Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

connectors: LDAP #119

Closed
rektide opened this issue Sep 11, 2015 · 6 comments
Closed

connectors: LDAP #119

rektide opened this issue Sep 11, 2015 · 6 comments
Labels
area/connector kind/enhancement priority/P1

Comments

@rektide
Copy link

rektide commented Sep 11, 2015

Being able to proxy requests to a LDAP is useful.
I would love an even semi-working implementation.

This feature was mentioned in the announcement.
@sym3tri
Copy link

sym3tri commented Sep 14, 2015

Yes! This is something we're very interested in doing, but no work has begun on this feature yet. If you can add more details about what sort of integration features you'd like that would be helpful for whoever picks this up.

@philhug
Copy link

philhug commented Sep 15, 2015

here's a list of configuration options needed for a read-only connector, without group support:

  • connection string or server/port/ssl (ldaps://ldapserver:389)
  • basedn
  • searchdn / searchpass (DN used to search user)
  • searchbase (where to search for users)
  • searchfilter, e.g. (&(objectClass=person)(mail=?))

for password change we might need:

  • passwordhashmethod (SHA)

if registration should be supported, it gets more complicated because the whole LDAP object needs to be created, which includes construction of the DN and all attributes.

@philips
Copy link

philips commented Nov 8, 2015

The first step here would be for someone to provide an example configuration of openldap with some users and groups. That would give someone less familiar with ldap a starting point.

@fnordahl
Copy link
Contributor

I have a LDAP Connector in the works. It is not quite ready yet, but I would really like initial feedback/reviews nontheless.

Please have a look at #178

@philips philips changed the title LDAP Connector connectors: LDAP Nov 13, 2015
@philips
Copy link

philips commented Nov 13, 2015

@fnordahl Nice! I would love to have an example kubernetes setup with openldap that we could test against too.

@fnordahl
Copy link
Contributor

@philips I have linked to a openldap Docker image that may be usefull and wrote some notes in a comment on the PR. Let me know if there is anything else I can provide/help with.

@fnordahl fnordahl mentioned this issue Feb 5, 2016
Merged
fnordahl added a commit to fnordahl/dex that referenced this issue Feb 11, 2016
@fnordahl
connector: add LDAP connector
4d970d5 
Authentication is performed by binding to the configured LDAP server using
the user supplied credentials. Successfull bind equals authenticated user.

Optionally the connector can be configured to search before authentication.
The entryDN found will be used to bind to the LDAP server.

This feature must be enabled to get supplementary information from the
directory (ID, Name, Email). This feature can also be used to limit access
to the service.

Example use case: Allow your users to log in with e-mail address instead of
the identification string in your DNs (typically username).

To make re-use of HTTP form handling code from the Local connector possible:
- Implemented IdentityProvider interface
- Moved the re-used functions to login_local.go

Fixes dexidp#119
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/connector kind/enhancement priority/P1
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@philips @rektide @sym3tri @philhug @bcwaldon @fnordahl