Merge pull request #367 from simioa/add_user-attr-template

Add LDAP user attr template
lmenezes · May 20, 2019 · 6a3e60e · 6a3e60e
2 parents f73e745 + fe6ae60
commit 6a3e60e
Show file tree

Hide file tree

Showing 4 changed files with 9 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -66,6 +66,9 @@ LDAP_BIND_PWD=adminpass
 # Attribute that represent the user, for example uid or mail
 # LDAP_USER_ATTR=mail
 
+# If left unset LDAP_USER_TEMPLATE will be used
+# LDAP_USER_ATTR_TEMPLATE=%s
+
 # Filter that tests membership of the group. If this property is empty then there is no group membership check
 # AD example => memberOf=CN=mygroup,ou=ouofthegroup,DC=domain,DC=com
 # OpenLDAP example => CN=mygroup

diff --git a/app/controllers/auth/ldap/LDAPAuthConfig.scala b/app/controllers/auth/ldap/LDAPAuthConfig.scala
@@ -21,10 +21,11 @@ class LDAPAuthConfig(config: Configuration) extends AuthConfig {
       LDAPGroupSearchConfig(
         groupAuthConfig.getOptional[String]("base-dn").getOrElse(baseDN),
         getSetting("user-attr")(groupAuthConfig),
+        groupAuthConfig.getOptional[String]("user-attr-template").getOrElse(userTemplate),
         group
       )
     }
   }
 }
 
-case class LDAPGroupSearchConfig(baseDN: String, userAttr: String, group: String)
+case class LDAPGroupSearchConfig(baseDN: String, userAttr: String, userAttrTemplate:String, group: String)
diff --git a/app/controllers/auth/ldap/LDAPAuthService.scala b/app/controllers/auth/ldap/LDAPAuthService.scala
@@ -40,7 +40,7 @@ class LDAPAuthService @Inject()(globalConfig: Configuration) extends AuthService
     props.put(Context.SECURITY_PRINCIPAL, config.bindDN)
     props.put(Context.SECURITY_CREDENTIALS, config.bindPwd)
     props.put(Context.REFERRAL, "follow")
-    val user     = config.userTemplate.format(username, config.baseDN)
+    val user     = groupConfig.userAttrTemplate.format(username, config.baseDN)
     val controls = new SearchControls()
     controls.setSearchScope(SearchControls.SUBTREE_SCOPE)
     try {

diff --git a/conf/application.conf b/conf/application.conf
@@ -46,6 +46,9 @@ auth = {
       base-dn = ${?LDAP_GROUP_BASE_DN}
       // Attribute that represent the user, for example uid or mail
       user-attr = ${?LDAP_USER_ATTR}
+      // Define a separate template for user-attr
+      // If left unset parent's user-template will be used
+      user-attr-template = ${?LDAP_USER_ATTR_TEMPLATE}
       // Filter that tests membership of the group. If this property is empty then there is no group membership check
       // AD example => memberOf=CN=mygroup,ou=ouofthegroup,DC=domain,DC=com
       // OpenLDAP example => CN=mygroup