Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for LDAP authentication + Aliases #1475

Merged
merged 31 commits into from
Mar 12, 2024
Merged

Add support for LDAP authentication + Aliases #1475

merged 31 commits into from
Mar 12, 2024

Conversation

dangtony98
Copy link
Collaborator

@dangtony98 dangtony98 commented Feb 27, 2024
edited
Loading

Description 📣

This PR adds support for the LDAP authentication method.

With this update, an admin can configure an organization in Infisical to connect to an LDAP server (e.g. Active Directory, JumpCloud LDAP, etc.). After doing so, users that log in via the LDAP method are created to exist within the corresponding organization in Infisical only and hence can only access that organization.

This includes:

  • Endpoints to create/update LDAP configuration for an organization.
  • LDAP authentication logic.
  • New aliases concept.
  • Permission + license logic for LDAP.
  • Database migrations and UX updates to support and prioritize username field for users hereon instead of email.
  • Documentation for how to set up the LDAP authentication method.

Type ✨

  • Bug fix
  • New feature
  • Breaking change
  • Documentation

@dangtony98
Finish frame for LDAP auth
5053069
@dangtony98
Add docs for LDAP
639c783
@dangtony98
Fix merge conflicts
97a7b66
@dangtony98
Add username field to users
bfee74f
@dangtony98
Update various SSO / SAML auth methods to support username
8c31566
@dangtony98
Adjust SCIM and SAML impl to use username / nameID, patch LDAP edge-c…
a33c50b 
…ases
@dangtony98
Merge remote-tracking branch 'origin' into ldap
1c088b3
@dangtony98
Add orgId to reuse login1/login2 logic for LDAP 2nd step login
9ba4b93
@dangtony98
Minor LDAP patches, docs for JumpCloud LDAP
9106822
@dangtony98
Finish preliminary LDAP
a28431b
@dangtony98
Fix merge conflicts
768cc64
@dangtony98
Fix type/lint issues
2d9526a
@dangtony98
Fix type/lint issues
5ca1b1d
@dangtony98
Update seed username
04d729d
@dangtony98
Fix frontend lint issues
a04a9a1
@dangtony98
Update LDAP permissioning, styling of org auth section
3641875
@dangtony98
Fix merge conflicts
f29dd6e
@dangtony98
Update migration file to latest, remove git markers
327c5e2
@dangtony98
Add user aliases concept and weave LDAP into it
76bd85e
@dangtony98
Fix frontend type issues
4d707ee
@dangtony98
Check again email traces
2eca9d8
@dangtony98
Correct frontend email to username in AppLayout
7d495cf
@dangtony98
Fix lint issue
35a5c9a
@dangtony98
Fix merge conflicts
440a58a
@dangtony98 dangtony98 changed the title Add support for LDAP authentication Add support for LDAP authentication + Aliases Mar 6, 2024
akhilmhdh
akhilmhdh requested changes Mar 7, 2024
View reviewed changes
backend/src/db/migrations/20240305165532_ldap-config.ts Outdated Show resolved Hide resolved
backend/src/db/seed-data.ts Show resolved Hide resolved
backend/src/ee/services/ldap-config/ldap-config-service.ts
const doc = await orgBotDAL.findOne({ orgId }, tx);
if (doc) return doc;

const { privateKey, publicKey } = generateAsymmetricKeyPair();
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we move the encryption to outside the transaction. Because the more time a transaction takes the more table lock in time.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was thinking this at first but I think the encryption logic is actually not expensive; I've taken this from somewhere else in the codebase where this pattern was implemented.

backend/src/ee/services/ldap-config/ldap-config-service.ts Outdated Show resolved Hide resolved
backend/src/ee/services/ldap-config/ldap-config-service.ts Show resolved Hide resolved
frontend/src/views/Settings/OrgSettingsPage/components/OrgAuthTab/LDAPModal.tsx Show resolved Hide resolved
frontend/src/views/Settings/OrgSettingsPage/components/OrgAuthTab/LDAPModal.tsx Outdated Show resolved Hide resolved
docker-compose.dev.yml Show resolved Hide resolved
@dangtony98 dangtony98 merged commit 041535b into main Mar 12, 2024
14 of 15 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@akhilmhdh akhilmhdh akhilmhdh requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@dangtony98 @akhilmhdh