Add setting ldap.usernameField

LukasKalbertodt · LukasKalbertodt · commit 612b2d181145 · 2017-12-09T12:30:48.000+01:00
This determines which ldap field is used as the username on
HackMD. By default, the "id" is used as username, too. The id
is taken from the fields `uidNumber`, `uid` or
`sAMAccountName`. To give the user more flexibility, they can
now choose the field used for the username instead.
diff --git a/README.md b/README.md
@@ -170,6 +170,7 @@ There are some configs you need to change in the files below
 | HMD_LDAP_SEARCHBASE | `o=users,dc=example,dc=com` | LDAP directory to begin search from |
 | HMD_LDAP_SEARCHFILTER | `(uid={{username}})` | LDAP filter to search with |
 | HMD_LDAP_SEARCHATTRIBUTES | no example | LDAP attributes to search with |
+| HMD_LDAP_USERNAMEFIELD | `uid` | The LDAP field which is used as the username on HackMD |
 | HMD_LDAP_TLS_CA | `server-cert.pem, root.pem` | Root CA for LDAP TLS in PEM format (use comma to separate) |
 | HMD_LDAP_PROVIDERNAME | `My institution` | Optional name to be displayed at login form indicating the LDAP provider |
 | HMD_SAML_IDPSSOURL | `https://idp.example.com/sso` | authentication endpoint of IdP. for details, see [guide](docs/guides/auth.md#saml-onelogin). |
diff --git a/config.json.example b/config.json.example
@@ -71,6 +71,7 @@
             "searchBase": "change this",
             "searchFilter": "change this",
             "searchAttributes": "change this",
+            "usernameField": "change this e.g. uid"
             "tlsOptions": {
                 "changeme": "See https://nodejs.org/api/tls.html#tls_tls_connect_options_callback"
             }
diff --git a/lib/config/default.js b/lib/config/default.js
@@ -96,6 +96,7 @@ module.exports = {
     searchBase: undefined,
     searchFilter: undefined,
     searchAttributes: undefined,
+    usernameField: undefined,
     tlsca: undefined
   },
   saml: {
diff --git a/lib/config/environment.js b/lib/config/environment.js
@@ -71,6 +71,7 @@ module.exports = {
     searchBase: process.env.HMD_LDAP_SEARCHBASE,
     searchFilter: process.env.HMD_LDAP_SEARCHFILTER,
     searchAttributes: process.env.HMD_LDAP_SEARCHATTRIBUTES,
+    usernameField: process.env.HMD_LDAP_USERNAMEFIELD,
     tlsca: process.env.HMD_LDAP_TLS_CA
   },
   saml: {
diff --git a/lib/web/auth/ldap/index.js b/lib/web/auth/ldap/index.js
@@ -24,9 +24,15 @@ passport.use(new LDAPStrategy({
   }
 }, function (user, done) {
   var uuid = user.uidNumber || user.uid || user.sAMAccountName
+  var username = uuid
+
+  if (config.ldap.usernameField && user[config.ldap.usernameField]) {
+    username = user[config.ldap.usernameField]
+  }
+
   var profile = {
     id: 'LDAP-' + uuid,
-    username: uuid,
+    username: username,
     displayName: user.displayName,
     emails: user.mail ? [user.mail] : [],
     avatarUrl: null,

Original file line number	Diff line number	Diff line change
`@@ -71,6 +71,7 @@`
`71`	`71`	`"searchBase": "change this",`
`72`	`72`	`"searchFilter": "change this",`
`73`	`73`	`"searchAttributes": "change this",`
	`74`	`+ "usernameField": "change this e.g. uid"`
`74`	`75`	`"tlsOptions": {`
`75`	`76`	`"changeme": "See https://nodejs.org/api/tls.html#tls_tls_connect_options_callback"`
`76`	`77`	`}`