6155c1fad2
- Add search_bind_enabled/search_bind_dn/search_bind_password to allow using a dedicated LDAP account for user and group searches. This is needed when regular LDAP users lack search permissions (common with restrictive ACLs on OpenLDAP). - Support both group_indentifier (original) and group_identifier config keys, falling back to 'cn' if neither is set. - Skip the gidNumber-based primary group query when the attribute is empty, avoiding broken LDAP filters on non-posixAccount setups.
52 lines
3.3 KiB
YAML
52 lines
3.3 KiB
YAML
PLUGIN_LOGIN_LDAP:
|
|
ACCESS_GROUPS_DESC: 'NOTE: The first level defines the **LDAP group** to be mapped, subsequent levels define the **Grav Access Levels** to give a user who is assigned to that group.'
|
|
ADVANCED: 'Advanced'
|
|
CONFIGURATION: 'Configuration'
|
|
DEFAULT_ACCESS_LEVELS_GROUPS: 'Default Groups'
|
|
DEFAULT_ACCESS_LEVELS_SITE: 'Default Site Access'
|
|
DEFAULT_GROUPS_ACCESS_LEVELS: 'Groups Access Level'
|
|
GROUP_SEARCH_DN: 'Group Search DN'
|
|
GROUP_SEARCH_DN_DESC: 'String used to retrieve user group data. If not provided, extra LDAP group data will not be stored in Grav user account file'
|
|
GROUP_QUERY: 'Group Query'
|
|
GROUP_QUERY_DESC: 'The query used to search Groups. Only change this if you know what you are doing. [dn] will be replaced with the distinguished name attribute and [username] will be replaced with the username entered via login'
|
|
GROUP_IDENTIFIER: 'Group Identifier'
|
|
GROUP_IDENTIFIER_DESC: 'The Group identifier that will come back in the response, this is directly related to group query.'
|
|
HOST: 'Host'
|
|
HOST_DESC: 'Host name of the LDAP server'
|
|
INSTRUCTIONS: 'Instructions'
|
|
NEGOTIATE_TLS: 'Negotiate TLS'
|
|
NEGOTIATE_TLS_DESC: 'Negotiate TLS encryption with the LDAP server (requires all traffic to be encrypted)'
|
|
OPT_REFERRALS: 'Follow Referrals'
|
|
OPT_REFERRALS_DESC: 'Sets the value of LDAP_OPT_REFERRALS (Set to "off" for Windows 2003 servers)'
|
|
PORT: 'Port'
|
|
PORT_DESC: 'Port to connect to host'
|
|
SAVE_GRAV_USER: 'Save Grav user'
|
|
SAVE_GRAV_USER_DESC: 'Saves the logged in user as a local Grav account'
|
|
STORE_LDAP_USER: 'Store LDAP data'
|
|
STORE_LDAP_USER_DESC: 'You can also store LDAP data on the logged in user object to use in Grav'
|
|
SERVER_CONFIGURATION: 'Server Configuration'
|
|
USE_SSL: 'Use SSL'
|
|
USER_DN: 'User DN'
|
|
USER_DN_DESC: 'String used to authenticate a user, where [username] is directly replaced by user value entered via login'
|
|
USERNAME_MAPPING: 'Username Mapping'
|
|
USERNAME_MAPPING_DESC: 'LDAP Attribute(s) that contains the user''s username'
|
|
FULLNAME_MAPPING: 'User Fullname Mapping'
|
|
FULLNAME_MAPPING_DESC: 'LDAP Attribute(s) that contains the user''s full name'
|
|
EMAIL_MAPPING: 'User Email Mapping'
|
|
EMAIL_MAPPING_DESC: 'LDAP Attribute that contains the user''s email'
|
|
DN_MAPPING: 'User Distinguished Name Mapping'
|
|
DN_MAPPING_DESC: 'LDAP Attribute that contains the user''s distinguished name (useful for ActiveDirectory domains)'
|
|
USER_SEARCH_DN: 'User Search DN'
|
|
USER_SEARCH_DN_DESC: 'String used to retrieve user data. If not provided, extra LDAP user data will not be stored in Grav user account file'
|
|
VERSION: 'Version'
|
|
VERSION_DESC: 'LDAP Version 3 is most popular, only change this if you know what you are doing'
|
|
BLACKLIST_FIELDS: 'Blacklist Fields'
|
|
BLACKLIST_FIELDS_HELP: 'A list of LDAP fields to be skipped and ignored'
|
|
BLACKLIST_FIELDS_PLACEHOLDER: 'Field (ie, jpegPhoto, homePostalAddress)'
|
|
SEARCH_BIND_CONFIGURATION: 'Search Bind Configuration'
|
|
SEARCH_BIND_ENABLE: 'Use Search Bind'
|
|
SEARCH_BIND_ENABLE_DESC: 'Use a dedicated LDAP account for user/group searches (useful when regular users lack search permissions)'
|
|
SEARCH_BIND_DN: 'Search Bind DN'
|
|
SEARCH_BIND_DN_DESC: 'Full DN of the LDAP account used for searches (e.g. cn=readonly,dc=company,dc=com)'
|
|
SEARCH_BIND_PASSWORD: 'Search Bind Password'
|
|
SEARCH_BIND_PASSWORD_DESC: 'Password for the search bind account' |