mirror of
https://github.com/firefly-iii/firefly-iii.git
synced 2024-12-25 08:21:08 -06:00
Update configuration. Not sure about the environment variable.
This commit is contained in:
parent
39ad131b55
commit
6a928a3321
@ -8,6 +8,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
|
||||
- static cron token is new?
|
||||
- update ldap
|
||||
- new credit stuff
|
||||
- need to force users to switch config or ignore it.
|
||||
|
||||
|
||||
## 5.5.12 - 2021-06-03
|
||||
|
@ -62,6 +62,10 @@ return [
|
||||
'driver' => 'session',
|
||||
'provider' => 'users',
|
||||
],
|
||||
'ldap' => [
|
||||
'driver' => 'session',
|
||||
'provider' => 'ldap',
|
||||
],
|
||||
'remote_user_guard' => [
|
||||
'driver' => 'remote_user_guard',
|
||||
'provider' => 'remote_user_provider',
|
||||
@ -91,13 +95,27 @@ return [
|
||||
|
||||
'providers' => [
|
||||
'users' => [
|
||||
'driver' => envNonEmpty('LOGIN_PROVIDER', 'eloquent'),
|
||||
'driver' => 'eloquent',
|
||||
'model' => FireflyIII\User::class,
|
||||
],
|
||||
'remote_user_provider' => [
|
||||
'driver' => 'remote_user_provider',
|
||||
'model' => FireflyIII\User::class,
|
||||
],
|
||||
|
||||
'ldap' => [
|
||||
'driver' => 'ldap',
|
||||
//'model' => LdapRecord\Models\ActiveDirectory\User::class,
|
||||
'model' => LdapRecord\Models\OpenLDAP\User::class,
|
||||
'rules' => [],
|
||||
'database' => [
|
||||
'model' => FireflyIII\User::class,
|
||||
'sync_passwords' => false,
|
||||
'sync_attributes' => [
|
||||
'email' => 'mail',
|
||||
],
|
||||
],
|
||||
],
|
||||
],
|
||||
|
||||
/*
|
||||
|
333
config/ldap.php
333
config/ldap.php
@ -1,294 +1,73 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* ldap.php
|
||||
* Copyright (c) 2019 james@firefly-iii.org.
|
||||
*
|
||||
* This file is part of Firefly III (https://github.com/firefly-iii).
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as
|
||||
* published by the Free Software Foundation, either version 3 of the
|
||||
* License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
use Adldap\Schemas\ActiveDirectory;
|
||||
use Adldap\Schemas\FreeIPA;
|
||||
use Adldap\Schemas\OpenLDAP;
|
||||
|
||||
/*
|
||||
* Get schema from .env file.
|
||||
*/
|
||||
$schema = OpenLDAP::class;
|
||||
|
||||
if ('FreeIPA' === envNonEmpty('ADLDAP_CONNECTION_SCHEME', 'OpenLDAP')) {
|
||||
$schema = FreeIPA::class;
|
||||
}
|
||||
if ('ActiveDirectory' === envNonEmpty('ADLDAP_CONNECTION_SCHEME', 'OpenLDAP')) {
|
||||
$schema = ActiveDirectory::class;
|
||||
}
|
||||
|
||||
/*
|
||||
* Get SSL parameters from .env file.
