diff --git a/config/default.toml b/config/default.toml index bea73175..93fbab01 100644 --- a/config/default.toml +++ b/config/default.toml @@ -112,6 +112,8 @@ host="localhost" port=3002 baseDN="ou=users,dc=company" filter="(|(username={{username}})(mail={{username}}))" +#Username field in LDAP (uid/cn/username) +uidTag="username" passwordresetlink="" [postfixbounce] diff --git a/lib/passport.js b/lib/passport.js index 15f069db..60bbbe3d 100644 --- a/lib/passport.js +++ b/lib/passport.js @@ -16,7 +16,9 @@ let LdapStrategy; try { LdapStrategy = require('passport-ldapjs').Strategy; // eslint-disable-line global-require } catch (E) { - // ignore + if (config.ldap.enabled) { + log.info('LDAP', 'Module "passport-ldapjs" not installed. LDAP auth will fail.'); + } } module.exports.csrfProtection = csrf({ @@ -80,27 +82,28 @@ if (config.ldap.enabled && LdapStrategy) { base: config.ldap.baseDN, search: { filter: config.ldap.filter, - attributes: ['username', 'mail'], + attributes: [config.ldap.uidTag, 'mail'], scope: 'sub' - } + }, + uidTag: config.ldap.uidTag }; passport.use(new LdapStrategy(opts, (profile, done) => { - users.findByUsername(profile.username, (err, user) => { + users.findByUsername(profile[config.ldap.uidTag], (err, user) => { if (err) { return done(err); } if (!user) { // password is empty for ldap - users.add(profile.username, '', profile.mail, (err, id) => { + users.add(profile[config.ldap.uidTag], '', profile.mail, (err, id) => { if (err) { return done(err); } return done(null, { id, - username: profile.username + username: profile[config.ldap.uidTag] }); }); } else {