LDAP via simple auth separate bind user and search base #5055
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Resolves #3048
If you're using Active Directory and need to bind using the format [email protected] or DOMAIN\user LDAP simple auth will fail. The problem is that UserDN setting we bind on is also used for the search base and it's not a qualified DN.
To solve this I added the User Search Base field previously only on LDAP via BindDN to the simple auth as well. If you have a setting in this field on simple auth it will use that as the LDAP search base instead of the UserDN.
It works but I'm not a huge fan of my code to have User Search Base only required for BindDN but not simple auth. If somebody has suggestions for how to do it cleanly I'm open. The existing classes and js didn't have a good way for a field to be in both but only required in one.