Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Automatic creation of users with ldap authentication #227

Merged
merged 14 commits into from
Apr 27, 2023
Merged

Automatic creation of users with ldap authentication #227

merged 14 commits into from
Apr 27, 2023

Conversation

c8y3
Copy link
Contributor

@c8y3 c8y3 commented Apr 25, 2023

In relation to #203, this pull-request adds the creation of users present in ldap at their first login.
The behaviour is activated by setting variable IRIS_AUTHENTICATION_CREATE_USER_IF_NOT_EXIST to True.
The following variables were added:

  • LDAP_SEARCH_DN is the base distinguished name to perform the user search (like ou=users,dc=example,dc=org)
  • LDAP_ATTRIBUTE_IDENTIFIER is the name of the attribute used to build the search filter which will uniquely identify the user (like cn or sAMAccountName)
  • LDAP_ATTRIBUTE_DISPLAY_NAME is the name of the attribute to retrieve the user display name (the user login will be used if this variable is not set)
  • LDAP_ATTRIBUTE_MAIL is the name of the attribute to retrieve the user email (the fake email user_login@ldap will be used if this variable is not set)

A fake local password is chosen randomly (same way as the administrator password is set). Ideally, it would be better if the database accepted the creation of users without any local password. This could be a further improvement of the code.
Note that the email unicity requirement may prove to be a problem at some point (if two users happen to have the same email in ldap, this may be possible in theory)
Note that in case of NTLM, the domain name is stripped to get the value of the sAMAccountName.

whikernel and others added 13 commits April 18, 2023 14:35
@whikernel
[MRG] Merge pull request dfir-iris#215 from dfir-iris/develop
d1ba0e0 
v2.0.2 - Patches
@whikernel
Bump version: 2.0.1 → 2.0.2
adf5490
@c8y3
[add] LDAP_AUTHENTICATION_TYPE variable in .env.model which is needed…
c3fd0c7 
… when configuring an ldap authentication
@whikernel
[MRG] Merge pull request dfir-iris#217 from c8y3/env_ldap_authenticat…
6f1c198 
…ion_type

Variable LDAP_AUTHENTICATION_TYPE in .env.model
@c8y3
[dfir-iris#203][add] just-in time provisioning of users in case of ld…
cc4bbfe 
…ap authentication. Added configuration variable LDAP_USER_PROVISIONING
@c8y3
[fix] Put a email which depends on the username (otherwise there is n…
690537a 
…ot unicity of the email which does not work)
@c8y3
[dfir-iris#203][IMP] Generate a random password when creating a new u…
e5e02b3 
…ser rather than a fixed one
@c8y3
[dfir-iris#203][ADD] options LDAP_USER_ATTRIBUTE_DISPLAY_NAME and LDA…
2ac0692 
…P_USER_ATTRIBUTE_MAIL to retrieve user name and email from ldap
@c8y3
[dfir-iris#203][CLEAN] Removed variable LDAP_USER_PROVISIONING, use I…
bd8dc75 
…RIS_AUTHENTICATION_CREATE_USER_IF_NOT_EXIST which already existed
@c8y3
[dfir-iris#203][ADD] Variables LDAP_SEARCH_DN and LDAP_ATTRIBUTE_IDEN…
8b50176 
…TIFIER to search for users information in the ldap
@c8y3
[dfir-iris#203][DOC] Small comment to document variable IRIS_AUTHENTI…
109c288 
…CATION_CREATE_USER_IF_NOT_EXIST
@c8y3
[dfir-iris#203][FIX] In case of ntlm, strip the domain name to get th…
1b860df 
…e sAMAccountName
@c8y3
[CLEAN] Removed spurious unused variable
5c6dce7
@whikernel whikernel self-requested a review April 25, 2023 14:32
@whikernel whikernel self-assigned this Apr 26, 2023
@whikernel whikernel added the enhancement New feature or request label Apr 26, 2023
@whikernel whikernel added this to the v2.1.0 milestone Apr 26, 2023
@whikernel whikernel changed the base branch from master to develop April 27, 2023 09:21
@whikernel whikernel merged commit c96c572 into dfir-iris:develop Apr 27, 2023
@c8y3 c8y3 deleted the ldap_provisioning branch May 17, 2023 06:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@whikernel whikernel whikernel approved these changes

Assignees

@whikernel whikernel

Labels
enhancement New feature or request
Projects
DFIR-IRIS Project
Status: Done
Milestone
v2.1.0
Development

Successfully merging this pull request may close these issues.
2 participants
@c8y3 @whikernel