|
||||
*/
|
||||
$ssl_ca_dir = envNonEmpty('ADLDAP_SSL_CACERTDIR', null);
|
||||
$ssl_ca_file = envNonEmpty('ADLDAP_SSL_CACERTFILE', null);
|
||||
$ssl_cert = envNonEmpty('ADLDAP_SSL_CERTFILE', null);
|
||||
$ssl_key = envNonEmpty('ADLDAP_SSL_KEYFILE', null);
|
||||
$ssl_ciphers = envNonEmpty('ADLDAP_SSL_CIPHER_SUITE', null);
|
||||
$ssl_require = envNonEmpty('ADLDAP_SSL_REQUIRE_CERT', null);
|
||||
|
||||
$sslOptions = [];
|
||||
if (null !== $ssl_ca_dir) {
|
||||
$sslOptions[LDAP_OPT_X_TLS_CACERTDIR] = $ssl_ca_dir;
|
||||
}
|
||||
if (null !== $ssl_ca_file) {
|
||||
$sslOptions[LDAP_OPT_X_TLS_CACERTFILE] = $ssl_ca_file;
|
||||
}
|
||||
if (null !== $ssl_cert) {
|
||||
$sslOptions[LDAP_OPT_X_TLS_CERTFILE] = $ssl_cert;
|
||||
}
|
||||
if (null !== $ssl_key) {
|
||||
$sslOptions[LDAP_OPT_X_TLS_KEYFILE] = $ssl_key;
|
||||
}
|
||||
if (null !== $ssl_ciphers) {
|
||||
$sslOptions[LDAP_OPT_X_TLS_CIPHER_SUITE] = $ssl_ciphers;
|
||||
}
|
||||
if (null !== $ssl_require) {
|
||||
$sslOptions[LDAP_OPT_X_TLS_REQUIRE_CERT] = $ssl_require;
|
||||
}
|
||||
|
||||
return [
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| Connections
|
||||
| Default LDAP Connection Name
|
||||
|--------------------------------------------------------------------------
|
||||
|
|
||||
| This array stores the connections that are added to Adldap. You can add
|
||||
| as many connections as you like.
|
||||
|
|
||||
| The key is the name of the connection you wish to use and the value is
|
||||
| an array of configuration settings.
|
||||
| Here you may specify which of the LDAP connections below you wish
|
||||
| to use as your default connection for all LDAP operations. Of
|
||||
| course you may add as many connections you'd like below.
|
||||
|
|
||||
*/
|
||||
|
||||
'default' => env('LDAP_CONNECTION', 'default'),
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| LDAP Connections
|
||||
|--------------------------------------------------------------------------
|
||||
|
|
||||
| Below you may configure each LDAP connection your application requires
|
||||
| access to. Be sure to include a valid base DN - otherwise you may
|
||||
| not receive any results when performing LDAP search operations.
|
||||
|
|
||||
*/
|
||||
|
||||
'connections' => [
|
||||
|
||||
'default' => [
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| Auto Connect
|
||||
|--------------------------------------------------------------------------
|
||||
|
|
||||
| If auto connect is true, Adldap will try to automatically connect to
|
||||
| your LDAP server in your configuration. This allows you to assume
|
||||
| connectivity rather than having to connect manually
|
||||
| in your application.
|
||||
|
|
||||
| If this is set to false, you **must** connect manually before running
|
||||
| LDAP operations.
|
||||
|
|
||||
*/
|
||||
|
||||
'auto_connect' => env('ADLDAP_AUTO_CONNECT', true),
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| Connection
|
||||
|--------------------------------------------------------------------------
|
||||
|
|
||||
| The connection class to use to run raw LDAP operations on.
|
||||
|
|
||||
| Custom connection classes must implement:
|
||||
|
|
||||
| Adldap\Connections\ConnectionInterface
|
||||
|
|
||||
*/
|
||||
|
||||
'connection' => Adldap\Connections\Ldap::class,
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| Connection Settings
|
||||
|--------------------------------------------------------------------------
|
||||
|
|
||||
| This connection settings array is directly passed into the Adldap constructor.
|
||||
|
|
||||
| Feel free to add or remove settings you don't need.
|
||||
|
|
||||
*/
|
||||
|
||||
'settings' => [
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| Schema
|
||||
|--------------------------------------------------------------------------
|
||||
|
|
||||
| The schema class to use for retrieving attributes and generating models.
|
||||
|
|
||||
| You can also set this option to `null` to use the default schema class.
