Open
Conversation
This uses an extra LDAP bind operation to do authentication. Because it does not rely on HTTP basic authentication I had to introduce a session (probably resulting in cookies).
and throw an exception if it doesn't. Previously the code just failed.
- show login errors as alert on the login page
This allows to filter for users even before a bind attempt is done through the login form. This improves security by allowing to use LDAP filtering to identify eligible users at a very early stage.
Author
|
Could anyone at least comment if this feature has any chance to be merged? I can sign each and every commit, but I would really like at least some feedback. Is that sooo hard? |
Collaborator
|
Hi sorry, I've not had much time to look at this as I've been busy with other projects, and no-one else is working on this project. Thank you for your large contribution. I'll try to make some progress with this. |
|
@stamfest I think you should just publish it as a fork at this point. These are some neat additions. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This branch creates the machinery for a form-based login. It also implements form-based login using a configured LDAP directory. To implement this, a HTTP session is required. Some important session cookie parameters can be configured to allow for integration of either multiple instances of dns-ui or with other services under the same virtual host.
An additional change allows to configure an optional extra LDAP filter for user objects. This can be used to make extra sure to restrict which users may log into dns-ui.