AS1024
/
Kanboard-Prod
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add new config option to disable automatic creation of LDAP accounts

This commit is contained in:
Frederic Guillot 2015-07-18 10:17:18 -04:00
parent 5369c74ec0
commit de109aaeaf
5 changed files with 25 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/Auth/Ldap.php
View File

@ -46,7 +46,7 @@ class Ldap extends Base
else {
// We create automatically a new user
if ($this->createUser($username, $result['name'], $result['email'])) {
if (LDAP_ACCOUNT_CREATION && $this->createUser($username, $result['name'], $result['email'])) {
$user = $this->user->getByUsername($username);
}
else {

1
app/constants.php
View File

@ -35,6 +35,7 @@ defined('LDAP_ACCOUNT_FULLNAME') or define('LDAP_ACCOUNT_FULLNAME', 'displayname
defined('LDAP_ACCOUNT_EMAIL') or define('LDAP_ACCOUNT_EMAIL', 'mail');
defined('LDAP_ACCOUNT_ID') or define('LDAP_ACCOUNT_ID', '');
defined('LDAP_USERNAME_CASE_SENSITIVE') or define('LDAP_USERNAME_CASE_SENSITIVE', false);
defined('LDAP_ACCOUNT_CREATION') or define('LDAP_ACCOUNT_CREATION', true);
// Google authentication
defined('GOOGLE_AUTH') or define('GOOGLE_AUTH', false);

3
config.default.php
View File

@ -109,6 +109,9 @@ define('LDAP_ACCOUNT_ID', 'samaccountname');
// Set to true if you want to preserve the case
define('LDAP_USERNAME_CASE_SENSITIVE', false);
// Automatically create user account
define('LDAP_ACCOUNT_CREATION', true);
// Enable/disable Google authentication
define('GOOGLE_AUTH', false);

3
docs/config.markdown
View File

@ -135,6 +135,9 @@ define('LDAP_ACCOUNT_ID', 'samaccountname');
// By default Kanboard lowercase the ldap username to avoid duplicate users (the database is case sensitive)
// Set to true if you want to preserve the case
define('LDAP_USERNAME_CASE_SENSITIVE', false);
// Automatically create user account
define('LDAP_ACCOUNT_CREATION', true);
```
Google Authentication settings

18
docs/ldap-authentication.markdown
View File

@ -17,7 +17,7 @@ When the LDAP authentication is activated, the login process work like that:
1. Try first to authenticate the user by using the database
2. If the user is not found inside the database, a LDAP authentication is performed
3. If the LDAP authentication is successful, a local user is created automatically with no password and marked as LDAP user.
3. If the LDAP authentication is successful, by default a local user is created automatically with no password and marked as LDAP user.
### Differences between a local user and a LDAP user are the following:
@ -85,6 +85,22 @@ define('LDAP_ACCOUNT_ID', 'samaccountname');
// By default Kanboard lowercase the ldap username to avoid duplicate users (the database is case sensitive)
// Set to true if you want to preserve the case
define('LDAP_USERNAME_CASE_SENSITIVE', false);
// Automatically create user account
define('LDAP_ACCOUNT_CREATION', true);
```
### Disable automatic account creation
By default, Kanboard will create automatically a user account if nothing is found.
You can disable this behavior if you prefer to create user accounts manually to restrict Kanboard to only some people.
Just change the value of `LDAP_ACCOUNT_CREATION` to `false`:
```php
// Automatically create user account
define('LDAP_ACCOUNT_CREATION', false);
```
### LDAP bind type