|
||||
|
|
||||
| For OpenLDAP, you must use the schema:
|
||||
|
|
||||
| Adldap\Schemas\OpenLDAP::class
|
||||
|
|
||||
| For FreeIPA, you must use the schema:
|
||||
|
|
||||
| Adldap\Schemas\FreeIPA::class
|
||||
|
|
||||
| Custom schema classes must implement Adldap\Schemas\SchemaInterface
|
||||
|
|
||||
*/
|
||||
|
||||
'schema' => $schema,
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| Account Prefix
|
||||
|--------------------------------------------------------------------------
|
||||
|
|
||||
| The account prefix option is the prefix of your user accounts in LDAP directory.
|
||||
|
|
||||
| This string is prepended to authenticating users usernames.
|
||||
|
|
||||
*/
|
||||
|
||||
'account_prefix' => env('ADLDAP_ACCOUNT_PREFIX', ''),
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| Account Suffix
|
||||
|--------------------------------------------------------------------------
|
||||
|
|
||||
| The account suffix option is the suffix of your user accounts in your LDAP directory.
|
||||
|
|
||||
| This string is appended to authenticating users usernames.
|
||||
|
|
||||
*/
|
||||
|
||||
'account_suffix' => env('ADLDAP_ACCOUNT_SUFFIX', ''),
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| Domain Controllers
|
||||
|--------------------------------------------------------------------------
|
||||
|
|
||||
| The domain controllers option is an array of servers located on your
|
||||
| network that serve Active Directory. You can insert as many servers or
|
||||
| as little as you'd like depending on your forest (with the
|
||||
| minimum of one of course).
|
||||
|
|
||||
| These can be IP addresses of your server(s), or the host name.
|
||||
|
|
||||
*/
|
||||
|
||||
'hosts' => explode(' ', env('ADLDAP_CONTROLLERS', '127.0.0.1')),
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| Port
|
||||
|--------------------------------------------------------------------------
|
||||
|
|
||||
| The port option is used for authenticating and binding to your LDAP server.
|
||||
|
|
||||
*/
|
||||
|
||||
'port' => env('ADLDAP_PORT', 389),
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| Timeout
|
||||
|--------------------------------------------------------------------------
|
||||
|
|
||||
| The timeout option allows you to configure the amount of time in
|
||||
| seconds that your application waits until a response
|
||||
| is received from your LDAP server.
|
||||
|
|
||||
*/
|
||||
|
||||
'timeout' => env('ADLDAP_TIMEOUT', 5),
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| Base Distinguished Name
|
||||
|--------------------------------------------------------------------------
|
||||
|
|
||||
| The base distinguished name is the base distinguished name you'd
|
||||
| like to perform query operations on. An example base DN would be:
|
||||
|
|
||||
| dc=corp,dc=acme,dc=org
|
||||
|
|
||||
| A correct base DN is required for any query results to be returned.
|
||||
|
|
||||
*/
|
||||
|
||||
'base_dn' => env('ADLDAP_BASEDN', 'dc=temp'),
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| Administrator Username & Password
|
||||
|--------------------------------------------------------------------------
|
||||
|
|
||||
| When connecting to your LDAP server, a username and password is required
|
||||
| to be able to query and run operations on your server(s). You can
|
||||
| use any user account that has these permissions. This account
|
||||
| does not need to be a domain administrator unless you
|
||||
| require changing and resetting user passwords.
|
||||
|
|
||||
*/
|
||||
|
||||
'username' => env('ADLDAP_ADMIN_USERNAME', ''),
|
||||
'password' => env('ADLDAP_ADMIN_PASSWORD', ''),
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| Follow Referrals
|
||||
|--------------------------------------------------------------------------
|
||||
|
|
||||
| The follow referrals option is a boolean to tell active directory
|
||||
| to follow a referral to another server on your network if the
|
||||
| server queried knows the information your asking for exists,
|
||||
| but does not yet contain a copy of it locally.
|
||||
|
|
||||
| This option is defaulted to false.
|
||||
|
|
||||
*/
|
||||
|
||||
'follow_referrals' => env('ADLDAP_FOLLOW_REFFERALS', false),
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| SSL & TLS
|
||||
|--------------------------------------------------------------------------
|
||||
|
|
||||
| If you need to be able to change user passwords on your server, then an
|
||||
| SSL or TLS connection is required. All other operations are allowed
|
||||
| on unsecured protocols.
