finn/forgejo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Make LDAP be able to skip local 2FA (#16954)

Browse source 
This PR extends #16594 to allow LDAP to be able to be set to skip local 2FA too. The technique used here would be extensible to PAM and SMTP sources.

Signed-off-by: Andrew Thornton <art27@cantab.net>
This commit is contained in:
zeripath 2021-09-17 12:43:47 +01:00 committed by GitHub
parent f96d0d3d5b
commit 27b351aba5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
16 changed files with 84 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

8
cmd/admin_auth_ldap.go
View file

@ -89,6 +89,10 @@ var (
Name: "public-ssh-key-attribute",
Usage: "The attribute of the users LDAP record containing the users public ssh key.",
},
cli.BoolFlag{
Name: "skip-local-2fa",
Usage: "Set to true to skip local 2fa for users authenticated by this source",
},
}
ldapBindDnCLIFlags = append(commonLdapCLIFlags,
@ -245,6 +249,10 @@ func parseLdapConfig(c *cli.Context, config *ldap.Source) error {
if c.IsSet("allow-deactivate-all") {
config.AllowDeactivateAll = c.Bool("allow-deactivate-all")
}
if c.IsSet("skip-local-2fa") {
config.SkipLocalTwoFA = c.Bool("skip-local-2fa")
}
return nil
}