-
Notifications
You must be signed in to change notification settings - Fork 660
Provide LDAP authentication #28
Comments
Hi, just wanted to register interest in this enhancement. I'd like to deploy this for our hackerspace members and would be happy to help with testing. |
@irl sounds great! We'll get back, as soon as someone started implementing this. :-) |
👍 |
Anybody tried this package? https://github.com/dsdevbe/ldap-connector |
i try it
and i put
but where make this part of change https://github.com/dsdevbe/ldap-connector#usage ? I can bypass "sign up" with ldap connector ? |
What do you mean by "bypass sign up"? Your ldap server must provide logins and passwords as I understand and no sign up must be present(you hide it by removing). |
i want all users in LDAP can directly login (sign in) without sign up (if possible) |
Just go into the code and remove the signup button. We will provide better support for this in future. In particular, you want to remove lines 31-35 of this file to remove the button: https://github.com/twostairs/paperwork/blob/master/frontend/app/views/user/login.blade.php |
Ok, thx :) |
It should work out of the box by overriding the default auth, you just need to configure it as in their readme. Anyway this is not top priority right now. |
Ok, i understand. if someone has some free time to help me :) I install it (maybe not correctly) and it doesn't work oob. Users must sign up even i configure ldap connector ? how i can see (and enable) logs when i login ? Thx |
Signup can be disabled through configuration. In //Edit: @Renofr, right now we don't provide LDAP authentication. That is why this issue is for. And of course, users won't need to sign up as soon as a proper LDAP implementation was built. |
I'm currently working on this. I gave ldap-connector a shot but it was having some problems that I could not figure out. I am now creating a userprovider that extends the eloquent user provider and does authentication checks using adldap. This makes it so that we can still use the same model that we have, but still be able to use ldap for authentication. I've got it most of the way done, but there's a few bits and pieces to finish up. I still need to implement automatic registration with ldap, so that if a user successfully authenticates against ldap, but is a new user, it will create a new user and do the registration process. After that, It should be more or less functional. I propose that while ldap authentication is enabled, registration is automatically disabled, as I don't believe it would be reasonable to allow the paperwork application to create new users in the ldap directory. Although, this would be technically possible if paperwork was supplied with a domain administrator account. Input on this subject would be appreciated. As a side note, currently we are using the user's email as the username, but this causes problems due to users in ldap not being emails. For now, I've simply removed the restriction that the username has to be an email on login, but will leave it in place for registration. This makes it so that the normal registration process will enforce the email, but we will be able to manually create users in code with whatever username we need. If there's a better way to handle this, I'd be happy to convert it. My most recent changes are here: https://github.com/narcolepticsnowman/paperwork/tree/implement_ldap_auth |
#297 needs testing |
Paperwork needs to be configurable to allow admins to integrate it with their existing LDAP/AD infrastructure. Therefor, the user authentication back-end needs to be adapted to use some sort of Laravel-Ldap extension.
The text was updated successfully, but these errors were encountered: