Skip to content

Improve LDAP User Authentication Support

Ira Snyder requested to merge isnyder/lstu:improve-ldap-support-dev into development

LDAP servers often have their users grouped into nested hierarchies, usually consisting of Organizational Units (OU). This commit extends the LDAP support so that it can locate the correct user in a server with a nested hierarchy.

Different LDAP server schemas often use a different attribute for the username. For example, Microsoft Active Directory commonly uses the "sAMAccountName" as a username, while many other LDAP servers commonly use the "uid" attribute as a username. This commit extends the LDAP support so that the user can choose which attribute to use in the configuration file, using the "user_attr" configuration setting.

With both of these changes in place, it now makes sense to merge the configuration settings "bind_user" and "bind_dn" together into the single configuration setting "bind_dn". The configuration settings now match my expectations as an experienced LDAP administrator.

The configuration template has been updated to match these changes. In addition, the LDAP section in the configuration template has improved comments to explain the meaning of each setting.

Merge request reports