Merge pull request #3296 from pixelfed/staging

Add LDAP support

CHANGELOG.md

@@ -4,6 +4,7 @@
 
 ### Added
 - Custom Emoji ([#3166](https://github.com/pixelfed/pixelfed/pull/3166))
+- LDAP Authentication ([#3296](https://github.com/pixelfed/pixelfed/pull/3296))
 
 ### Metro 2.0 UI
 - Added Hovercards ([16ced7b4](https://github.com/pixelfed/pixelfed/commit/16ced7b4))

app/Services/StatusService.php

@@ -47,11 +47,12 @@ class StatusService
 			return null;
 		}
 
+        $status['replies_count'] = $status['reply_count'];
+
 		if(config('exp.emc') == false) {
 			return $status;
 		}
 
-		$status['replies_count'] = $status['reply_count'];
 		unset(
 			$status['_v'],
 			$status['comments_disabled'],

composer.json

@@ -13,6 +13,7 @@
 		"ext-json": "*",
 		"ext-mbstring": "*",
 		"ext-openssl": "*",
+		"bacon/bacon-qr-code": "^2.0.3",
 		"brick/math": "^0.8",
 		"buzz/laravel-h-captcha": "1.0.2",
 		"doctrine/dbal": "^2.7",
@@ -31,11 +32,10 @@
 		"league/iso3166": "^2.1|^4.0",
 		"pbmedia/laravel-ffmpeg": "^7.0",
 		"phpseclib/phpseclib": "~2.0",
-		"bacon/bacon-qr-code": "^2.0.3",
 		"pixelfed/fractal": "^0.18.0",
-		"pragmarx/google2fa": "^8.0",
 		"pixelfed/laravel-snowflake": "^2.0",
 		"pixelfed/zttp": "^0.4",
+		"pragmarx/google2fa": "^8.0",
 		"predis/predis": "^1.1",
 		"spatie/laravel-backup": "^6.0.0",
 		"spatie/laravel-image-optimizer": "^1.1",

config/auth.php

@@ -65,14 +65,26 @@ return [
     */
 
     'providers' => [
+
+    	// Comment out or remove below for LDAP
         'users' => [
             'driver' => 'eloquent',
             'model'  => App\User::class,
         ],
 
+        // Uncomment below for LDAP
         // 'users' => [
-        //     'driver' => 'database',
-        //     'table' => 'users',
+        // 	'driver' => 'ldap',
+        // 	'model' => LdapRecord\Models\ActiveDirectory\User::class,
+        // 	'rules' => [],
+        // 	'database' => [
+        // 		'model' => App\User::class,
+        // 		'sync_passwords' => false,
+        // 		'sync_attributes' => [
+        // 			'name' => 'cn',
+        // 			'email' => 'mail',
+        // 		],
+        // 	],
         // ],
     ],
 

config/ldap.php

@@ -0,0 +1,73 @@
+<?php
+
+return [
+
+    /*
+    |--------------------------------------------------------------------------
+    | Default LDAP Connection Name
+    |--------------------------------------------------------------------------
+    |
+    | Here you may specify which of the LDAP connections below you wish
+    | to use as your default connection for all LDAP operations. Of
+    | course you may add as many connections you'd like below.
+    |
+    */
+
+    'default' => env('LDAP_CONNECTION', 'default'),
+
+    /*
+    |--------------------------------------------------------------------------
+    | LDAP Connections
+    |--------------------------------------------------------------------------
+    |
+    | Below you may configure each LDAP connection your application requires
+    | access to. Be sure to include a valid base DN - otherwise you may
+    | not receive any results when performing LDAP search operations.
+    |
+    */
+
+    'connections' => [
+
+        'default' => [
+            'hosts' => [env('LDAP_HOST', '127.0.0.1')],
+            'username' => env('LDAP_USERNAME', 'cn=user,dc=local,dc=com'),
+            'password' => env('LDAP_PASSWORD', 'secret'),
+            'port' => env('LDAP_PORT', 389),
+            'base_dn' => env('LDAP_BASE_DN', 'dc=local,dc=com'),
+            'timeout' => env('LDAP_TIMEOUT', 5),
+            'use_ssl' => env('LDAP_SSL', false),
+            'use_tls' => env('LDAP_TLS', false),
+        ],
+
+    ],
+
+    /*
+    |--------------------------------------------------------------------------
+    | LDAP Logging
+    |--------------------------------------------------------------------------
+    |
+    | When LDAP logging is enabled, all LDAP search and authentication
+    | operations are logged using the default application logging
+    | driver. This can assist in debugging issues and more.
+    |
+    */
+
+    'logging' => env('LDAP_LOGGING', true),
+
+    /*
+    |--------------------------------------------------------------------------
+    | LDAP Cache
+    |--------------------------------------------------------------------------
+    |
+    | LDAP caching enables the ability of caching search results using the
+    | query builder. This is great for running expensive operations that
+    | may take many seconds to complete, such as a pagination request.
+    |
+    */
+
+    'cache' => [
+        'enabled' => env('LDAP_CACHE', false),
+        'driver' => env('CACHE_DRIVER', 'file'),
+    ],
+
+];

database/migrations/2022_03_09_042023_add_ldap_columns_to_users_table.php

@@ -0,0 +1,29 @@
+<?php
+
+use Illuminate\Support\Facades\Schema;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Database\Migrations\Migration;
+
+class AddLdapColumnsToUsersTable extends Migration
+{
+    /**
+     * Run the migrations.
+     */
+    public function up()
+    {
+        Schema::table('users', function (Blueprint $table) {
+            $table->string('guid')->unique()->nullable();
+            $table->string('domain')->nullable();
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     */
+    public function down()
+    {
+        Schema::table('users', function (Blueprint $table) {
+            $table->dropColumn(['guid', 'domain']);
+        });
+    }
+}