Security hardening of ldap and oicd auth implementations

2026-02-11 21:41:46 +01:00 · 2026-02-09 09:12:06 +01:00
parent abdd7ea6f1
commit fd9b76c6a7
4 changed files with 166 additions and 92 deletions
--- a/internal/auth/schema.go
+++ b/internal/auth/schema.go
@@ -92,9 +92,17 @@ var configSchema = `
          "description": "Delete obsolete users in database.",
          "type": "boolean"
        },
+        "uid-attr": {
+          "description": "LDAP attribute used as login username. Default: uid",
+          "type": "string"
+        },
        "sync-user-on-login": {
          "description": "Add non-existent user to DB at login attempt if user exists in Ldap directory",
          "type": "boolean"
+        },
+        "update-user-on-login": {
+          "description": "Should an existent user attributes in the DB be updated at login attempt with values from LDAP.",
+          "type": "boolean"
        }
      },
      "required": ["url", "user-base", "search-dn", "user-bind", "user-filter"]