|
||||
|
|
||||
| One of these options are definitely recommended if you
|
||||
| have the ability to connect to your server securely.
|
||||
|
|
||||
*/
|
||||
|
||||
'use_ssl' => env('ADLDAP_USE_SSL', false),
|
||||
'use_tls' => env('ADLDAP_USE_TLS', false),
|
||||
|
||||
'custom_options' => $sslOptions,
|
||||
],
|
||||
|
||||
'hosts' => [env('LDAP_HOST', '127.0.0.1')],
|
||||
'username' => env('LDAP_USERNAME', 'cn=user,dc=local,dc=com'),
|
||||
'password' => env('LDAP_PASSWORD', 'secret'),
|
||||
'port' => env('LDAP_PORT', 389),
|
||||
'base_dn' => env('LDAP_BASE_DN', 'dc=local,dc=com'),
|
||||
'timeout' => env('LDAP_TIMEOUT', 5),
|
||||
'use_ssl' => env('LDAP_SSL', false),
|
||||
'use_tls' => env('LDAP_TLS', false),
|
||||
],
|
||||
|
||||
],
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| LDAP Logging
|
||||
|--------------------------------------------------------------------------
|
||||
|
|
||||
| When LDAP logging is enabled, all LDAP search and authentication
|
||||
| operations are logged using the default application logging
|
||||
| driver. This can assist in debugging issues and more.
|
||||
|
|
||||
*/
|
||||
|
||||
'logging' => env('LDAP_LOGGING', true),
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| LDAP Cache
|
||||
|--------------------------------------------------------------------------
|
||||
|
|
||||
| LDAP caching enables the ability of caching search results using the
|
||||
| query builder. This is great for running expensive operations that
|
||||
| may take many seconds to complete, such as a pagination request.
|
||||
|
|
||||
*/
|
||||
|
||||
'cache' => [
|
||||
'enabled' => env('LDAP_CACHE', false),
|
||||
'driver' => env('CACHE_DRIVER', 'file'),
|
||||
],
|
||||
|
||||
];
|
||||
|
@ -1,394 +0,0 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* ldap_auth.php
|
||||
* Copyright (c) 2019 james@firefly-iii.org.
|
||||
*
|
||||
* This file is part of Firefly III (https://github.com/firefly-iii).
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as
|
||||
* published by the Free Software Foundation, either version 3 of the
|
||||
* License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
use FireflyIII\Scopes\LdapFilterScope;
|
||||
|
||||
use Adldap\Laravel\Events\Authenticated;
|
||||
use Adldap\Laravel\Events\AuthenticatedModelTrashed;
|
||||
use Adldap\Laravel\Events\AuthenticatedWithWindows;
|
||||
use Adldap\Laravel\Events\Authenticating;
|
||||
use Adldap\Laravel\Events\AuthenticationFailed;
|
||||
use Adldap\Laravel\Events\AuthenticationRejected;
|
||||
use Adldap\Laravel\Events\AuthenticationSuccessful;
|
||||
use Adldap\Laravel\Events\DiscoveredWithCredentials;
|
||||
use Adldap\Laravel\Events\Importing;
|
||||
use Adldap\Laravel\Events\Synchronized;
|
||||
use Adldap\Laravel\Events\Synchronizing;
|
||||
use Adldap\Laravel\Listeners\LogAuthenticated;
|
||||
use Adldap\Laravel\Listeners\LogAuthentication;
|
||||
use Adldap\Laravel\Listeners\LogAuthenticationFailure;
|
||||
use Adldap\Laravel\Listeners\LogAuthenticationRejection;
|
||||
use Adldap\Laravel\Listeners\LogAuthenticationSuccess;
|
||||
use Adldap\Laravel\Listeners\LogDiscovery;
|
||||
use Adldap\Laravel\Listeners\LogImport;
|
||||
use Adldap\Laravel\Listeners\LogSynchronized;
|
||||
use Adldap\Laravel\Listeners\LogSynchronizing;
|
||||
use Adldap\Laravel\Listeners\LogTrashedModel;
|
||||
use Adldap\Laravel\Listeners\LogWindowsAuth;
|
||||
use Adldap\Laravel\Scopes\UidScope;
|
||||
use Adldap\Laravel\Scopes\UpnScope;
|
||||
|
||||
// default OpenLDAP scopes.
