From de109aaeafde6a375441970bcb40136cdb7dff45 Mon Sep 17 00:00:00 2001 From: Frederic Guillot Date: Sat, 18 Jul 2015 10:17:18 -0400 Subject: Add new config option to disable automatic creation of LDAP accounts --- app/Auth/Ldap.php | 2 +- app/constants.php | 1 + config.default.php | 3 +++ docs/config.markdown | 3 +++ docs/ldap-authentication.markdown | 18 +++++++++++++++++- 5 files changed, 25 insertions(+), 2 deletions(-) diff --git a/app/Auth/Ldap.php b/app/Auth/Ldap.php index 3ee6ec9b..c1459b4e 100644 --- a/app/Auth/Ldap.php +++ b/app/Auth/Ldap.php @@ -46,7 +46,7 @@ class Ldap extends Base else { // We create automatically a new user - if ($this->createUser($username, $result['name'], $result['email'])) { + if (LDAP_ACCOUNT_CREATION && $this->createUser($username, $result['name'], $result['email'])) { $user = $this->user->getByUsername($username); } else { diff --git a/app/constants.php b/app/constants.php index 7270db23..83fba468 100644 --- a/app/constants.php +++ b/app/constants.php @@ -35,6 +35,7 @@ defined('LDAP_ACCOUNT_FULLNAME') or define('LDAP_ACCOUNT_FULLNAME', 'displayname defined('LDAP_ACCOUNT_EMAIL') or define('LDAP_ACCOUNT_EMAIL', 'mail'); defined('LDAP_ACCOUNT_ID') or define('LDAP_ACCOUNT_ID', ''); defined('LDAP_USERNAME_CASE_SENSITIVE') or define('LDAP_USERNAME_CASE_SENSITIVE', false); +defined('LDAP_ACCOUNT_CREATION') or define('LDAP_ACCOUNT_CREATION', true); // Google authentication defined('GOOGLE_AUTH') or define('GOOGLE_AUTH', false); diff --git a/config.default.php b/config.default.php index 38453455..c392dcad 100644 --- a/config.default.php +++ b/config.default.php @@ -109,6 +109,9 @@ define('LDAP_ACCOUNT_ID', 'samaccountname'); // Set to true if you want to preserve the case define('LDAP_USERNAME_CASE_SENSITIVE', false); +// Automatically create user account +define('LDAP_ACCOUNT_CREATION', true); + // Enable/disable Google authentication define('GOOGLE_AUTH', false); diff --git a/docs/config.markdown b/docs/config.markdown index aca605ca..45ba7a91 100644 --- a/docs/config.markdown +++ b/docs/config.markdown @@ -135,6 +135,9 @@ define('LDAP_ACCOUNT_ID', 'samaccountname'); // By default Kanboard lowercase the ldap username to avoid duplicate users (the database is case sensitive) // Set to true if you want to preserve the case define('LDAP_USERNAME_CASE_SENSITIVE', false); + +// Automatically create user account +define('LDAP_ACCOUNT_CREATION', true); ``` Google Authentication settings diff --git a/docs/ldap-authentication.markdown b/docs/ldap-authentication.markdown index 2428194d..8c7e5ff5 100644 --- a/docs/ldap-authentication.markdown +++ b/docs/ldap-authentication.markdown @@ -17,7 +17,7 @@ When the LDAP authentication is activated, the login process work like that: 1. Try first to authenticate the user by using the database 2. If the user is not found inside the database, a LDAP authentication is performed -3. If the LDAP authentication is successful, a local user is created automatically with no password and marked as LDAP user. +3. If the LDAP authentication is successful, by default a local user is created automatically with no password and marked as LDAP user. ### Differences between a local user and a LDAP user are the following: @@ -85,6 +85,22 @@ define('LDAP_ACCOUNT_ID', 'samaccountname'); // By default Kanboard lowercase the ldap username to avoid duplicate users (the database is case sensitive) // Set to true if you want to preserve the case define('LDAP_USERNAME_CASE_SENSITIVE', false); + +// Automatically create user account +define('LDAP_ACCOUNT_CREATION', true); +``` + +### Disable automatic account creation + +By default, Kanboard will create automatically a user account if nothing is found. + +You can disable this behavior if you prefer to create user accounts manually to restrict Kanboard to only some people. + +Just change the value of `LDAP_ACCOUNT_CREATION` to `false`: + +```php +// Automatically create user account +define('LDAP_ACCOUNT_CREATION', false); ``` ### LDAP bind type -- cgit v1.2.3