LDAP authentication in fider

[esgn]

Hi,

I think @indyteo must have mentioned this feature in your previous exchanges.
I've implemented a first version of a working LDAP authentication in fider 0.18, and we're using this modified version for running an internal suggestion box at @IGNF.
As we are looking into updating this internal fider instance, I've pushed to https://github.com/indyteo/fider/tree/ldap the implementation of LDAP authentication into the current fider code base.

Here is a short description of what has been implemented for LDAP authentication :

• New ldap_providers table created with migration script
• New section and form in authentication to create a new LDAP provider with ability to test the provider. LDAP providers are also taken into account for disabling email authentication
  
  
• Updated signin control to allow login via LDAP
  
• Necessary routes, actions, cmd, handlers, models, services, components and translations have been implemented or updated. Unit tests have also been made available or updated when necessary.
• A local openldap docker container was added with basic user configuration to allow testing. The image used is https://github.com/osixia/docker-openldap
• The LDAP authentication in itself relies on https://github.com/go-ldap/ldap. ldap://, ldap://+TLS and ldaps:// are supported.

I understand this feature might be quite "niche" and is a plus for organizations running fider internally. However, if you're interested I could submit a PR for this feature.

[techge]

@esgn are you still using this solution? I would love to have ldap integrated into fider. The only other solution I found was using keycloak as a middleware. I would rather like to use ldap directly as you did. Is your branch still working?

[indyteo]

Hi!
We are still running a modified version of Fider with custom LDAP support, however, we made a fork at the time we started, and we unfortunately didn’t update it, so I'm unable to tell if it would be compatible with the latest version of Fider :(
If you don’t mind having a little work to deal with possible compatibility issues, here you can find our fork (please note it’s not the one we use, it was the one we made to submit PR here): https://github.com/indyteo/fider/tree/ldap
You might especially be interested in this commit: indyteo@58cb2e3
Good luck with this feature ;)

[esgn]

Hi @techge
Keycloak as a middleware was the solution I was using before I developed this feature. Keycloak is quite a mouthful to maintain only to interface with existing LDAP ;)
As @indyteo said the main point here would be to port the feature into the new version of Fider. We're running a Fider version internally with LDAP support that must be something like 1.5 year old (we do not have the resources to continuously upgrade)
I'm pretty busy at the moment working on other projects and I won't have the time to dive into upgrading this feature before a few months.
While we are at it : @goenning what's your opinion about this feature ? Is this something you'll be ready to integrate into Fider ? :)

[techge]

Thanks both of you! I will have a look at your forks/branches. For now it is good to at least know the status quo. I'll let you know if I was able to integrate LDAP in the new code base as well. And who knows, maybe there will be a PR as well, if we are all lucky :)