From 2e5def404f28d93dc046725f0eaef39000b589a2 Mon Sep 17 00:00:00 2001 From: vladimir Date: Wed, 15 Mar 2017 19:10:00 +0200 Subject: [PATCH 1/3] [bugfix] Fix LDAP issue with OpenLDAP/MS AD --- config/default.toml | 2 ++ lib/passport.js | 11 ++++++----- package.json | 1 + 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/config/default.toml b/config/default.toml index bea73175..93fbab01 100644 --- a/config/default.toml +++ b/config/default.toml @@ -112,6 +112,8 @@ host="localhost" port=3002 baseDN="ou=users,dc=company" filter="(|(username={{username}})(mail={{username}}))" +#Username field in LDAP (uid/cn/username) +uidTag="username" passwordresetlink="" [postfixbounce] diff --git a/lib/passport.js b/lib/passport.js index 15f069db..2b6a8359 100644 --- a/lib/passport.js +++ b/lib/passport.js @@ -80,27 +80,28 @@ if (config.ldap.enabled && LdapStrategy) { base: config.ldap.baseDN, search: { filter: config.ldap.filter, - attributes: ['username', 'mail'], + attributes: [config.ldap.uidTag, 'mail'], scope: 'sub' - } + }, + uidTag: config.ldap.uidTag }; passport.use(new LdapStrategy(opts, (profile, done) => { - users.findByUsername(profile.username, (err, user) => { + users.findByUsername(profile[config.ldap.uidTag], (err, user) => { if (err) { return done(err); } if (!user) { // password is empty for ldap - users.add(profile.username, '', profile.mail, (err, id) => { + users.add(profile[config.ldap.uidTag], '', profile.mail, (err, id) => { if (err) { return done(err); } return done(null, { id, - username: profile.username + username: profile[config.ldap.uidTag] }); }); } else { diff --git a/package.json b/package.json index dab0933f..811c0354 100644 --- a/package.json +++ b/package.json @@ -82,6 +82,7 @@ "npmlog": "^4.0.2", "openpgp": "^2.4.0", "passport": "^0.3.2", + "passport-ldapjs": "^1.0.2", "passport-local": "^1.0.0", "premailer-api": "^1.0.4", "redfour": "^1.0.0", From 1ca27b6b404e6e4be181be846c5a97dc9e61b190 Mon Sep 17 00:00:00 2001 From: vladimir Date: Wed, 15 Mar 2017 20:26:54 +0200 Subject: [PATCH 2/3] Remove passport-ldapjs from packpage.json and add warning message --- lib/passport.js | 1 + package.json | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/passport.js b/lib/passport.js index 2b6a8359..0a5a0f12 100644 --- a/lib/passport.js +++ b/lib/passport.js @@ -17,6 +17,7 @@ try { LdapStrategy = require('passport-ldapjs').Strategy; // eslint-disable-line global-require } catch (E) { // ignore + console.warn('Module "passport-ldapjs" not installed. LDAP auth will fail.'); } module.exports.csrfProtection = csrf({ diff --git a/package.json b/package.json index 811c0354..dab0933f 100644 --- a/package.json +++ b/package.json @@ -82,7 +82,6 @@ "npmlog": "^4.0.2", "openpgp": "^2.4.0", "passport": "^0.3.2", - "passport-ldapjs": "^1.0.2", "passport-local": "^1.0.0", "premailer-api": "^1.0.4", "redfour": "^1.0.0", From b6497b0e8647e6a2a0db778174e3fb76c27c368d Mon Sep 17 00:00:00 2001 From: vladimir Date: Wed, 15 Mar 2017 20:44:12 +0200 Subject: [PATCH 3/3] Fix logging for ldap module --- lib/passport.js | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/lib/passport.js b/lib/passport.js index 0a5a0f12..60bbbe3d 100644 --- a/lib/passport.js +++ b/lib/passport.js @@ -16,8 +16,9 @@ let LdapStrategy; try { LdapStrategy = require('passport-ldapjs').Strategy; // eslint-disable-line global-require } catch (E) { - // ignore - console.warn('Module "passport-ldapjs" not installed. LDAP auth will fail.'); + if (config.ldap.enabled) { + log.info('LDAP', 'Module "passport-ldapjs" not installed. LDAP auth will fail.'); + } } module.exports.csrfProtection = csrf({