jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
3,428 Commits 33 Branches 583 Tags
e4e54d87f238eabbe04279cfce623a876c55525e
Commit Graph

51 Commits

Author SHA1 Message Date
Girish Ramakrishnan
49baad349c remove mailbox routes and move it to users 2016-09-23 15:45:40 -07:00
Girish Ramakrishnan
679c8a7d09 Fix all usages of ldap.parseFilter 
Part of #56
 2016-09-19 13:53:48 -07:00
Girish Ramakrishnan
402c875874 ldap : Fix crash with invalid queries 
Fixes #56
 2016-09-19 13:40:26 -07:00
Girish Ramakrishnan
a40abaf1a0 do not crash if the service was never started 
fixes #51
 2016-09-15 11:54:20 -07:00
Girish Ramakrishnan
cc1755105c do not allow access if app is not found 2016-06-17 10:08:41 -05:00
Girish Ramakrishnan
d51d2e5131 start addons and apps in the cloudron network 
also remove getLinkSync, since we don't use linking anymore
 2016-06-17 09:18:10 -05:00
Girish Ramakrishnan
3f602c8a04 verifyWithUsername and not as id 2016-06-08 15:54:22 -07:00
Girish Ramakrishnan
a9f70d8363 add mailbox search endpoint 2016-05-29 18:24:54 -07:00
Girish Ramakrishnan
e91539d79a add a todo 2016-05-29 18:08:16 -07:00
Girish Ramakrishnan
5546bfbf0e add mailbox ldap auth point 2016-05-29 17:25:23 -07:00
Girish Ramakrishnan
803d47b426 refactor authenticate path into a middleware 2016-05-29 17:16:52 -07:00
Girish Ramakrishnan
e4c0192243 rename to appUserBind since it is tailored for apps 2016-05-29 17:07:48 -07:00
Girish Ramakrishnan
6dcecaaf55 log the ldap source 2016-05-16 14:31:57 -07:00
Girish Ramakrishnan
b92ed8d079 cn can also be the cloudron email 
cn can be:
1. username
2. username@fqdn
3. user@personalemail.com
 2016-05-16 12:21:15 -07:00
Girish Ramakrishnan
0838ce4ef8 fix casing 2016-05-16 12:13:23 -07:00
Girish Ramakrishnan
5be05529c2 remove unused ldap ou 2016-05-15 21:25:56 -07:00
Girish Ramakrishnan
0f2037513b remove recvmail bind 2016-05-12 21:48:42 -07:00
Girish Ramakrishnan
9da4e038bd all lower case 2016-05-12 18:54:13 -07:00
Girish Ramakrishnan
b8242c82d6 create bind point for recvmail 2016-05-12 14:33:02 -07:00
Girish Ramakrishnan
442c02fa1b set mailAlternateAddress to username@fqdn 
This is mostly to keep haraka's rcpt_to.ldap happy. That plugin
could do with some love.
 2016-05-12 14:32:15 -07:00
Girish Ramakrishnan
d5306052bb refactor code for readability 2016-05-12 13:36:53 -07:00
Girish Ramakrishnan
8543dbe3be create a new ou for addons 2016-05-12 13:20:57 -07:00
Girish Ramakrishnan
da61d5c0f1 add ou=recvmail for dovecot 2016-05-11 14:26:34 -07:00
Girish Ramakrishnan
62b020e96d add note 2016-05-07 02:34:52 -07:00
Girish Ramakrishnan
2d43e22285 fix typo 2016-05-05 15:26:32 -07:00
Girish Ramakrishnan
b46008f0b1 add sendmail ou bind 
this will be used by haraka to authenticate the apps
 2016-05-05 00:26:43 -07:00
Girish Ramakrishnan
ffedbdfa13 various minor fixes to eventlog 2016-05-02 10:01:23 -07:00
Girish Ramakrishnan
b322f6805f move authType into source 2016-05-01 21:53:44 -07:00
Girish Ramakrishnan
37bdd2672b make user.create take auditSource 2016-05-01 20:01:34 -07:00
Girish Ramakrishnan
7967610f3f add user login to event log 2016-04-30 23:18:14 -07:00
Girish Ramakrishnan
b1987868be Set sn attribute only if non-empty 
sn and givenName have as their superior the name attribute, which is of DirectoryString syntax,
that is, the syntax is 1.3.6.1.4.1.1466.115.121.1.15. Attributes which are of syntax
DirectoryString are not allowed to be null, that is, a DirectoryString is required to have
at least one character.

http://stackoverflow.com/questions/15027094/how-to-filter-null-or-empty-attributes-from-an-active-directory-query

This fixes a crash in paperwork which relies on this.
 2016-04-19 12:03:03 -07:00
Girish Ramakrishnan
72eb3007c4 tmp -> obj 2016-04-19 12:00:34 -07:00
Girish Ramakrishnan
38b85e6006 set givenName and sn in ldap response 2016-04-13 10:52:25 -07:00
Johannes Zellner
d7c8cf5e0e Ensure ldap filter values are treated lowercase only 2016-04-13 12:28:44 +02:00
Johannes Zellner
99850f1161 Support ldap DNs with userId, username and email 2016-04-05 16:32:12 +02:00
Johannes Zellner
b56bc08e9a Allow to use email and username for ldap bind 2016-03-24 21:03:04 +01:00
girish@cloudron.io
486ced0946 fix LDAP debug 2016-03-04 17:52:27 -08:00
girish@cloudron.io
d1c1fb8786 fix ldap debug ("ldap" already appears as part of debug) 2016-03-04 17:51:18 -08:00
Johannes Zellner
86ef9074b1 Add access restriction tests for ldap auth 2016-02-18 17:40:53 +01:00
Johannes Zellner
b41642552d The ldap property is part of req.connection 2016-02-18 16:40:30 +01:00
Johannes Zellner
b0d11ddcab Adhere to access control on ldap user bind 2016-02-18 16:04:53 +01:00
Johannes Zellner
34aab65db3 Use the first part of the dn to get the common name in ldap 
It is no must to have the first part named 'cn' but the first
part is always the id we want to verify
 2016-01-25 11:31:57 +01:00
girish@cloudron.io
bfc9801699 provide displayName in ldap response when available 2016-01-19 23:47:24 -08:00
Girish Ramakrishnan
f39842a001 ldap: allow non-anonymous searches 
Add LDAP_BIND_DN and LDAP_BIND_PASSWORD that allow
apps to bind before a search. There appear to be two kinds of
ldap flows:

1. App simply binds using cn=<username>,$LDAP_USERS_BASE_DN. This
   works swimmingly today.

2. App searches the username under a "bind_dn" using some admin
   credentials. It takes the result and uses the first dn in the
   result as the user dn. It then binds as step 1.

This commit tries to help out the case 2) apps. These apps really
insist on having some credentials for searching.
 2015-09-25 21:28:47 -07:00
Girish Ramakrishnan
f57aae9545 Fix typo in assert 2015-09-14 11:09:41 -07:00
Girish Ramakrishnan
0c9618f19a Add ldap.stop 2015-09-14 11:01:35 -07:00
Girish Ramakrishnan
b584fc33f5 CN of admin group is admins 2015-08-18 16:35:52 -07:00
Johannes Zellner
ba7989b57b Add ldap 'users' group 2015-08-12 17:38:31 +02:00
Johannes Zellner
2436db3b1f Add ldap memberof attribute 2015-08-12 15:31:44 +02:00
Johannes Zellner
d66b1eef59 Better support for active directory clients 2015-07-28 18:39:16 +02:00