In --no-db mode, load passwords from the users file instead of the
connectors file. This allows us to remove the password infos field
from the local connector and stop loading them during connector
registration, a case that was causing panics when using a real
database (see #286).
Fixes#286Closes#340
Authentication is performed by binding to the configured LDAP server using
the user supplied credentials. Successfull bind equals authenticated user.
Optionally the connector can be configured to search before authentication.
The entryDN found will be used to bind to the LDAP server.
This feature must be enabled to get supplementary information from the
directory (ID, Name, Email). This feature can also be used to limit access
to the service.
Example use case: Allow your users to log in with e-mail address instead of
the identification string in your DNs (typically username).
To make re-use of HTTP form handling code from the Local connector possible:
- Implemented IdentityProvider interface
- Moved the re-used functions to login_local.go
Fixes#119
HTTP code 307 aka. StatusTemporaryRedirect is used throughout the
project. However, the endpoints redirected to explicitly expects
the client to make a GET request.
If a HTTP client issues a POST request to a server and receives a
HTTP 307 redirect, it forwards the POST request to the new URL.
When using 302 the HTTP client will issue a GET request.
Fixes#287