|
||||
$scopes = [
|
||||
LdapFilterScope::class,
|
||||
UidScope::class,
|
||||
];
|
||||
if ('FreeIPA' === env('ADLDAP_CONNECTION_SCHEME')) {
|
||||
$scopes = [
|
||||
LdapFilterScope::class,
|
||||
];
|
||||
}
|
||||
if ('ActiveDirectory' === env('ADLDAP_CONNECTION_SCHEME')) {
|
||||
$scopes = [
|
||||
LdapFilterScope::class,
|
||||
UpnScope::class,
|
||||
];
|
||||
}
|
||||
|
||||
return [
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| Connection
|
||||
|--------------------------------------------------------------------------
|
||||
|
|
||||
| The LDAP connection to use for laravel authentication.
|
||||
|
|
||||
| You must specify connections in your `config/adldap.php` configuration file.
|
||||
|
|
||||
| This must be a string.
|
||||
|
|
||||
*/
|
||||
|
||||
'connection' => envNonEmpty('ADLDAP_CONNECTION', 'default'),
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| Provider
|
||||
|--------------------------------------------------------------------------
|
||||
|
|
||||
| The LDAP authentication provider to use depending
|
||||
| if you require database synchronization.
|
||||
|
|
||||
| For synchronizing LDAP users to your local applications database, use the provider:
|
||||
|
|
||||
| Adldap\Laravel\Auth\DatabaseUserProvider::class
|
||||
|
|
||||
| Otherwise, if you just require LDAP authentication, use the provider:
|
||||
|
|
||||
| Adldap\Laravel\Auth\NoDatabaseUserProvider::class
|
||||
|
|
||||
*/
|
||||
|
||||
'provider' => Adldap\Laravel\Auth\DatabaseUserProvider::class,
|
||||
//'provider' => Adldap\Laravel\Auth\NoDatabaseUserProvider::class,
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| Model
|
||||
|--------------------------------------------------------------------------
|
||||
|
|
||||
| The model to utilize for authentication and importing.
|
||||
|
|
||||
| This option is only applicable to the DatabaseUserProvider.
|
||||
|
|
||||
*/
|
||||
|
||||
'model' => FireflyIII\User::class,
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| Rules
|
||||
|--------------------------------------------------------------------------
|
||||
|
|
||||
| Rules allow you to control user authentication requests depending on scenarios.
|
||||
|
|
||||
| You can create your own rules and insert them here.
|
||||
|
|
||||
| All rules must extend from the following class:
|
||||
|
|
||||
| Adldap\Laravel\Validation\Rules\Rule
|
||||
|
|
||||
*/
|
||||
|
||||
'rules' => [
|
||||
|
||||
// Denys deleted users from authenticating.
|
||||
Adldap\Laravel\Validation\Rules\DenyTrashed::class,
|
||||
|
||||
// Allows only manually imported users to authenticate.
|
||||
// Adldap\Laravel\Validation\Rules\OnlyImported::class,
|
||||
|
||||
],
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| Scopes
|
||||
|--------------------------------------------------------------------------
|
||||
|
|
||||
| Scopes allow you to restrict the LDAP query that locates
|
||||
| users upon import and authentication.
|
||||
|
|
||||
| All scopes must implement the following interface:
|
||||
|
|
||||
| Adldap\Laravel\Scopes\ScopeInterface
|
||||
|[
|
||||
|
||||
// Only allows users with a user principal name to authenticate.
|
||||
// Remove this if you're using OpenLDAP.
|
||||
//Adldap\Laravel\Scopes\UpnScope::class,
|
||||
|
||||
// Only allows users with a uid to authenticate.
