feat: add LDAP signin method (#2591)

Add support for LDAP login methods Add option to control LDAP user in password login method.
2025-07-02 11:20:18 +08:00 · 2024-01-08 21:07:34 +08:00
parent 0199ad9aaa
commit ffa54247cd
57 changed files with 216 additions and 15 deletions
--- a/object/application.go
+++ b/object/application.go
@ -201,7 +201,7 @@ func extendApplicationWithOrg(application *Application) (err error) {
 func extendApplicationWithSigninMethods(application *Application) (err error) {
 	if len(application.SigninMethods) == 0 {
 		if application.EnablePassword {
-			signinMethod := &SigninMethod{Name: "Password", DisplayName: "Password", Rule: "None"}
+			signinMethod := &SigninMethod{Name: "Password", DisplayName: "Password", Rule: "All"}
 			application.SigninMethods = append(application.SigninMethods, signinMethod)
 		}
 		if application.EnableCodeSignin {
@ -212,10 +212,12 @@ func extendApplicationWithSigninMethods(application *Application) (err error) {
 			signinMethod := &SigninMethod{Name: "WebAuthn", DisplayName: "WebAuthn", Rule: "None"}
 			application.SigninMethods = append(application.SigninMethods, signinMethod)
 		}
+		signinMethod := &SigninMethod{Name: "LDAP", DisplayName: "LDAP", Rule: "None"}
+		application.SigninMethods = append(application.SigninMethods, signinMethod)
 	}

 	if len(application.SigninMethods) == 0 {
-		signinMethod := &SigninMethod{Name: "Password", DisplayName: "Password", Rule: "None"}
+		signinMethod := &SigninMethod{Name: "Password", DisplayName: "Password", Rule: "All"}
 		application.SigninMethods = append(application.SigninMethods, signinMethod)
 	}

@ -544,6 +546,19 @@ func (application *Application) IsPasswordEnabled() bool {
 	}
 }

+func (application *Application) IsPasswordWithLdapEnabled() bool {
+	if len(application.SigninMethods) == 0 {
+		return application.EnablePassword
+	} else {
+		for _, signinMethod := range application.SigninMethods {
+			if signinMethod.Name == "Password" && signinMethod.Rule == "All" {
+				return true
+			}
+		}
+		return false
+	}
+}
+
 func (application *Application) IsCodeSigninViaEmailEnabled() bool {
 	if len(application.SigninMethods) == 0 {
 		return application.EnableCodeSignin
@ -570,6 +585,17 @@ func (application *Application) IsCodeSigninViaSmsEnabled() bool {
 	}
 }

+func (application *Application) IsLdapEnabled() bool {
+	if len(application.SigninMethods) > 0 {
+		for _, signinMethod := range application.SigninMethods {
+			if signinMethod.Name == "LDAP" {
+				return true
+			}
+		}
+	}
+	return false
+}
+
 func IsOriginAllowed(origin string) (bool, error) {
 	applications, err := GetApplications("")
 	if err != nil {