Commit Graph

29 Commits

Author SHA1 Message Date
Unknwon 401bf944ef Use SecurityProtocol to replace UseSSL in LDAP config
Initially proposed by #2376 and fixes #3068 as well.
2016-07-08 07:25:09 +08:00
Paul Tötterman fb970b9d87 Add ServerName to tls.Config in LDAP auth (#3104)
From https://godoc.org/crypto/tls#Config

    ServerName is used to verify the hostname on the returned
    certificates unless InsecureSkipVerify is given. It is also included
    in the client's handshake to support virtual hosting unless it is
    an IP address.

This is needed for certificate validation without InsecureSkipVerify.
2016-06-01 01:11:28 -07:00
Adam Strzelecki 5649556a33 LDAP: Make a bit more detailed log traces
This is useful especially to check whether we fetch right attributes, using
right LDAP search base and in right order.
2016-02-20 14:12:32 +01:00
Adam Strzelecki 834d92a47b LDAP: Fetch attributes in Bind DN context option
This is feature is workaround for #2628 (JumpCloud) and some other services
that allow LDAP search only under BindDN user account, but not allow any LDAP
search query in logged user DN context.

Such approach is an alternative to minimal permissions security pattern for
BindDN user.
2016-02-20 14:12:32 +01:00
Adam Strzelecki e2f95c2845 LDAP: Use single connection in BindDN mode auth
According to RFC 4511 4.2.1. Processing of the Bind Request "Clients may send
multiple Bind requests to change the authentication and/or security
associations or to complete a multi-stage Bind process. Authentication from
earlier binds is subsequently ignored."

Therefore we should not use 2 connections, but single one just sending two bind
requests.
2016-02-20 14:01:47 +01:00
Adam Strzelecki 3808638df1 Fix #2221 LDAP username attribute must be fetched
This is fix-up for 573305f. Forgot to fetch AttributeUsername value from the
LDAP server, so the setting was effectively not working as intended.
2016-02-07 18:18:29 +01:00
Alex Myasoedov ae54d878c0 Fix misspelled words 2015-12-06 16:42:23 +02:00
Adam Strzelecki 573305f3d3 LDAP: Optional user name attribute specification
Consider following LDAP search query example:

    (&(objectClass=Person)(|(uid=%s)(mail=%s)))

Right now on first login attempt Gogs will use the text supplied on login form
as the newly created user name. In example query above the text matches against
both e-mail or user name. So if user puts the e-mail then the new Gogs user
name will be e-mail which may be undesired.

Using optional user name attribute setting we can explicitly say we want Gogs
user name to be certain LDAP attribute eg. `uid`, so even user will use e-mail
to login 1st time, the new account will receive correct user name.
2015-12-02 00:20:14 +01:00
Unknwon aaa3f1b2b9 Use better LDAP lib and should fix #1139 2015-11-26 14:04:58 -05:00
Unknwon f255b1e86d #1896 fatal when no needed update task 2015-11-04 21:57:10 -05:00
Sergio Benitez 630ebbe6c2 Sanitizing input to LDAP authentication module. 2015-10-26 18:08:59 -07:00
Unknwon 6a1907d994 revert simple LDAP userDN and update example 2015-09-16 12:15:14 -04:00
Unknwon f5c7f22cc8 #1637 able to skip verify for LDAP 2015-09-14 15:48:51 -04:00
Unknwon 2bc3e83e1c fix simple LDAP userDN 2015-09-14 12:24:37 -04:00
Sergio Benitez 2d1db4bf05 Added LDAP simple auth support. 2015-09-04 20:48:34 -07:00
Unknwon f1adbca0f1 #1554 check adminFilter length before LDAP search 2015-09-01 08:40:11 -04:00
Girish Ramakrishnan 24d7a86a8d Set IsAdmin using LDAP
The IsAdmin flag is set based on whether the admin filter
returned any result. The admin filter is applied with the user dn
as the search root.

In the future, we should update IsAdmin as well on each login.
Alternately, we can have a periodic sync operation.
2015-08-18 23:49:12 -07:00
Unknwon 6235bd1fe9 work on #986 and fix a LDAP crash 2015-08-18 04:03:11 +08:00
Unknwon 55ccb00a47 Merge branch 'develop' of https://github.com/SergioBenitez/gogs into develop
# Conflicts:
#	modules/bindata/bindata.go
2015-08-16 14:31:54 +08:00
Sergio Benitez 7d84d4a8f0 Significantly enhanced LDAP support in Gogs. 2015-08-12 17:01:22 -07:00
Lauris BH 00653e52ee Get username, name, surname and e-mail from LDAP server 2015-02-08 01:49:51 +02:00
Joseph Crail 39c068400e Fix spelling errors in comments. 2014-12-06 20:22:48 -05:00
Unknwon 59a7c7c5a5 Remove ldap dep 2014-09-07 20:04:47 -04:00
Unknwon 8dd07c0ddd New UI merge in progress 2014-07-26 00:24:27 -04:00
Lunny Xiao f6c94c29d5 implicated error for ldap dial 2014-05-16 10:31:39 +08:00
Sebastian Jackel eb264a112b Add LDAP over SSL support 2014-05-15 14:27:16 +02:00
Lunny Xiao 55019bfbc5 merge all login methods 2014-05-11 14:12:45 +08:00
Lunny Xiao 79ea34e70e ldap support 2014-05-03 10:48:14 +08:00
juju2013 efc05ea1de initial support for LDAP authentication/MSAD 2014-04-23 23:07:54 +02:00