|
||||
// Uncomment if you're using OpenLDAP.
|
||||
Adldap\Laravel\Scopes\UidScope::class,
|
||||
|
||||
],
|
||||
*/
|
||||
|
||||
'scopes' => $scopes,
|
||||
|
||||
'identifiers' => [
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| LDAP
|
||||
|--------------------------------------------------------------------------
|
||||
|
|
||||
| Discover:
|
||||
|
|
||||
| The discover value is the users attribute you would
|
||||
| like to locate LDAP users by in your directory.
|
||||
|
|
||||
| For example, using the default configuration below, if you're
|
||||
| authenticating users with an email address, your LDAP server
|
||||
| will be queried for a user with the a `userprincipalname`
|
||||
| equal to the entered email address.
|
||||
|
|
||||
| Authenticate:
|
||||
|
|
||||
| The authenticate value is the users attribute you would
|
||||
| like to use to bind to your LDAP server.
|
||||
|
|
||||
| For example, when a user is located by the above 'discover'
|
||||
| attribute, the users attribute you specify below will
|
||||
| be used as the username to bind to your LDAP server.
|
||||
|
|
||||
*/
|
||||
|
||||
'ldap' => [
|
||||
|
||||
'locate_users_by' => envNonEmpty('ADLDAP_DISCOVER_FIELD', 'userprincipalname'),
|
||||
'bind_users_by' => envNonEmpty('ADLDAP_AUTH_FIELD', 'distinguishedname'),
|
||||
|
||||
],
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| Eloquent
|
||||
|--------------------------------------------------------------------------
|
||||
|
|
||||
| The value you enter is the database column name used for locating
|
||||
| the local database record of the authenticating user.
|
||||
|
|
||||
| If you're using a `username` column instead, change this to `username`.
|
||||
|
|
||||
| This option is only applicable to the DatabaseUserProvider.
|
||||
|
|
||||
*/
|
||||
|
||||
'eloquent' => 'email',
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| Windows Authentication Middleware (SSO)
|
||||
|--------------------------------------------------------------------------
|
||||
|
|
||||
| Enabled:
|
||||
|
|
||||
| The middleware will be registered only if enabled is set to true.
|
||||
| If you update this file, beware, this is not a standard
|
||||
| AdLdap2-Laravel configuration key.
|
||||
|
|
||||
| Locate Users By:
|
||||
|
|
||||
| This value is the users attribute you would like to locate LDAP
|
||||
| users by in your directory.
|
||||
|
|
||||
| For example, if 'samaccountname' is the value, then your LDAP server is
|
||||
| queried for a user with the 'samaccountname' equal to the value of
|
||||
| $_SERVER['AUTH_USER'].
|
||||
|
|
||||
| If a user is found, they are imported (if using the DatabaseUserProvider)
|
||||
| into your local database, then logged in.
|
||||
|
|
||||
| Server Key:
|
||||
|
|
||||
| This value represents the 'key' of the $_SERVER
|
||||
| array to pull the users account name from.
|
||||
|
|
||||
| For example, $_SERVER['AUTH_USER'].
|
||||
|
|
||||
*/
|
||||
|
||||
'windows' => [
|
||||
'enabled' => false,
|
||||
'locate_users_by' => 'samaccountname',
|
||||
'server_key' => 'AUTH_USER',
|
||||
],
|
||||
],
|
||||
|
||||
'passwords' => [
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| Password Sync
|
||||
|--------------------------------------------------------------------------
|
||||
|
|
||||
| The password sync option allows you to automatically synchronize users
|
||||
| LDAP passwords to your local database. These passwords are hashed
|
||||
| natively by Laravel using the bcrypt() method.
|
||||
|
|
||||
| Enabling this option would also allow users to login to their accounts
|
||||
| using the password last used when an LDAP connection was present.
|
||||
|
|
||||
| If this option is disabled, the local database account is applied a
|
||||
| random 16 character hashed password upon every login, and will
|
||||
| lose access to this account upon loss of LDAP connectivity.
