# LDAP_BIND_DN=
# LDAP_PASSWORD=
# LDAP_UID=cn
+# LDAP_UID_CONVERSION_ENABLED=true
+# LDAP_UID_CONVERSION_SEARCH=., -
+# LDAP_UID_CONVERSION_REPLACE=_
# PAM authentication (optional)
# PAM authentication uses for the email generation the "email" pam variable
# LDAP_PASSWORD=
# LDAP_UID=cn
# LDAP_SEARCH_FILTER=%{uid}=%{email}
+# LDAP_UID_CONVERSION_ENABLED=true
+# LDAP_UID_CONVERSION_SEARCH=., -
+# LDAP_UID_CONVERSION_REPLACE=_
# PAM authentication (optional)
# PAM authentication uses for the email generation the "email" pam variable
end
def ldap_get_user(attributes = {})
- resource = joins(:account).find_by(accounts: { username: attributes[Devise.ldap_uid.to_sym].first })
+ safe_username = attributes[Devise.ldap_uid.to_sym].first
+ if Devise.ldap_uid_conversion_enabled
+ keys = Regexp.union(Devise.ldap_uid_conversion_search.chars)
+ replacement = Devise.ldap_uid_conversion_replace
+
+ safe_username = safe_username.gsub(keys, replacement)
+ end
+
+ resource = joins(:account).find_by(accounts: { username: safe_username })
if resource.blank?
- resource = new(email: attributes[:mail].first, agreement: true, account_attributes: { username: attributes[Devise.ldap_uid.to_sym].first }, admin: false, external: true, confirmed_at: Time.now.utc)
+ resource = new(email: attributes[:mail].first, agreement: true, account_attributes: { username: safe_username }, admin: false, external: true, confirmed_at: Time.now.utc)
resource.save!
end
@@ldap_tls_no_verify = false
mattr_accessor :ldap_search_filter
@@ldap_search_filter = nil
+ mattr_accessor :ldap_uid_conversion_enabled
+ @@ldap_uid_conversion_enabled = false
+ mattr_accessor :ldap_uid_conversion_search
+ @@ldap_uid_conversion_search = nil
+ mattr_accessor :ldap_uid_conversion_replace
+ @@ldap_uid_conversion_replace = nil
class Strategies::PamAuthenticatable
def valid?
config.ldap_uid = ENV.fetch('LDAP_UID', 'cn')
config.ldap_tls_no_verify = ENV['LDAP_TLS_NO_VERIFY'] == 'true'
config.ldap_search_filter = ENV.fetch('LDAP_SEARCH_FILTER', '%{uid}=%{email}')
+ config.ldap_uid_conversion_enabled = ENV['LDAP_UID_CONVERSION_ENABLED'] == 'true'
+ config.ldap_uid_conversion_search = ENV.fetch('LDAP_UID_CONVERSION_SEARCH', '.,- ')
+ config.ldap_uid_conversion_replace = ENV.fetch('LDAP_UID_CONVERSION_REPLACE', '_')
end
end