Commit Graph

11 Commits (6f116202f487a653a6579fe4232e4677529bd480)

Author SHA1 Message Date
Amir Zarrinkafsh 298d56dea3
[DEPS] Fix gopkg.in/ldap.v3 import for dependabot (#726) 2020-03-19 15:22:46 +11:00
Amir Zarrinkafsh eeabb96dd0
[BUGFIX] LDAP group retrieval of users with parenthesis in their name (#713)
This aligns the search filter escaping to [RFC4515](https://tools.ietf.org/search/rfc4515).
`base.ldif` has also been updated to be a closer match to RFC 2307.
2020-03-16 19:55:03 +11:00
Clément Michaud cc6650dbcd
[BUGFIX] [BREAKING] Set username retrieved from authentication backend in session. (#687)
* [BUGFIX] Set username retrieved from authentication backend in session.

In some setups, binding is case insensitive but Authelia is case
sensitive and therefore need the actual username as stored in the
authentication backend in order for Authelia to work correctly.

Fixes #561.

* Use uid attribute as unique user identifier in suites.

* Fix the integration tests.

* Update config.template.yml

* Compute user filter based on username attribute and users_filter.

The filter provided in users_filter is now combined with a filter
based on the username attribute to perform the LDAP search query
finding a user object from the username.

* Fix LDAP based integration tests.

* Update `users_filter` reference examples
2020-03-15 18:10:25 +11:00
Clément Michaud 82d8e1d57a
[BUGFIX] Fix crash when no emails or groups are retrieved from LDAP. (#651)
* [BUGFIX] Fix crash when no emails or groups are retrieved from LDAP.

If group or email attribute configured by user in configuration is not
found in user object the list of attributes in LDAP search result is empty.
This change introduces a check before accessing the first element of the
list which previously led to out of bound access.

Fixes #647.

* [MISC] Change log level of LDAP connection creation to trace.
2020-02-27 23:21:07 +01:00
Clement Michaud 47b34b4026 Escape special LDAP characters as suggested by OWASP.
https://owasp.org/www-project-cheat-sheets/cheatsheets/LDAP_Injection_Prevention_Cheat_Sheet.html
2020-01-21 09:46:17 +11:00
Clement Michaud 1ee442e86f Improve logs of password hashing to help troubleshoot issues. 2019-12-28 09:08:54 +01:00
Amir Zarrinkafsh 2fb20882d9
Utilise Buildkite for Authelia CI/CD (#507)
Publish steps are currently disabled.
2019-12-27 22:07:53 +11:00
Amir Zarrinkafsh fabb76754e
Rename org from clems4ever to authelia
Also fix references from config.yml to configuration.yml
2019-12-24 13:14:52 +11:00
James Elliott 09b4e4e57e Allow blank additional_groups_dn and additional_users_dn
- Make the DN concatenation uniform between both Users and Groups
- Make it possible to use a blank or commented out additional_users_dn or additional_groups_dn for ldap backends
- Fixes #508
2019-12-19 23:29:16 +01:00
Clement Michaud e21da43fd6 Add support for LDAP over TLS. 2019-12-06 21:33:47 +01:00
Clement Michaud 3b2d733367 Move source code into internal directory to follow standard project layout.
https://github.com/golang-standards/project-layout
2019-11-17 16:30:33 +01:00