|
||||
|
|
||||
| This option must be true or false and is only applicable
|
||||
| to the DatabaseUserProvider.
|
||||
|
|
||||
*/
|
||||
|
||||
'sync' => env('ADLDAP_PASSWORD_SYNC', false),
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| Column
|
||||
|--------------------------------------------------------------------------
|
||||
|
|
||||
| This is the column of your users database table
|
||||
| that is used to store passwords.
|
||||
|
|
||||
| Set this to `null` if you do not have a password column.
|
||||
|
|
||||
| This option is only applicable to the DatabaseUserProvider.
|
||||
|
|
||||
*/
|
||||
|
||||
'column' => 'password',
|
||||
|
||||
],
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| Login Fallback
|
||||
|--------------------------------------------------------------------------
|
||||
|
|
||||
| The login fallback option allows you to login as a user located on the
|
||||
| local database if active directory authentication fails.
|
||||
|
|
||||
| Set this to true if you would like to enable it.
|
||||
|
|
||||
| This option must be true or false and is only
|
||||
| applicable to the DatabaseUserProvider.
|
||||
|
|
||||
*/
|
||||
|
||||
'login_fallback' => env('ADLDAP_LOGIN_FALLBACK', false),
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| Sync Attributes
|
||||
|--------------------------------------------------------------------------
|
||||
|
|
||||
| Attributes specified here will be added / replaced on the user model
|
||||
| upon login, automatically synchronizing and keeping the attributes
|
||||
| up to date.
|
||||
|
|
||||
| The array key represents the users Laravel model key, and
|
||||
| the value represents the users LDAP attribute.
|
||||
|
|
||||
| This option must be an array and is only applicable
|
||||
| to the DatabaseUserProvider.
|
||||
|
|
||||
*/
|
||||
|
||||
'sync_attributes' => [
|
||||
|
||||
'email' => envNonEmpty('ADLDAP_SYNC_FIELD', 'userprincipalname'),
|
||||
|
||||
],
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| Logging
|
||||
|--------------------------------------------------------------------------
|
||||
|
|
||||
| User authentication attempts will be logged using Laravel's
|
||||
| default logger if this setting is enabled.
|
||||
|
|
||||
| No credentials are logged, only usernames.
|
||||
|
|
||||
| This is usually stored in the '/storage/logs' directory
|
||||
| in the root of your application.
|
||||
|
|
||||
| This option is useful for debugging as well as auditing.
|
||||
|
|
||||
| You can freely remove any events you would not like to log below,
|
||||
| as well as use your own listeners if you would prefer.
|
||||
|
|
||||
*/
|
||||
|
||||
'logging' => [
|
||||
'enabled' => true,
|
||||
'events' => [
|
||||
|
||||
Importing::class => LogImport::class,
|
||||
Synchronized::class => LogSynchronized::class,
|
||||
Synchronizing::class => LogSynchronizing::class,
|
||||
Authenticated::class => LogAuthenticated::class,
|
||||
Authenticating::class => LogAuthentication::class,
|
||||
AuthenticationFailed::class => LogAuthenticationFailure::class,
|
||||
AuthenticationRejected::class => LogAuthenticationRejection::class,
|
||||
AuthenticationSuccessful::class => LogAuthenticationSuccess::class,
|
||||
DiscoveredWithCredentials::class => LogDiscovery::class,
|
||||
AuthenticatedWithWindows::class => LogWindowsAuth::class,
|
||||
AuthenticatedModelTrashed::class => LogTrashedModel::class,
|
||||
|
||||
],
|
||||
],
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| Custom LDAP Filter
|
||||
|--------------------------------------------------------------------------
|
||||
|
|
||||
| This value can be optionally provided to restrict LDAP queries to the
|
||||
| given filter. It should be in LDAP filter format, and will be
|
||||
| applied in the LdapFilterScope.
|
||||
|
|
||||
*/
|
||||
'custom_filter' => env('ADLDAP_AUTH_FILTER', ''),
|
||||
|
||||
];
|
Loading…
Reference in New Issue
Block a user