Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Changing the LDAP Admin filter can change existing LDAP authenticating users #96

Merged
merged 7 commits into from
Nov 6, 2021
Merged

Changing the LDAP Admin filter can change existing LDAP authenticating users #96

merged 7 commits into from
Nov 6, 2021

Conversation

jketreno
Copy link
Contributor

@jketreno jketreno commented Nov 4, 2021

This two patch series performs the following:

  1. Allow the admin to blank out the LDAP filter for configuring Administrators.
  2. Adds additional text to the purpose and use of the LDAP admin filter
  3. Adds a check if a user exists and logs in to update their admin state based on if an LDAP filter is configured, and if it has changed vs. their currently configured setting.

Note the question toward the bottom of the second patch -- I wasn't sure if the authentication flow is run for all users, or only those users that have their authenticationProviderId set to the LDAP-Auth. Currently the patch checks to make sure the current provider is set to LDAP prior to updating any access.

@jketreno
Allow the 'LDAP Admin Filter' to be cleared
8171889 
Currently if you clear the LDAP Admin Filter field, it resets
to the default '(objectClass=JellyfinAdministrator)' which is
a little confusing.

This patch changes the code to set the state to '_disabled_' when
persisting to the plugin configuration. The backend then checks
for that value and only applies the LDAP filter if the field
does not equal '_disabled_'.

Signed-off-by: James Ketrenos <[email protected]>
@jketreno
Fix jellyfin#80 Update administrative privileges based on LDAP admin …
df1dcb3 
…filter

If an AdminFilter is set, and if the current user's admin access
does not match the state of that filter applied to that user, update
their status.

NOTE: If an AdminFilter is *not* set, no existing users will have
their access changed.

Signed-off-by: James Ketrenos <[email protected]>
@crobibero
Copy link
Member

The provider that is set is the only one that is checked, so the extra check is not needed

crobibero
crobibero reviewed Nov 5, 2021
View reviewed changes
Copy link
Member

@crobibero crobibero left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Additionally, we do 4 spaces for indentation

@jketreno
Copy link
Contributor Author

jketreno commented Nov 6, 2021

Fixed the ws and merged in your changes. Thanks for the edits.

@jketreno
removed development comment.
c2235e3 
Signed-off-by: James Ketrenos <[email protected]>
@crobibero crobibero added the feature This PR or Issue requests or introduces a new feature label Nov 6, 2021
@crobibero crobibero merged commit 70b5a94 into jellyfin:master Nov 6, 2021
@jellyfin-bot jellyfin-bot mentioned this pull request Nov 6, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@crobibero crobibero crobibero approved these changes

Assignees
No one assigned
Labels
feature This PR or Issue requests or introduces a new feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jketreno @crobibero