Support searching for users to find their LDAP entry

Summary: - the current LDAP auth flow expects a DN to look like cn=ossareh,ou=Users,dc=example,dc=com - however many LDAP setups have their dn look something like cn=Mike Ossareh,ou=Users,dc=example,dc=com Test Plan: Test if logins work with a LDAP setup which has cn=Full Name instead of cn=username. To test you should ensure you set the properties needed to trigger the search before login as detailed in conf/default.conf.php Reviewers: epriestley CC: mbeck, aran, Korvin Differential Revision: https://secure.phabricator.com/D3072
2012-07-25 18:55:48 -07:00
parent 514ee3526c
commit 0a0607d2f7
2 changed files with 23 additions and 6 deletions
--- a/conf/default.conf.php
+++ b/conf/default.conf.php
@@ -642,6 +642,14 @@ return array(
  // The attribute to be regarded as 'username'. Has to be unique
  'ldap.search_attribute' => '',

+  // Perform a search to find a user
+  // Many LDAP installations do not have the username in the dn, if this is
+  // true for you set this to true and configure the username_attribute below
+  'ldap.search-first'         => false,
+
+  // The attribute to search for if you have to search for a user
+  'ldap.username_attribute' => '',
+
  // The attribute(s) to be regarded as 'real name'.
  // If more then one attribute is supplied the values of the attributes in
  // the array will be joined