_ENDPOINT OAUTH2_USERINFO_ENDPOINT OAUTH2_TOKEN_ENDPOINT OAUTH2_ID_MAP OAUTH2_USERNAME_MAP OAUTH2_FULLNAME_MAP OAUTH2_ID_TOKEN_WHITELIST_FIELDS OAUTH2_EMAIL_MAP OAUTH2_REQUEST_PERMISSIONS LDAP_ENABLE LDAP_PORT LDAP_HOST LDAP_BASEDN LDAP_LOGIN_FALLBACK LDAP_RECONNECT LDAP_TIMEOUT LDAP_IDLE_TIMEOUT LDAP_CONNECT_TIMEOUT LDAP_AUTHENTIFICATION LDAP_AUTHENTIFICATION_USERDN LDAP_AUTHENTIFICATION_PASSWORD LDAP_LOG_ENABLED LDAP_BACKGROUND_SYNC LDAP_BACKGROUND_SYNC_INTERVAL LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS LDAP_ENCRYPTION LDAP_CA_CERT LDAP_REJECT_UNAUTHORIZED LDAP_USER_AUTHENTICATION LDAP_USER_AUTHENTICATION_FIELD LDAP_USER_SEARCH_FILTER LDAP_USER_SEARCH_SCOPE LDAP_USER_SEARCH_FIELD LDAP_SEARCH_PAGE_SIZE LDAP_SEARCH_SIZE_LIMIT LDAP_GROUP_FILTER_ENABLE LDAP_GROUP_FILTER_OBJECTCLASS LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT LDAP_GROUP_FILTER_GROUP_NAME LDAP_UNIQUE_IDENTIFIER_FIELD LDAP_UTF8_NAMES_SLUGIFY LDAP_USERNAME_FIELD LDAP_FULLNAME_FIELD LDAP_MERGE_EXISTING_USERS LDAP_SYNC_USER_DATA LDAP_SYNC_USER_DATA_FIELDMAP LDAP_SYNC_GROUP_ROLES LDAP_DEFAULT_DOMAIN LDAP_EMAIL_MATCH_ENABLE LDAP_EMAIL_MATCH_REQUIRE LDAP_EMAIL_MATCH_VERIFIED LDAP_EMAIL_FIELD LDAP_SYNC_ADMIN_STATUS LDAP_SYNC_ADMIN_GROUPS HEADER_LOGIN_ID HEADER_LOGIN_FIRSTNAME HEADER_LOGIN_LASTNAME HEADER_LOGIN_EMAIL LOGOUT_WITH_TIMER LOGOUT_IN LOGOUT_ON_HOURS LOGOUT_ON_MINUTES DEFAULT_AUTHENTICATION_METHOD"
 
 # default values
 DESCRIPTION_DEBUG="Debug OIDC OAuth2 etc. Example: sudo snap set wekan debug='true'"
@@ -294,6 +294,10 @@ DESCRIPTION_LDAP_USER_AUTHENTICATION="Option to login to the LDAP server with th
 DEFAULT_LDAP_USER_AUTHENTICATION="false"
 KEY_LDAP_USER_AUTHENTICATION="ldap-user-authentication"
 
+DESCRIPTION_LDAP_USER_AUTHENTICATION_FIELD="Which field is used to find the user for the user authentication. Default: uid."
+DEFAULT_LDAP_USER_AUTHENTICATION_FIELD="uid"
+KEY_LDAP_USER_AUTHENTICATION_FIELD="ldap-user-authentication-field"
+
 DESCRIPTION_LDAP_USER_SEARCH_FILTER="Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed"
 DEFAULT_LDAP_USER_SEARCH_FILTER=""
 KEY_LDAP_USER_SEARCH_FILTER="ldap-user-search-filter"
diff --git a/snap-src/bin/wekan-help b/snap-src/bin/wekan-help
index 19bc1462..faa56f65 100755
--- a/snap-src/bin/wekan-help
+++ b/snap-src/bin/wekan-help
@@ -306,6 +306,9 @@ echo -e "\n"
 echo -e "Option to login to the LDAP server with the user's own username and password, instead of an administrator key. Default: false (use administrator key)."
 echo -e "\t$ snap set $SNAP_NAME ldap-user-authentication='true'"
 echo -e "\n"
+echo -e "Which field is used to find the user for the user authentication. Default: uid."
+echo -e "\t$ snap set $SNAP_NAME ldap-user-authentication-field='uid'"
+echo -e "\n"
 echo -e "Ldap User Search Filter."
 echo -e "Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed:"
 echo -e "\t$ snap set $SNAP_NAME ldap-user-search-filter=''"
diff --git a/start-wekan.bat b/start-wekan.bat
index f51d1f08..f6b0d1dd 100755
--- a/start-wekan.bat
+++ b/start-wekan.bat
@@ -244,6 +244,9 @@ REM SET LDAP_REJECT_UNAUTHORIZED=false
 REM # Option to login to the LDAP server with the user's own username and password, instead of an administrator key. Default: false (use administrator key).
 REM SET LDAP_USER_AUTHENTICATION=true
 
+REM # Which field is used to find the user for the user authentication. Default: uid.
+REM SET LDAP_USER_AUTHENTICATION_FIELD=uid
+
 REM # LDAP_USER_SEARCH_FILTER : Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed
 REM # example : LDAP_USER_SEARCH_FILTER=
 REM SET LDAP_USER_SEARCH_FILTER=
diff --git a/start-wekan.sh b/start-wekan.sh
index 48f8f517..4516e28b 100755
--- a/start-wekan.sh
+++ b/start-wekan.sh
@@ -247,6 +247,8 @@
       #export LDAP_REJECT_UNAUTHORIZED=false
       # Option to login to the LDAP server with the user's own username and password, instead of an administrator key. Default: false (use administrator key).
       #export LDAP_USER_AUTHENTICATION=true
+      # Which field is used to find the user for the user authentication. Default: uid.
+      #export LDAP_USER_AUTHENTICATION_FIELD=uid
       # LDAP_USER_SEARCH_FILTER : Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed
       # example :  export LDAP_USER_SEARCH_FILTER=
       #export LDAP_USER_SEARCH_FILTER=
-- 
cgit v1.2.3-1-g7c22