Add features (additional filter condition / disable mail resolve) to LDAP authentication.

2025-11-08 14:35:52 +01:00 · 2014-02-28 20:48:09 +09:00
parent 521d15219c
commit 639e7e0b3f
9 changed files with 304 additions and 230 deletions
--- a/src/main/scala/service/AccountService.scala
+++ b/src/main/scala/service/AccountService.scala
@@ -39,7 +39,13 @@ trait AccountService {
      case Right(ldapUserInfo) => {
        // Create or update account by LDAP information
        getAccountByUserName(userName, true) match {
-          case Some(x) if(!x.isRemoved) => updateAccount(x.copy(mailAddress = ldapUserInfo.mailAddress, fullName = ldapUserInfo.fullName))
+          case Some(x) if(!x.isRemoved) => {
+            if(settings.ldap.get.disableMailResolve.getOrElse(false)) {
+              updateAccount(x.copy(fullName = ldapUserInfo.fullName))
+            } else {
+              updateAccount(x.copy(mailAddress = ldapUserInfo.mailAddress, fullName = ldapUserInfo.fullName))
+            }
+          }
          case Some(x) if(x.isRemoved)  => {
            logger.info(s"LDAP Authentication Failed: Account is already registered but disabled..")
            defaultAuthentication(userName, password)
--- a/src/main/scala/service/SystemSettingsService.scala
+++ b/src/main/scala/service/SystemSettingsService.scala
@@ -31,8 +31,10 @@ trait SystemSettingsService {
          ldap.bindPassword.foreach(x => props.setProperty(LdapBindPassword, x))
          props.setProperty(LdapBaseDN, ldap.baseDN)
          props.setProperty(LdapUserNameAttribute, ldap.userNameAttribute)
+          ldap.additionalFilterCondition.foreach(x => props.setProperty(LdapAdditionalFilterCondition, x))
          ldap.fullNameAttribute.foreach(x => props.setProperty(LdapFullNameAttribute, x))
          props.setProperty(LdapMailAddressAttribute, ldap.mailAttribute)
+          ldap.disableMailResolve.foreach(x => props.setProperty(LdapDisableMailResolve, x.toString))
          ldap.tls.foreach(x => props.setProperty(LdapTls, x.toString))
          ldap.keystore.foreach(x => props.setProperty(LdapKeystore, x))
        }
@@ -72,8 +74,10 @@ trait SystemSettingsService {
            getOptionValue(props, LdapBindPassword, None),
            getValue(props, LdapBaseDN, ""),
            getValue(props, LdapUserNameAttribute, ""),
+            getOptionValue(props, LdapAdditionalFilterCondition, None),
            getOptionValue(props, LdapFullNameAttribute, None),
            getValue(props, LdapMailAddressAttribute, ""),
+            getOptionValue[Boolean](props, LdapDisableMailResolve, None),
            getOptionValue[Boolean](props, LdapTls, None),
            getOptionValue(props, LdapKeystore, None)))
        } else {
@@ -89,33 +93,35 @@ object SystemSettingsService {
  import scala.reflect.ClassTag

  case class SystemSettings(
-    allowAccountRegistration: Boolean,
-    gravatar: Boolean,
-    notification: Boolean,
-    smtp: Option[Smtp],
-    ldapAuthentication: Boolean,
-    ldap: Option[Ldap])
+                             allowAccountRegistration: Boolean,
+                             gravatar: Boolean,
+                             notification: Boolean,
+                             smtp: Option[Smtp],
+                             ldapAuthentication: Boolean,
+                             ldap: Option[Ldap])

  case class Ldap(
-    host: String,
-    port: Option[Int],
-    bindDN: Option[String],
-    bindPassword: Option[String],
-    baseDN: String,
-    userNameAttribute: String,
-    fullNameAttribute: Option[String],
-    mailAttribute: String,
-    tls: Option[Boolean],
-    keystore: Option[String])
+                   host: String,
+                   port: Option[Int],
+                   bindDN: Option[String],
+                   bindPassword: Option[String],
+                   baseDN: String,
+                   userNameAttribute: String,
+                   additionalFilterCondition: Option[String],
+                   fullNameAttribute: Option[String],
+                   mailAttribute: String,
+                   disableMailResolve: Option[Boolean],
+                   tls: Option[Boolean],
+                   keystore: Option[String])

  case class Smtp(
-    host: String,
-    port: Option[Int],
-    user: Option[String],
-    password: Option[String],
-    ssl: Option[Boolean],
-    fromAddress: Option[String],
-    fromName: Option[String])
+                   host: String,
+                   port: Option[Int],
+                   user: Option[String],
+                   password: Option[String],
+                   ssl: Option[Boolean],
+                   fromAddress: Option[String],
+                   fromName: Option[String])

  val DefaultSmtpPort = 25
  val DefaultLdapPort = 389
@@ -137,8 +143,10 @@ object SystemSettingsService {
  private val LdapBindPassword = "ldap.bind_password"
  private val LdapBaseDN = "ldap.baseDN"
  private val LdapUserNameAttribute = "ldap.username_attribute"
+  private val LdapAdditionalFilterCondition = "ldap.additional_filter_condition"
  private val LdapFullNameAttribute = "ldap.fullname_attribute"
  private val LdapMailAddressAttribute = "ldap.mail_attribute"
+  private val LdapDisableMailResolve = "ldap.disable_mail_resolve"
  private val LdapTls = "ldap.tls"
  private val LdapKeystore = "ldap.keystore"