feat: improve the LDAP implementation (#615)

* feat(logging): add PV_LOG_LEVEL environment variable to set backend log level * feat(ldap): Adding a more verbose logging output to debug LDAP issues * fix(ldap): fixed user logins with special characters within the users dn by switching to ldapts * feat(ldap): made the member of and email attribute names configurable * fix(ldap): properly handle email like usernames and fixing #601 * Revert "fix: disable email login if ldap is enabled" This reverts commit d9cfe697d6. * feat(ldap): disable the ability for a user to change his email when it's a LDAP user * feat(ldap): relaxed username pattern by allowing the @ character in usernames
2026-04-09 09:37:01 +02:00 · 2024-09-27 16:02:49 +02:00
parent adc4af996d
commit 3310fe53b3
13 changed files with 271 additions and 213 deletions
--- a/frontend/src/components/auth/SignInForm.tsx
+++ b/frontend/src/components/auth/SignInForm.tsx
@@ -80,9 +80,7 @@ const SignInForm = ({ redirectPath }: { redirectPath: string }) => {
    useState(false);

  const validationSchema = yup.object().shape({
-    emailOrUsername: config.get("ldap.enabled")
-      ? yup.string().matches(/^[^@]+$/, t("signIn.error.invalid-username"))
-      : yup.string().required(t("common.error.field-required")),
+    emailOrUsername: yup.string().required(t("common.error.field-required")),
    password: yup
      .string()
      .min(8, t("common.error.too-short", { length: 8 }))
@@ -174,16 +172,8 @@ const SignInForm = ({ redirectPath }: { redirectPath: string }) => {
            })}
          >
            <TextInput
-              label={
-                config.get("ldap.enabled")
-                  ? t("signup.input.username")
-                  : t("signin.input.email-or-username")
-              }
-              placeholder={
-                config.get("ldap.enabled")
-                  ? t("signup.input.username.placeholder")
-                  : t("signin.input.email-or-username.placeholder")
-              }
+              label={t("signin.input.email-or-username")}
+              placeholder={t("signin.input.email-or-username.placeholder")}
              {...form.getInputProps("emailOrUsername")}
            />
            <PasswordInput
--- a/frontend/src/i18n/translations/en-US.ts
+++ b/frontend/src/i18n/translations/en-US.ts
@@ -50,7 +50,6 @@ export default {
  "signIn.oauth.microsoft": "Microsoft",
  "signIn.oauth.discord": "Discord",
  "signIn.oauth.oidc": "OpenID",
-  "signIn.error.invalid-username": "Invalid username",

  // END /auth/signin

@@ -586,6 +585,10 @@ export default {
  "admin.config.ldap.search-query.description": "The user query will be used to search the 'User base' for the LDAP user. %username% can be used as the placeholder for the user given input.",
  "admin.config.ldap.admin-groups": "Admin group",
  "admin.config.ldap.admin-groups.description": "Group required for administrative access.",
+  "admin.config.ldap.field-name-member-of": "User groups attribute name",
+  "admin.config.ldap.field-name-member-of.description": "LDAP attribute name for the groups, an user is a member of. This is used when checking for the admin group.",
+  "admin.config.ldap.field-name-email": "User email attribute name",
+  "admin.config.ldap.field-name-email.description": "LDAP attribute name for the email of an user.",

  // 404
  "404.description": "Oops this page doesn't exist.",
--- a/frontend/src/pages/account/index.tsx
+++ b/frontend/src/pages/account/index.tsx
@@ -1,4 +1,5 @@
 import {
+  Badge,
  Button,
  Center,
  Container,
@@ -142,6 +143,9 @@ const Account = () => {
        <Paper withBorder p="xl">
          <Title order={5} mb="xs">
            <FormattedMessage id="account.card.info.title" />
+            {user?.isLdap ? (
+              <Badge style={{ marginLeft: "1em" }}>LDAP</Badge>
+            ) : null}
          </Title>
          <form
            onSubmit={accountForm.onSubmit((values) =>
@@ -162,13 +166,16 @@ const Account = () => {
              />
              <TextInput
                label={t("account.card.info.email")}
+                disabled={user?.isLdap}
                {...accountForm.getInputProps("email")}
              />
-              <Group position="right">
-                <Button type="submit">
-                  <FormattedMessage id="common.button.save" />
-                </Button>
-              </Group>
+              {!user?.isLdap && (
+                <Group position="right">
+                  <Button type="submit">
+                    <FormattedMessage id="common.button.save" />
+                  </Button>
+                </Group>
+              )}
            </Stack>
          </form>
        </Paper>