mirror of
https://github.com/octoleo/syncthing.git
synced 2024-11-05 21:07:58 +00:00
48f9d323fa
This adds the functionality to run a user search with a filter for LDAP
authentication. The search is done after successful bind, as the binding
user. The typical use case is to limit authentication to users who are
member of a group or under a certain OU. For example, to only match
users in the "Syncthing" group in otherwise default Active Directory
set up for example.com:
<searchBaseDN>CN=Users,DC=example,DC=com</searchBaseDN>
<searchFilter>(&(sAMAccountName=%s)(memberOf=CN=Syncthing,CN=Users,DC=example,DC=com))</searchFilter>
The search filter is an "and" of two criteria (with the ampersand being
XML quoted),
- "(sAMAccountName=%s)" matches the user logging in
- "(memberOf=CN=Syncthing,CN=Users,DC=example,DC=com)" matches members
of the group in question.
Authentication will only proceed if the search filter matches precisely
one user.
|
||
|---|---|---|
| .. | ||
| testdata | ||
| .gitignore | ||
| api_auth_test.go | ||
| api_auth.go | ||
| api_csrf.go | ||
| api_statics.go | ||
| api_test.go | ||
| api.go | ||
| debug.go | ||
| mocked_config_test.go | ||
| mocked_connections_test.go | ||
| mocked_discovery_test.go | ||
| mocked_events_test.go | ||
| mocked_logger_test.go | ||
| mocked_model_test.go | ||
| support_bundle.go | ||