# LDAP_BIND_DN=
# LDAP_PASSWORD=
# LDAP_UID=cn
+# LDAP_SEARCH_FILTER="%{uid}=%{email}"
# PAM authentication (optional)
# PAM authentication uses for the email generation the "email" pam variable
@@ldap_password = nil
mattr_accessor :ldap_tls_no_verify
@@ldap_tls_no_verify = false
+ mattr_accessor :ldap_search_filter
+ @@ldap_search_filter = nil
class Strategies::PamAuthenticatable
def valid?
config.ldap_password = ENV.fetch('LDAP_PASSWORD')
config.ldap_uid = ENV.fetch('LDAP_UID', 'cn')
config.ldap_tls_no_verify = ENV['LDAP_TLS_NO_VERIFY'] == 'true'
+ config.ldap_search_filter = ENV.fetch('LDAP_SEARCH_FILTER', '%{uid}=%{email}')
end
end
connect_timeout: 10
)
- if (user_info = ldap.bind_as(base: Devise.ldap_base, filter: "(#{Devise.ldap_uid}=#{email})", password: password))
+ filter = format(Devise.ldap_search_filter, uid: Devise.ldap_uid, email: email)
+ if (user_info = ldap.bind_as(base: Devise.ldap_base, filter: filter, password: password))
user = User.ldap_get_user(user_info.first)
success!(user)
else
cat aescling's git repositories / mastodon.git / commitdiff