Add support for multiple ways to bind to the LDAP server. #3541

2022-09-28 06:17:56 +01:00 · 2022-09-28 06:17:56 +01:00 · e3e0e3db19
parent 5fbb8b6204
commit e3e0e3db19
2 changed files with 16 additions and 4 deletions
--- a/web/config.py
+++ b/web/config.py
@ -645,6 +645,15 @@ LDAP_ANONYMOUS_BIND = False
 # OpenLDAP example: CN=Users,dc=example,dc=com
 LDAP_BASE_DN = '<Base-DN>'

+# Configure the bind format string
+# Default: LDAP_BIND_FORMAT="
+#   {LDAP_USERNAME_ATTRIBUTE}={LDAP_USERNAME},{LDAP_BASE_DN}"
+# The current available options are:
+# LDAP_USERNAME_ATTRIBUTE, LDAP_USERNAME, LDAP_BASE_DN
+# Example: LDAP_BIND_FORMAT="myldapuser@sales.example.com"
+#          LDAP_BIND_FORMAT="NET\\myldapuser"
+LDAP_BIND_FORMAT = '{LDAP_USERNAME_ATTRIBUTE}={LDAP_USERNAME},{LDAP_BASE_DN}'
+
 ##########################################################################

 # Search ldap for further authentication (REQUIRED)
--- a/web/pgadmin/authenticate/ldap.py
+++ b/web/pgadmin/authenticate/ldap.py
@ -65,9 +65,12 @@ class LDAPAuthentication(BaseAuthentication):
        # username and password
        if not self.bind_user and not self.bind_pass and\
                self.anonymous_bind is False:
-            user_dn = "{0}={1},{2}".format(config.LDAP_USERNAME_ATTRIBUTE,
-                                           self.username,
-                                           config.LDAP_BASE_DN
+
+            user_dn = config.LDAP_BIND_FORMAT\
+                .format(
+                    LDAP_USERNAME=self.username,
+                    LDAP_BASE_DN=config.LDAP_BASE_DN,
+                    LDAP_USERNAME_ATTRIBUTE=config.LDAP_USERNAME_ATTRIBUTE
                )

            self.bind_user = user_dn