Greenlight: Anonymous ldap bind doesn't work/not available

Created on 25 Mar 2020  路  3Comments  路  Source: bigbluebutton/greenlight

Does greenlight support anonymous binding? It is not clear from the documentation and commenting out or leaving empty LDAP_BIND_DN and LDAP_PASSWORD doesn't seem to work.
Anonymous binding is pretty standard and I guess should be easy to implement.
Thank you.

feature request

Most helpful comment

Well, basically I managed to enable anonymous binding, by modifying this code:
inside the docker image.

git diff
diff --git a/lib/bn-ldap-authentication.rb b/lib/bn-ldap-authentication.rb
index 563fbe1..34414df 100644
--- a/lib/bn-ldap-authentication.rb
+++ b/lib/bn-ldap-authentication.rb
@@ -15,9 +15,7 @@ module LdapAuthenticator
             host: provider_info[:host],
             port: provider_info[:port],
             auth: {
-                method: :simple,
-                username: provider_info[:bind_dn],
-                password: provider_info[:password]
+                method: :anonymous,
             },
             encryption: provider_info[:encryption]
         )

All 3 comments

Well, basically I managed to enable anonymous binding, by modifying this code:
inside the docker image.

git diff
diff --git a/lib/bn-ldap-authentication.rb b/lib/bn-ldap-authentication.rb
index 563fbe1..34414df 100644
--- a/lib/bn-ldap-authentication.rb
+++ b/lib/bn-ldap-authentication.rb
@@ -15,9 +15,7 @@ module LdapAuthenticator
             host: provider_info[:host],
             port: provider_info[:port],
             auth: {
-                method: :simple,
-                username: provider_info[:bind_dn],
-                password: provider_info[:password]
+                method: :anonymous,
             },
             encryption: provider_info[:encryption]
         )

I would like to request this, too. Should be as easy to implement as with setting a flag or letting it empty (tried this first, too).
For internal services, our LDAP server permits read access without authentication, or better, with anonymous binding. Would be a bit simpler than deploying a bind user.

I've submitted a patch to the library being used and plan on fixing this once that patch has been approved.

Was this page helpful?
0 / 5 - 0 ratings