Include a migration step regarding LDAP filters in the documentation.

This commit is contained in:
Clement Michaud 2019-10-29 21:26:15 +01:00 committed by Clément Michaud
parent 67613d9fbe
commit 7006035012
2 changed files with 4 additions and 2 deletions

View File

@ -29,6 +29,8 @@ However a migration script will be provided later on. Help for writing this scri
* Add the `jwt_secret` key in the configuration along with the value of the secret. This secret is used to generate expirable JWT tokens * Add the `jwt_secret` key in the configuration along with the value of the secret. This secret is used to generate expirable JWT tokens
for operations requiring identity validation. for operations requiring identity validation.
* Remove the `secure` key of your SMTP notifier configuration as the Go implementation of the SMTP library uses TLS by default if available. * Remove the `secure` key of your SMTP notifier configuration as the Go implementation of the SMTP library uses TLS by default if available.
* Make sure users and groups filter in the LDAP configuration have outer parenthesis. The standard format of LDAP filters always include outer
parenthesis. You can find some examples in the "Examples" section of the following document: https://social.technet.microsoft.com/wiki/contents/articles/5392.active-directory-ldap-syntax-filters.aspx
#### If using the local storage #### If using the local storage
* Remove the directory of the storage (beware you will lose your previous configuration: U2F, TOTP devices). Replace the path with a path to a sqlite3 database, * Remove the directory of the storage (beware you will lose your previous configuration: U2F, TOTP devices). Replace the path with a path to a sqlite3 database,

View File

@ -98,13 +98,13 @@ func (suite *LdapAuthenticationBackendSuite) TestShouldRaiseErrorWhenBaseDNNotPr
func (suite *LdapAuthenticationBackendSuite) TestShouldSetDefaultUsersFilter() { func (suite *LdapAuthenticationBackendSuite) TestShouldSetDefaultUsersFilter() {
ValidateAuthenticationBackend(&suite.configuration, suite.validator) ValidateAuthenticationBackend(&suite.configuration, suite.validator)
assert.Len(suite.T(), suite.validator.Errors(), 0) assert.Len(suite.T(), suite.validator.Errors(), 0)
assert.Equal(suite.T(), "cn={0}", suite.configuration.Ldap.UsersFilter) assert.Equal(suite.T(), "(cn={0})", suite.configuration.Ldap.UsersFilter)
} }
func (suite *LdapAuthenticationBackendSuite) TestShouldSetDefaultGroupsFilter() { func (suite *LdapAuthenticationBackendSuite) TestShouldSetDefaultGroupsFilter() {
ValidateAuthenticationBackend(&suite.configuration, suite.validator) ValidateAuthenticationBackend(&suite.configuration, suite.validator)
assert.Len(suite.T(), suite.validator.Errors(), 0) assert.Len(suite.T(), suite.validator.Errors(), 0)
assert.Equal(suite.T(), "member={dn}", suite.configuration.Ldap.GroupsFilter) assert.Equal(suite.T(), "(member={dn})", suite.configuration.Ldap.GroupsFilter)
} }
func (suite *LdapAuthenticationBackendSuite) TestShouldSetDefaultGroupNameAttribute() { func (suite *LdapAuthenticationBackendSuite) TestShouldSetDefaultGroupNameAttribute() {