make ldap username attribute configurable

configs/README.md

@@ -32,6 +32,7 @@ It is supported to set these by means of a `.env` file in the project root.
    - `search_dn`: Type string. DN for authenticating LDAP admin account with general read rights.
    - `user_bind`: Type string. Expression used to authenticate users via LDAP bind. Must contain `uid={username}`.
    - `user_filter`: Type string. Filter to extract users for syncing.
+   - `username_attr`: Type string. Attribute with full user name. Defaults to `gecos` if not provided.
    - `sync_interval`: Type string. Interval used for syncing local user table with LDAP directory. Parsed using time.ParseDuration.
    - `sync_del_old_users`: Type bool. Delete obsolete users in database.
 * `clusters`: Type array of objects

internal/auth/ldap.go

@@ -21,6 +21,7 @@ import (
 
 type LdapAuthenticator struct {
 	syncPassword string
+	UserAttr string
 }
 
 var _ Authenticator = (*LdapAuthenticator)(nil)
@@ -31,11 +32,13 @@ func (la *LdapAuthenticator) Init() error {
 		log.Warn("environment variable 'LDAP_ADMIN_PASSWORD' not set (ldap sync will not work)")
 	}
 
-	if config.Keys.LdapConfig.SyncInterval != "" {
-		interval, err := time.ParseDuration(config.Keys.LdapConfig.SyncInterval)
+	lc := config.Keys.LdapConfig
+
+	if lc.SyncInterval != "" {
+		interval, err := time.ParseDuration(lc.SyncInterval)
 		if err != nil {
 			log.Warnf("Could not parse duration for sync interval: %v",
-				config.Keys.LdapConfig.SyncInterval)
+				lc.SyncInterval)
 			return err
 		}
 
@@ -58,6 +61,12 @@ func (la *LdapAuthenticator) Init() error {
 		log.Info("LDAP configuration key sync_interval invalid")
 	}
 
+	if lc.UserAttr != "" {
+		la.UserAttr = lc.UserAttr
+	} else {
+		la.UserAttr = "gecos"
+	}
+
 	return nil
 }
 
@@ -86,7 +95,7 @@ func (la *LdapAuthenticator) CanLogin(
 				lc.UserBase,
 				ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
 				fmt.Sprintf("(&%s(uid=%s))", lc.UserFilter, username),
-				[]string{"dn", "uid", "gecos"}, nil)
+				[]string{"dn", "uid", la.UserAttr}, nil)
 
 			sr, err := l.Search(searchRequest)
 			if err != nil {
@@ -100,7 +109,7 @@ func (la *LdapAuthenticator) CanLogin(
 			}
 
 			entry := sr.Entries[0]
-			name := entry.GetAttributeValue("gecos")
+			name := entry.GetAttributeValue(la.UserAttr)
 			var roles []string
 			roles = append(roles, schema.GetRoleString(schema.RoleUser))
 			projects := make([]string, 0)
@@ -176,7 +185,7 @@ func (la *LdapAuthenticator) Sync() error {
 		lc.UserBase,
 		ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
 		lc.UserFilter,
-		[]string{"dn", "uid", "gecos"}, nil))
+		[]string{"dn", "uid", la.UserAttr}, nil))
 	if err != nil {
 		log.Warn("LDAP search error")
 		return err
@@ -192,7 +201,7 @@ func (la *LdapAuthenticator) Sync() error {
 		_, ok := users[username]
 		if !ok {
 			users[username] = IN_LDAP
-			newnames[username] = entry.GetAttributeValue("gecos")
+			newnames[username] = entry.GetAttributeValue(la.UserAttr)
 		} else {
 			users[username] = IN_BOTH
 		}

pkg/schema/config.go

@@ -15,6 +15,7 @@ type LdapConfig struct {
 	SearchDN        string `json:"search_dn"`
 	UserBind        string `json:"user_bind"`
 	UserFilter      string `json:"user_filter"`
+	UserAttr		string `json:"username_attr"`
 	SyncInterval    string `json:"sync_interval"` // Parsed using time.ParseDuration.
 	SyncDelOldUsers bool   `json:"sync_del_old_users"`
 

pkg/schema/schemas/config.schema.json

@@ -180,6 +180,10 @@
                     "description": "Filter to extract users for syncing.",
                     "type": "string"
                 },
+                "username_attr": {
+                    "description": "Attribute with full username. Default: gecos",
+                    "type": "string"
+                },
                 "sync_interval": {
                     "description": "Interval used for syncing local user table with LDAP directory. Parsed using time.ParseDuration.",
                     "type": "string"