davis icon indicating copy to clipboard operation
davis copied to clipboard
verified publisher icon tchapi

Specifying admin user via LDAP

Open psefranek opened this issue 2 years ago • 2 comments

Hi,

I would like to ask if it would be possible to leverage existing LDAP authentication for specifying admin user. The current situation is that you can have all your user accounts (admin included) stored in LDAP, but you have to specify admin username and password by utilizing environment variables like ADMIN_LOGIN and ADMIN_PASSWORD. It would be very handy to leverage existing user database for that purpose.

To give you an example: in another application we are using there is a configuration option called Admin Filter that accepts values like (&(objectClass=posixAccount)(uid=%s)(memberOf=cn=calendar,ou=groups,dc=example,dc=com)). Any LDAP account that matches this filter is then considered to be an administrator account - simple and effective.

Thank you for your great application and have a nice day Pavel

psefranek avatar Aug 16 '23 10:08 psefranek

Hi Pavel,

Very clear, thanks for the issue!

It would be possible, yes, but it would need a bit of a rewrite for the admin auth part. I'd gladly add the feature but I have no LDAP server to test this easily (and no extended expertise), so it's hard for me to have a clear path for this feature for now.

tchapi avatar Aug 28 '23 08:08 tchapi

Maybe the davical ldap driver helps to implement such a feature

https://gitlab.com/davical-project/davical/-/blob/master/inc/drivers_ldap.php

It supports user and group filters and synchronization. This could help to import (sync) groups from ldap.

z3ky avatar Nov 27 '23 17:11 z3ky

Closing in favor of the Github project created for the roadmap: https://github.com/users/tchapi/projects/1/views/1

tchapi avatar Feb 26 '24 21:02 tchapi