Merge pull request #1440 from hajkmap/feature/1439-nodebackend-consum…

…e-user-groups-headers Feature/1439 nodebackend consume user groups headers
hajkmap · Dec 5, 2023 · c3f01a9 · c3f01a9
2 parents 99df50c + f0398f1
commit c3f01a9
Show file tree

Hide file tree

Showing 5 changed files with 986 additions and 787 deletions.
diff --git a/new-backend/.env b/new-backend/.env
@@ -145,13 +145,20 @@ FB_SERVICE_PASS=
 
 # *** ACTIVEDIRECTORY SETTINGS ***
 AD_LOOKUP_ACTIVE=false
+# AD_USE_GROUPS_FROM_HEADER will turn on passive AD lookup where both user and groups
+# comes from headers.
+# If a proxy is used to produce the headers AD_TRUSTED_PROXY_IPS could be set to ::1.
+AD_USE_GROUPS_FROM_HEADER=false
 # Comma-separated list of allowed IPs that we trust. Set to your proxy/ies IP.
 # Avoid whitespaces. If not set, but AD lookup is active, a warning will be displayed
 # as it is very dangerous to trust X-Control-Header from any remote IP.
 AD_TRUSTED_PROXY_IPS=10.0.1.1,10.0.1.2
 # Name of the HTTP header that will contain the trusted user name
 AD_TRUSTED_HEADER=X-Control-Header
 # Necessary settings to make lookups in AD possible
+# Name of the HTTP header that will contain the trusted groups, only used when
+# AD_USE_HEADER_GROUP_METHOD is true.
+AD_TRUSTED_GROUP_HEADER=X-Control-Group-Header
 AD_URL=ldap://some.domain.com # Also, check out the AD_TLS_* settings below for ldaps://
 AD_BASE_DN=DC=test,DC=example,DC=com
 AD_USERNAME=user