diff options
| author | Frederic Guillot <fred@kanboard.net> | 2015-02-20 19:42:27 -0500 |
|---|---|---|
| committer | Frederic Guillot <fred@kanboard.net> | 2015-02-20 19:42:27 -0500 |
| commit | 7c2bf746f2790e724b56bb1b05614bd1cd6df2f4 (patch) | |
| tree | bb6ba812375bd35efd2ba1028e281811521da1c5 | |
| parent | 8214aae1d6c60b3d6726729d7532d8ee0df629ce (diff) | |
Lowercase LDAP usernames by default for authentication
| -rw-r--r-- | app/Auth/Ldap.php | 1 | ||||
| -rw-r--r-- | app/constants.php | 1 | ||||
| -rw-r--r-- | config.default.php | 4 | ||||
| -rw-r--r-- | docs/ldap-authentication.markdown | 9 |
4 files changed, 15 insertions, 0 deletions
diff --git a/app/Auth/Ldap.php b/app/Auth/Ldap.php index e9bb5815..376d16f6 100644 --- a/app/Auth/Ldap.php +++ b/app/Auth/Ldap.php @@ -29,6 +29,7 @@ class Ldap extends Base */ public function authenticate($username, $password) { + $username = LDAP_USERNAME_CASE_SENSITIVE ? $username : strtolower($username); $result = $this->findUser($username, $password); if (is_array($result)) { diff --git a/app/constants.php b/app/constants.php index 064e0211..39ab5470 100644 --- a/app/constants.php +++ b/app/constants.php @@ -36,6 +36,7 @@ defined('LDAP_USER_PATTERN') or define('LDAP_USER_PATTERN', ''); defined('LDAP_ACCOUNT_FULLNAME') or define('LDAP_ACCOUNT_FULLNAME', 'displayname'); defined('LDAP_ACCOUNT_EMAIL') or define('LDAP_ACCOUNT_EMAIL', 'mail'); defined('LDAP_ACCOUNT_ID') or define('LDAP_ACCOUNT_ID', ''); +defined('LDAP_USERNAME_CASE_SENSITIVE') or define('LDAP_USERNAME_CASE_SENSITIVE', false); // Google authentication defined('GOOGLE_AUTH') or define('GOOGLE_AUTH', false); diff --git a/config.default.php b/config.default.php index c6b4599b..ab3e3b8c 100644 --- a/config.default.php +++ b/config.default.php @@ -85,6 +85,10 @@ define('LDAP_ACCOUNT_EMAIL', 'mail'); // Example for OpenLDAP: 'uid' define('LDAP_ACCOUNT_ID', 'samaccountname'); +// By default Kanboard lowercase the ldap username to avoid duplicate users (the database is case sensitive) +// Set to true if you want to preserve the case +define('LDAP_USERNAME_CASE_SENSITIVE', false); + // Enable/disable Google authentication define('GOOGLE_AUTH', false); diff --git a/docs/ldap-authentication.markdown b/docs/ldap-authentication.markdown index 0428d8e0..2428194d 100644 --- a/docs/ldap-authentication.markdown +++ b/docs/ldap-authentication.markdown @@ -76,6 +76,15 @@ define('LDAP_ACCOUNT_FULLNAME', 'displayname'); // Name of an attribute of the user account object which should be used as the email of the user. define('LDAP_ACCOUNT_EMAIL', 'mail'); + +// Name of an attribute of the user account object which should be used as the id of the user. +// Example for ActiveDirectory: 'samaccountname' +// Example for OpenLDAP: 'uid' +define('LDAP_ACCOUNT_ID', 'samaccountname'); + +// By default Kanboard lowercase the ldap username to avoid duplicate users (the database is case sensitive) +// Set to true if you want to preserve the case +define('LDAP_USERNAME_CASE_SENSITIVE', false); ``` ### LDAP bind type |