diff options
| -rw-r--r-- | app/Core/User/UserProperty.php | 2 | ||||
| -rw-r--r-- | app/constants.php | 3 | ||||
| -rw-r--r-- | config.default.php | 3 | ||||
| -rw-r--r-- | doc/en_US/config.markdown | 7 | ||||
| -rw-r--r-- | doc/en_US/ldap-authentication.markdown | 12 |
5 files changed, 24 insertions, 3 deletions
diff --git a/app/Core/User/UserProperty.php b/app/Core/User/UserProperty.php index 348bd7f3..685690c2 100644 --- a/app/Core/User/UserProperty.php +++ b/app/Core/User/UserProperty.php @@ -44,7 +44,7 @@ class UserProperty */ public static function filterProperties(array $profile, array $properties) { - $excludedProperties = array('username'); + $excludedProperties = explode_csv_field(EXTERNAL_AUTH_EXCLUDE_FIELDS); $values = array(); foreach ($properties as $property => $value) { diff --git a/app/constants.php b/app/constants.php index ccd9167d..591d433a 100644 --- a/app/constants.php +++ b/app/constants.php @@ -149,3 +149,6 @@ defined('HTTP_VERIFY_SSL_CERTIFICATE') or define('HTTP_VERIFY_SSL_CERTIFICATE', defined('TOTP_ISSUER') or define('TOTP_ISSUER', 'Kanboard'); defined('PROJECT_ACTIVITIES_MAX_EVENTS') or define('PROJECT_ACTIVITIES_MAX_EVENTS', 10000); + +// Comma separated list of fields to not synchronize when using external authentication providers +defined('EXTERNAL_AUTH_EXCLUDE_FIELDS') or define('EXTERNAL_AUTH_EXCLUDE_FIELDS', 'username'); diff --git a/config.default.php b/config.default.php index 8834868f..ff411480 100644 --- a/config.default.php +++ b/config.default.php @@ -240,3 +240,6 @@ define('TOTP_ISSUER', 'Kanboard'); // Maximum number of events stored in the table "project_activities" define('PROJECT_ACTIVITIES_MAX_EVENTS', 10000); + +// Comma separated list of fields to not synchronize when using external authentication providers +define('EXTERNAL_AUTH_EXCLUDE_FIELDS', 'username'); diff --git a/doc/en_US/config.markdown b/doc/en_US/config.markdown index f5f57b6f..103c859b 100644 --- a/doc/en_US/config.markdown +++ b/doc/en_US/config.markdown @@ -1,4 +1,4 @@ -Config file +Config File =========== You can customize the default settings of Kanboard by adding a file `config.php` at the project root or in the `data` folder. @@ -273,7 +273,7 @@ define('LOG_FILE', __DIR__.DIRECTORY_SEPARATOR.'data'.DIRECTORY_SEPARATOR.'debug ``` Brute-force protection ---------------------- +---------------------- ```php // Enable captcha after 3 authentication failure @@ -338,4 +338,7 @@ define('TOTP_ISSUER', 'Kanboard'); // Maximum number of events stored in the table "project_activities" define('PROJECT_ACTIVITIES_MAX_EVENTS', 10000); + +// Comma separated list of fields to not synchronize when using external authentication providers +define('EXTERNAL_AUTH_EXCLUDE_FIELDS', 'username'); ``` diff --git a/doc/en_US/ldap-authentication.markdown b/doc/en_US/ldap-authentication.markdown index 6d80e9db..c3445e5d 100644 --- a/doc/en_US/ldap-authentication.markdown +++ b/doc/en_US/ldap-authentication.markdown @@ -194,6 +194,18 @@ Just change the value of `LDAP_ACCOUNT_CREATION` to `false`: define('LDAP_ACCOUNT_CREATION', false); ``` +Synchronization +--------------- + +By default, Kanboard will synchronize all fields (role, name, email...) except the username. + +If you would like to change this behavior, use this config parameter: + +```bash +// This example will not synchronize the fields "username" and "role" from LDAP to Kanboard. +define('EXTERNAL_AUTH_EXCLUDE_FIELDS', 'username,role'); +``` + Troubleshooting --------------- |