55a880c9ac
Fix typo
...
14a18a42b7
2024-10-30 17:41:57 +01:00
61341b8380
boxerror: always pass second error string
2024-10-30 17:32:12 +01:00
14a18a42b7
Avoid crash in externalldap if search result has no username
2024-10-22 14:49:14 +02:00
2c28eddc2b
Fix linter errors
2024-10-22 14:40:53 +02:00
793ee38f79
external ldap: show proper error message on timeout
2024-01-23 23:27:06 +01:00
4f0bbcc73b
externaldap: 2fa validation for supported sources
...
a request to verify password to externaldap.js logic can come from
* cloudron app (via ldapserver.js)
* dashboard (via oidc.js) or proxy auth (proxyauth.js) or CLI (accesscontrol.js)
the only supported source is the 'cloudron' provider at this point
2024-01-22 21:35:19 +01:00
13b9bed48b
externalldap: when using cloudron source, disable local 2fa setup
2024-01-20 12:44:19 +01:00
8bdcdd7810
groups: members cannot be set for external groups
2024-01-19 23:23:25 +01:00
06ce351d82
externalldap: set group members as a single transaction
2024-01-19 17:24:35 +01:00
ee43dff35f
externalldap: reset group source when disabled
2024-01-13 22:35:23 +01:00
8771158f10
Fix test
2024-01-13 21:29:40 +01:00
46a589f794
Use BAD_STATE consistently for demo mode
2024-01-13 21:15:41 +01:00
257dc4e271
external ldap: run syncer every 4 hours
...
hardcoded for now but we should make this configurable
2024-01-13 15:53:14 +01:00
4136272382
externalldap: add eventlog
2024-01-13 13:22:26 +01:00
40c82b3e48
external directory: reset auth source when disabled
...
this allows existing users to login (including the owner itself)
The alternative is to have some system where we have unique superadmin users across cloudrons which don’t get trampled upon by a sync. This is a bit unrealistic. For the future, we could also design this such that ldap auth is asked for in the initial step i.e at superadmin creation time.
If LDAP connection is lost/down, user can always use 'cloudron-support —owner-login'
2024-01-13 11:51:12 +01:00
5b7667fa4d
external ldap: ensure dashboard login does totp check
2024-01-08 11:55:35 +01:00
053f81a53e
externalldap: add tests
2024-01-07 22:04:22 +01:00
1ca46a064c
ldap: use proper error message instead of dn
...
the dn is already in lde_dn field of the error object.
lde_message is the message
2024-01-03 15:23:22 +01:00
d2c702f890
eventlog: always use AuditSource objects as source field
2023-08-28 08:13:56 +05:30
6aad89ae6e
demo is just a constant, not a setting
2023-08-04 14:13:30 +05:30
bbc6ba1a35
settings: move service setting into services.js
...
this also introduces getJson/setJson
2023-08-03 11:50:00 +05:30
4a34c390f8
settings: move externaldap setting
2023-08-03 02:43:26 +05:30
65769e5701
ldap uses lower-case attributes
2023-07-31 13:12:39 +02:00
057e4db6c1
use debug instead of console.error
2023-04-30 21:49:34 +02:00
c4f4f3e914
logs: use %o to format error
...
otherwise, they are printed as multi-line and this messes up tail+date formatting
2023-04-16 10:49:59 +02:00
53e9eccf72
unify totp check
...
the totp check is done in several places causing errors like 3552232e99
2023-03-12 16:01:12 +01:00
41b03e3fef
Ensure ldap client always has an error handler
2023-01-12 14:39:58 +01:00
88eb809c6e
For ldap users created on first login, make sure we also check 2fa if enabled
2022-08-03 18:20:43 +02:00
a2a60ff426
Add support for LDAP cn=...+totptoken=.. support
2022-08-02 15:27:34 +02:00
0cd48bd239
Ensure LDAP usernames are always treated lowercase
2022-04-23 11:21:14 +02:00
7f89dfd261
add once.js
2022-04-15 19:01:35 -05:00
b54c4bb399
Fixup cn attribute for ldap to be according to spec
2022-02-18 17:43:47 +01:00
63fe75ecd2
Reduce noisy externalldap debug()s
2021-11-26 09:55:59 +01:00
92f0f56fae
do not strictly require fallbackEmail on user creation but provide a fallback
2021-10-28 10:29:02 +02:00
cef5c1e78c
Use normal bind()
2021-10-26 18:47:51 +02:00
50ff6b99e0
More external ldap fixes after the test tests the correct thing
2021-10-26 18:04:25 +02:00
84884b969e
Fix external ldap bind
...
See "Losing context" https://masteringjs.io/tutorials/node/promisify
2021-10-26 11:55:58 +02:00
445c83c8b9
make auditsource a class
...
this allows us to use AuditSource for the class and auditSource for
the instances!
2021-09-30 10:13:36 -07:00
48056d7451
If we detect a local user with the same username as found on LDAP/AD we map it
2021-09-13 21:17:41 +02:00
1856caf972
externalldap: async'ify
...
and make the tests work again
2021-09-01 21:33:27 -07:00
8d43015867
Asyncify some external ldap sync code
2021-09-01 14:47:43 +02:00
411cc7daa1
merge settingsdb into settings code
2021-08-19 17:45:40 -07:00
a1c61facdc
merge userdb.js into users.js
2021-07-16 22:33:22 -07:00
e59d0e878d
merge taskdb into tasks.js
2021-07-14 10:37:12 -07:00
ea430b255b
make the tests work
2021-06-29 11:01:46 -07:00
31498afe39
async'ify the groups code
2021-06-29 09:08:45 -07:00
442110a437
lint
2021-05-01 11:21:09 -07:00
1b307632ab
Use debug instead of console.* everywhere
...
No need to patch up console.* anymore
also removes supererror
2020-08-02 12:04:55 -07:00
fbc666f178
Make externalldap sync more robust
2020-07-30 15:08:01 +02:00
d9bf6c0933
also support uniqueMember property next to member for ldap groups
2020-07-01 17:08:17 +02:00
Girish Ramakrishnan