Skip to content

Automatic creation of users with ldap authentication#227

Merged
whikernel merged 14 commits intodfir-iris:developfrom
c8y3:ldap_provisioning
Apr 27, 2023
Merged

Automatic creation of users with ldap authentication#227
whikernel merged 14 commits intodfir-iris:developfrom
c8y3:ldap_provisioning

Conversation

@c8y3
Copy link
Copy Markdown
Contributor

@c8y3 c8y3 commented Apr 25, 2023

In relation to #203, this pull-request adds the creation of users present in ldap at their first login.
The behaviour is activated by setting variable IRIS_AUTHENTICATION_CREATE_USER_IF_NOT_EXIST to True.
The following variables were added:

  • LDAP_SEARCH_DN is the base distinguished name to perform the user search (like ou=users,dc=example,dc=org)
  • LDAP_ATTRIBUTE_IDENTIFIER is the name of the attribute used to build the search filter which will uniquely identify the user (like cn or sAMAccountName)
  • LDAP_ATTRIBUTE_DISPLAY_NAME is the name of the attribute to retrieve the user display name (the user login will be used if this variable is not set)
  • LDAP_ATTRIBUTE_MAIL is the name of the attribute to retrieve the user email (the fake email user_login@ldap will be used if this variable is not set)

A fake local password is chosen randomly (same way as the administrator password is set). Ideally, it would be better if the database accepted the creation of users without any local password. This could be a further improvement of the code.
Note that the email unicity requirement may prove to be a problem at some point (if two users happen to have the same email in ldap, this may be possible in theory)
Note that in case of NTLM, the domain name is stripped to get the value of the sAMAccountName.

whikernel and others added 13 commits April 18, 2023 14:35
@whikernel
[MRG] Merge pull request dfir-iris#215 from dfir-iris/develop
d1ba0e0 
v2.0.2 - Patches
@whikernel
Bump version: 2.0.1 → 2.0.2
adf5490
@c8y3
[add] LDAP_AUTHENTICATION_TYPE variable in .env.model which is needed…
c3fd0c7 
… when configuring an ldap authentication
@whikernel
[MRG] Merge pull request dfir-iris#217 from c8y3/env_ldap_authenticat…
6f1c198 
…ion_type

Variable LDAP_AUTHENTICATION_TYPE in .env.model
@c8y3
[dfir-iris#203][add] just-in time provisioning of users in case of ld…
cc4bbfe 
…ap authentication. Added configuration variable LDAP_USER_PROVISIONING
@c8y3
[fix] Put a email which depends on the username (otherwise there is n…
690537a 
…ot unicity of the email which does not work)
@c8y3
[dfir-iris#203][IMP] Generate a random password when creating a new u…
e5e02b3 
…ser rather than a fixed one
@c8y3
[dfir-iris#203][ADD] options LDAP_USER_ATTRIBUTE_DISPLAY_NAME and LDA…
2ac0692 
…P_USER_ATTRIBUTE_MAIL to retrieve user name and email from ldap
@c8y3
[dfir-iris#203][CLEAN] Removed variable LDAP_USER_PROVISIONING, use I…
bd8dc75 
…RIS_AUTHENTICATION_CREATE_USER_IF_NOT_EXIST which already existed
@c8y3
[dfir-iris#203][ADD] Variables LDAP_SEARCH_DN and LDAP_ATTRIBUTE_IDEN…
8b50176 
…TIFIER to search for users information in the ldap
@c8y3
[dfir-iris#203][DOC] Small comment to document variable IRIS_AUTHENTI…
109c288 
…CATION_CREATE_USER_IF_NOT_EXIST
@c8y3
[dfir-iris#203][FIX] In case of ntlm, strip the domain name to get th…
1b860df 
…e sAMAccountName
@c8y3
[CLEAN] Removed spurious unused variable
5c6dce7
@whikernel whikernel self-requested a review April 25, 2023 14:32
@whikernel whikernel self-assigned this Apr 26, 2023
@whikernel whikernel added the enhancement New feature or request label Apr 26, 2023
@whikernel whikernel added this to the v2.1.0 milestone Apr 26, 2023
@whikernel whikernel changed the base branch from master to develop April 27, 2023 09:21
@whikernel whikernel merged commit c96c572 into dfir-iris:develop Apr 27, 2023
@c8y3 c8y3 deleted the ldap_provisioning branch May 17, 2023 06:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@whikernel whikernel whikernel approved these changes

Assignees

@whikernel whikernel

Labels

enhancement New feature or request

Projects

DFIR-IRIS Project
Status: Done

Milestone

v2.1.0

Development

Successfully merging this pull request may close these issues.

2 participants

@c8y3 @whikernel