liquid_feedback_frontend

diff config/_ldap_ad.lua @ 1656:3fb752f4afcb

find changesets by author, revision, files, or words in the commit message
Cleanup of configuration files
author bsw
date Sun Feb 14 12:46:39 2021 +0100 (2021-02-14)
parents
children
line diff
     1.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     1.2 +++ b/config/_ldap_ad.lua	Sun Feb 14 12:46:39 2021 +0100
     1.3 @@ -0,0 +1,66 @@
     1.4 +local function str2hex(s)
     1.5 +  local t = {string.byte(s, 1, #s)}
     1.6 +  local f = string.format
     1.7 +  for i = 1, #t do t[i] = f("\\%02x", t[i]) end
     1.8 +  return table.concat(t)
     1.9 +end
    1.10 +
    1.11 +config.ldap = {
    1.12 +  hosts = { 
    1.13 +    { uri = "ldap://192.168.1.1", tls = true, timeout = 5 },
    1.14 +    { uri = "ldap://192.168.1.2", tls = true, timeout = 5 }
    1.15 +  },
    1.16 +  base = "CN=Users,DC=example,DC=org",
    1.17 +  bind_as = { dn = "CN=LiquidFeedback Service,CN=Users,DC=example,DC=org", password = "secure" },
    1.18 +  member = {
    1.19 +    registration = "auto",
    1.20 +    scope = "subtree",
    1.21 +    login_normalizer = function (login)
    1.22 +      return login:lower()
    1.23 +    end,
    1.24 +    login_filter_map = function (login)
    1.25 +      return "(sAMAccountName=" .. ldap.escape_filter(login) .. ")"
    1.26 +    end,
    1.27 +    login_map = function (ldap_entry)
    1.28 +      return ldap_entry.sAMAccountName[1]
    1.29 +    end,
    1.30 +    uid_filter_map = function (uid)
    1.31 +      return "(objectGUID=" .. uid .. ")"
    1.32 +    end,
    1.33 +    uid_map = function (ldap_entry)
    1.34 +      return str2hex(ldap_entry.objectGUID[1])
    1.35 +    end,
    1.36 +    allowed_map = function (ldap_entry)
    1.37 +      local allowed = false
    1.38 +      if ldap_entry.memberOf then
    1.39 +        for i, group in ipairs(ldap_entry.memberOf) do
    1.40 +          if group == "CN=LiquidFeedback User,CN=Users,DC=example,DC=org" then
    1.41 +            allowed = true
    1.42 +          end
    1.43 +        end
    1.44 +      end
    1.45 +      return allowed
    1.46 +    end,
    1.47 +    fetch_attr = { "sAMAccountName", "objectGUID", "givenName", "name", "displayName", "memberOf" },
    1.48 +    attr_map = function (ldap_entry, member)
    1.49 +      member.identification = ldap_entry.givenName[1] .. " " .. ldap_entry.name[1]
    1.50 +      member.name = ldap_entry.displayName[1]
    1.51 +    end,
    1.52 +    privilege_map = function (ldap_entry, member)
    1.53 +      local privileges = {}
    1.54 +      if ldap_entry.memberOf then
    1.55 +        for i, group in ipairs(ldap_entry.memberOf) do
    1.56 +          if group == "CN=LiquidFeedback User,CN=Users,DC=example,DC=org" then
    1.57 +            table.insert(privileges,
    1.58 +              { unit_id = 1, voting_right = true, polling_right = true }
    1.59 +            )
    1.60 +          end
    1.61 +        end
    1.62 +      end
    1.63 +      return privileges
    1.64 +    end,
    1.65 +    cache_passwords = true,
    1.66 +    locked_profile_fields = { name = true }
    1.67 +  }
    1.68 +}
    1.69 +

Impressum / About Us