From 54c3e42d4adb739f27f2629d3de998ebfb3e486e Mon Sep 17 00:00:00 2001 From: Jonathan Johnson Date: Thu, 25 Apr 2024 22:40:29 -0700 Subject: [PATCH] Make name LDAP properties configurable At UCSF the first and last name can be configured to use the lived name values instead of the default ldap attributes. This change allows ilios to consume those values, but keeps the default of sn/givenName for standard LDAP configs. --- docs/authentication_and_users.md | 18 ++++++++++-------- src/Service/LdapManager.php | 16 ++++++++++++---- 2 files changed, 22 insertions(+), 12 deletions(-) diff --git a/docs/authentication_and_users.md b/docs/authentication_and_users.md index b99c2249ef..e681ec7f0e 100644 --- a/docs/authentication_and_users.md +++ b/docs/authentication_and_users.md @@ -43,11 +43,13 @@ sudo -u apache bin/console --env=prod ilios:maintenance:set-config-value ldap_di sudo -u apache bin/console --env=prod ilios:maintenance:set-config-value ldap_directory_username_property ``` -| Property Name| Description| Example Value| -|---|---|---| -| ldap_directory_url | URL to connect to your LDAP server including protocol | ldaps://directory.campus.edu | -| ldap_directory_user | The user we will use to authenticate | uid=Ilios,ou=applications,dc=campus,dc=edu | -| ldap_directory_password | The bind password for your user | 123GoLdap! | -| ldap_directory_search_base | What scope in the directory we should user for users | ou=people,dc=campus,dc=edu | -| ldap_directory_campus_id_property | In the returned data for a user what property is unique and can be used to populate the campusId field in Ilios | eduIDNumber | -| ldap_directory_username_property | In the returned data for a user what property contains the username that links to the **cas**, **ldap**, or **shibboleth** authentication service | eduPersonPrincipalName | \ No newline at end of file +| Property Name | Description | Example Value | +|------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------| +| ldap_directory_url | URL to connect to your LDAP server including protocol | ldaps://directory.campus.edu | +| ldap_directory_user | The user we will use to authenticate | uid=Ilios,ou=applications,dc=campus,dc=edu | +| ldap_directory_password | The bind password for your user | 123GoLdap! | +| ldap_directory_search_base | What scope in the directory we should user for users | ou=people,dc=campus,dc=edu | +| ldap_directory_campus_id_property | In the returned data for a user what property is unique and can be used to populate the campusId field in Ilios | eduIDNumber | +| ldap_directory_username_property | In the returned data for a user what property contains the username that links to the **cas**, **ldap**, or **shibboleth** authentication service | eduPersonPrincipalName | +| ldap_directory_first_name_property | In the returned data for a user what property contains the first name. If this isn't provided it will default to **givenName** | givenName | +| ldap_directory_last_name_property | In the returned data for a user what property contains the last name. If this isn't provided it will default to **sn** | sn | \ No newline at end of file diff --git a/src/Service/LdapManager.php b/src/Service/LdapManager.php index b618fe81f9..33a5784dd7 100644 --- a/src/Service/LdapManager.php +++ b/src/Service/LdapManager.php @@ -7,9 +7,15 @@ use Exception; use Symfony\Component\Ldap\Ldap; +/** + * Manages the LDAP connection. Because the Symfony ldap class is marked as final, + * we need to wrap it here so that we can mock it in tests. This class is the lowest + * level in the test tree, it can't be tested itself because of the issue with mocking + * the final class. + */ class LdapManager { - protected ?Ldap $ldap = null; + protected Ldap $ldap; /** * Constructor @@ -28,6 +34,8 @@ public function search(string $filter): array $ldapUsernameProperty = $this->config->get('ldap_directory_username_property'); $ldapDisplayNameProperty = $this->config->get('ldap_directory_display_name_property'); $ldapPronounsProperty = $this->config->get('ldap_directory_pronouns_property'); + $ldapFirstNameProperty = $this->config->get('ldap_directory_first_name_property') ?? 'givenName'; + $ldapLastNameProperty = $this->config->get('ldap_directory_last_name_property') ?? 'sn'; $rhett = []; try { @@ -36,8 +44,8 @@ public function search(string $filter): array $results = $query->execute(); $attributes = [ 'mail' => 'email', - 'sn' => 'lastName', - 'givenName' => 'firstName', + $ldapLastNameProperty => 'lastName', + $ldapFirstNameProperty => 'firstName', 'telephoneNumber' => 'telephoneNumber', $ldapCampusIdProperty => 'campusId', $ldapUsernameProperty => 'username', @@ -73,7 +81,7 @@ public function search(string $filter): array protected function getConnection(): Ldap { - if (! $this->ldap) { + if (!isset($this->ldap)) { $ldapUrl = $this->config->get('ldap_directory_url'); $ldapBindUser = $this->config->get('ldap_directory_user'); $ldapBindPassword = $this->config->get('ldap_directory_password');