wenil/amneziavpnphp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Add LDAP/Active Directory integration with group-based access control

Browse Source 
- Add PHP LDAP extension to Docker container
- Implement LdapSync class for authentication and user synchronization
- Add automatic user sync via cron (every 30 minutes)
- Create role-based access control system (admin, manager, viewer)
- Add LDAP configuration UI in settings
- Support for both Active Directory and OpenLDAP
- Group-to-role mapping with flexible configuration
- Add 50+ translations (EN + RU) for LDAP features
- Include comprehensive setup documentation
- Enhance Auth::login() with LDAP fallback
- Add LDAP settings page with connection testing
This commit is contained in:
infosave2007
2025-11-10 17:46:27 +03:00
parent 40abe38616
commit 3d9cc02963
13 changed files with 1141 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
migrations/011_add_ldap_configs.sql
+38
View File
@@ -0,0 +1,38 @@
-- Migration: Add LDAP configuration and settings
-- Date: 2025-11-10
-- LDAP configuration table
CREATE TABLE IF NOT EXISTS ldap_configs (
id INT PRIMARY KEY AUTO_INCREMENT,
enabled BOOLEAN DEFAULT FALSE,
host VARCHAR(255) NOT NULL,
port INT DEFAULT 389,
use_tls BOOLEAN DEFAULT FALSE,
base_dn VARCHAR(255) NOT NULL,
bind_dn VARCHAR(255) NOT NULL,
bind_password VARCHAR(255) NOT NULL,
user_search_filter VARCHAR(255) DEFAULT '(uid=%s)',
group_search_filter VARCHAR(255) DEFAULT '(memberUid=%s)',
sync_interval INT DEFAULT 30 COMMENT 'Sync interval in minutes',
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
-- LDAP group to role mappings
CREATE TABLE IF NOT EXISTS ldap_group_mappings (
id INT PRIMARY KEY AUTO_INCREMENT,
ldap_group VARCHAR(255) NOT NULL UNIQUE,
role_name VARCHAR(50) NOT NULL,
description TEXT,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
-- Add ldap_sync flag to users table
ALTER TABLE users
ADD COLUMN ldap_synced BOOLEAN DEFAULT FALSE AFTER status,
ADD COLUMN ldap_dn VARCHAR(255) NULL AFTER ldap_synced,
ADD INDEX idx_ldap_dn (ldap_dn);
-- Insert default LDAP configuration (disabled by default)
INSERT IGNORE INTO ldap_configs (id, enabled, host, port, base_dn, bind_dn, bind_password)
VALUES (1, FALSE, 'ldap.example.com', 389, 'dc=example,dc=com', 'cn=admin,dc=example,dc=com', '');