(04-13-2019, 12:50 PM)mudmin Wrote: It's been a LOOOONG time since I've used Active Directory, so I may need your help.
Here is my thought and you can tell me if I'm wrong.
1. Can you always use your email to authenticate with LDAP?
2. If not, can LDAP "return" the email address when you authenticate with an id/username?
The way the other OAUTH logins work is if you successfully authenticate, we do a lookup on the users table to see if your email is in there. If it is, we log you in as that user. If it isn't, we automatically create an account for you.
We would need to figure out that part with LDAP.
1. I'm not sure, but I believe yes we can.
2. yes LDAP will return the email address with many other attributes.
I did ldapsearch for our LDAP and it will return so many attribtes (fields) such as:
cn: username
displayName: (full name)
givenName: (first name)
sn: (last name)
title: user title
mail: email
and so many other attribute
so as you said, after successful ldap authentication, if the user has an account in the US DB, then login him in, otherwise create a new account for him (matching given attributes)
from your machine, try to run this command:
Code:
ldapsearch -h www.zflexldap.com -p 389 -D "uid=guest2,ou=users,ou=guests,dc=zflexsoftware,dc=com" -x -w guest2password -b "dc=zflexsoftware,dc=com" -s
sub "uid=guest2"this will return all user's attributes. then based on custom fields mappings, we can store these attribute to US users table.
I placed a code that will return all attributes for logged in user
https://pastebin.com/sVfXn0Z2