Commit 6dbff966 authored by Michael Kozono's avatar Michael Kozono

Add LDAP config options

parent 8ab29d56
...@@ -254,10 +254,38 @@ production: &base ...@@ -254,10 +254,38 @@ production: &base
host: '_your_ldap_server' host: '_your_ldap_server'
port: 389 port: 389
uid: 'sAMAccountName' uid: 'sAMAccountName'
method: 'plain' # "tls" or "ssl" or "plain"
bind_dn: '_the_full_dn_of_the_user_you_will_bind_with' bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
password: '_the_password_of_the_bind_user' password: '_the_password_of_the_bind_user'
# Encryption method. The "method" key is deprecated in favor of
# "encryption".
#
# Examples: "start_tls" or "simple_tls" or "plain"
#
# Deprecated values: "tls" was replaced with "start_tls" and "ssl" was
# replaced with "simple_tls".
#
encryption: 'plain'
# Enables SSL certificate verification if encryption method is
# "start_tls" or "simple_tls". (Defaults to false for backward-
# compatibility)
verify_certificates: false
# Specifies the path to a file containing a PEM-format CA certificate,
# e.g. if you need to use an internal CA.
#
# Example: '/etc/ca.pem'
#
ca_cert: ''
# Specifies the SSL version for OpenSSL to use, if the OpenSSL default
# is not appropriate.
#
# Example: 'TLSv1_1'
#
ssl_version: ''
# Set a timeout, in seconds, for LDAP queries. This helps avoid blocking # Set a timeout, in seconds, for LDAP queries. This helps avoid blocking
# a request if the LDAP server becomes unresponsive. # a request if the LDAP server becomes unresponsive.
# A value of 0 means there is no timeout. # A value of 0 means there is no timeout.
......
...@@ -145,6 +145,11 @@ if Settings.ldap['enabled'] || Rails.env.test? ...@@ -145,6 +145,11 @@ if Settings.ldap['enabled'] || Rails.env.test?
server['attributes'] = {} if server['attributes'].nil? server['attributes'] = {} if server['attributes'].nil?
server['provider_name'] ||= "ldap#{key}".downcase server['provider_name'] ||= "ldap#{key}".downcase
server['provider_class'] = OmniAuth::Utils.camelize(server['provider_name']) server['provider_class'] = OmniAuth::Utils.camelize(server['provider_name'])
server['encryption'] ||= server['method'] # for backwards compatibility
# Certificates are not verified for backwards compatibility.
# This default should be flipped to true in 9.5.
server['verify_certificates'] = false if server['verify_certificates'].nil?
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment