From 70060350128f15c070e873c6e9251e0ac9bb60f3 Mon Sep 17 00:00:00 2001 From: Clement Michaud Date: Tue, 29 Oct 2019 21:26:15 +0100 Subject: [PATCH] Include a migration step regarding LDAP filters in the documentation. --- AUTHELIA-V4.md | 2 ++ configuration/validator/authentication_test.go | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/AUTHELIA-V4.md b/AUTHELIA-V4.md index a0ad4e78..6ba63615 100644 --- a/AUTHELIA-V4.md +++ b/AUTHELIA-V4.md @@ -29,6 +29,8 @@ However a migration script will be provided later on. Help for writing this scri * Add the `jwt_secret` key in the configuration along with the value of the secret. This secret is used to generate expirable JWT tokens for operations requiring identity validation. * Remove the `secure` key of your SMTP notifier configuration as the Go implementation of the SMTP library uses TLS by default if available. +* Make sure users and groups filter in the LDAP configuration have outer parenthesis. The standard format of LDAP filters always include outer +parenthesis. You can find some examples in the "Examples" section of the following document: https://social.technet.microsoft.com/wiki/contents/articles/5392.active-directory-ldap-syntax-filters.aspx #### If using the local storage * Remove the directory of the storage (beware you will lose your previous configuration: U2F, TOTP devices). Replace the path with a path to a sqlite3 database, diff --git a/configuration/validator/authentication_test.go b/configuration/validator/authentication_test.go index 75ede3a9..b0a78ff5 100644 --- a/configuration/validator/authentication_test.go +++ b/configuration/validator/authentication_test.go @@ -98,13 +98,13 @@ func (suite *LdapAuthenticationBackendSuite) TestShouldRaiseErrorWhenBaseDNNotPr func (suite *LdapAuthenticationBackendSuite) TestShouldSetDefaultUsersFilter() { ValidateAuthenticationBackend(&suite.configuration, suite.validator) assert.Len(suite.T(), suite.validator.Errors(), 0) - assert.Equal(suite.T(), "cn={0}", suite.configuration.Ldap.UsersFilter) + assert.Equal(suite.T(), "(cn={0})", suite.configuration.Ldap.UsersFilter) } func (suite *LdapAuthenticationBackendSuite) TestShouldSetDefaultGroupsFilter() { ValidateAuthenticationBackend(&suite.configuration, suite.validator) assert.Len(suite.T(), suite.validator.Errors(), 0) - assert.Equal(suite.T(), "member={dn}", suite.configuration.Ldap.GroupsFilter) + assert.Equal(suite.T(), "(member={dn})", suite.configuration.Ldap.GroupsFilter) } func (suite *LdapAuthenticationBackendSuite) TestShouldSetDefaultGroupNameAttribute() {