b56bc08e9a
Allow to use email and username for ldap bind
2016-03-24 21:03:04 +01:00
486ced0946
fix LDAP debug
2016-03-04 17:52:27 -08:00
d1c1fb8786
fix ldap debug ("ldap" already appears as part of debug)
2016-03-04 17:51:18 -08:00
86ef9074b1
Add access restriction tests for ldap auth
2016-02-18 17:40:53 +01:00
b41642552d
The ldap property is part of req.connection
2016-02-18 16:40:30 +01:00
b0d11ddcab
Adhere to access control on ldap user bind
2016-02-18 16:04:53 +01:00
34aab65db3
Use the first part of the dn to get the common name in ldap
...
It is no must to have the first part named 'cn' but the first
part is always the id we want to verify
2016-01-25 11:31:57 +01:00
bfc9801699
provide displayName in ldap response when available
2016-01-19 23:47:24 -08:00
f39842a001
ldap: allow non-anonymous searches
...
Add LDAP_BIND_DN and LDAP_BIND_PASSWORD that allow
apps to bind before a search. There appear to be two kinds of
ldap flows:
1. App simply binds using cn=<username>,$LDAP_USERS_BASE_DN. This
works swimmingly today.
2. App searches the username under a "bind_dn" using some admin
credentials. It takes the result and uses the first dn in the
result as the user dn. It then binds as step 1.
This commit tries to help out the case 2) apps. These apps really
insist on having some credentials for searching.
2015-09-25 21:28:47 -07:00
f57aae9545
Fix typo in assert
2015-09-14 11:09:41 -07:00
0c9618f19a
Add ldap.stop
2015-09-14 11:01:35 -07:00
b584fc33f5
CN of admin group is admins
2015-08-18 16:35:52 -07:00
ba7989b57b
Add ldap 'users' group
2015-08-12 17:38:31 +02:00
2436db3b1f
Add ldap memberof attribute
2015-08-12 15:31:44 +02:00
d66b1eef59
Better support for active directory clients
2015-07-28 18:39:16 +02:00
df9d321ac3
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:10:36 -07:00
Johannes Zellner