Commit Graph

220 Commits

Author SHA1 Message Date
ralf
bdf50616e9 * ActiveDirectory: allow to disable VLV controls, if your AD has problems with it AND can return all users in a single query 2024-09-11 09:01:13 +02:00
ralf
83f3c310e5 fix typo prefer(r)ed_username and support config-values with at least one underscore in it like "preferred_username" 2024-07-19 15:15:46 +02:00
ralf
4b90d2d0cf * Api/Auth/OpenIDConnect: allow to specify which JWT payload attribute to use and a regular expression to extract username from it 2024-07-19 14:11:17 +02:00
ralf
5ae371e02d "distributionlists too" could not be deactivated 2024-01-15 11:02:47 +02:00
ralf
6b920ee78c * OpenIDConnect: allow to show as button on login page to use together with regular password login
also fix/hack not working social icons and SAML button on login page
2024-01-15 08:48:14 +02:00
ralf
6dea7024f1 * ActiveDirectory: optionally also use/import groups of type distribution-list 2024-01-11 10:48:04 +02:00
ralf
f4b9f4ae12 translation and documenting the callback URL for OpenID Connect 2023-12-11 10:43:15 +02:00
ralf
11079503d1 * API: support OpenID Connect for authentication against another OIC IdP
also migrating old fallback auth classes to new auth_fallback parameter and reordering providers a bit / give OIC a prominent position
2023-11-17 10:18:23 +02:00
ralf
e784e1cb0d * AD/LDAP Import: allow setting import frequency < 1h eg. .1: every 5min, .5: every 30min 2023-10-24 09:51:16 +03:00
ralf
39848c7efe * AD/LDAP: added a DN filter to the periodic import to e.g. use 2 OU with a shared base 2023-08-21 17:16:37 +02:00
ralf
0e3eb70fae allow to set a higher account-import log-level then "info" 2023-08-15 16:07:49 +02:00
ralf
78068ca34a * Setup/Authentication: added an authentication log and fallback authentication for all backends 2023-07-14 08:42:58 +02:00
ralf
e1996bc084 fix missing (vertical) scrollbar, if whole list of backups is otherwise not visible 2023-07-11 14:23:20 +02:00
ralf
5f71875eaa do not show passwords via header-admin unless downloading the file is the only way to update it due to not existing write permissions 2023-06-16 11:37:13 +02:00
ralf
2cde60c266 * LDAP/Univention: periodic account-import for Univention (mailPrimaryAddress), use LDAP account-filter for reading accounts too
also set chunk-size for reading to 500 was somehow 5, probably from debugging
2023-03-25 21:37:21 +01:00
ralf
bf0de6de96 * Admin/Setup: logging all DB backup operations to a text file db_backup.log in backup-directory 2023-03-10 08:35:17 +01:00
ralf
ceab3ac564 fix typo "recommen(d)" 2023-03-02 14:24:34 +01:00
ralf
190c785388 * AD/LDAP: account import supports now (keeping) local groups and their memberships, if configured to do so 2023-02-24 09:47:42 +01:00
ralf
a823563281 * Setup: add dry-run option to account import from AD or LDAP 2022-11-21 10:10:27 +01:00
ralf
8ff468520d fix not shown bullet image in setup by including and using it from setup/templates/default/images/
the svg in api does not look any good in setup's old template :(
2022-08-04 10:46:13 +02:00
ralf
480e913151 add uid to selectable username attributes 2022-07-11 12:22:06 +02:00
ralf
6fb464d90b * ActiveDirectory/LDAP: implemented deleting of accounts via full/initial import, periodic import does NOT delete 2022-07-06 17:08:44 +02:00
ralf
242e055f53 * ActiveDirectory: allow to configure an optional group-context
also fixes problems with Univention AD storing stock groups (eg. Domain Users) in a different OU=Groups than users
2022-06-30 16:44:51 +02:00
ralf
970c22b2a2 some fixes for LDAP/ADS account import:
- fix not working "Users, groups and memberships" option
- calling add/edit account/group hooks to eg. create home-directories and mail-accounts
2022-06-30 15:17:19 +02:00
ralf
2dd3a25b35 WIP ADS/LDAP account import:
- implement import from groups and memberships
--> ToDo: deleting of accounts and testing with LDAP
2022-06-28 22:21:08 +02:00
ralf
e28329b1d7 WIP ADS/LDAP account-import:
- refactored to a class
- added async import and logging
--> ToDo: groups, deleting of users and testing with LDAP
2022-06-28 16:58:38 +02:00
ralf
ee58655ce6 WIP ADS/LDAP account-sync:
- using (simple) paged result for initial sync
- incremental sync uses modification time
- currently only user and no periodic sync yet
2022-06-27 21:08:34 +02:00
ralf
ab427562b7 * LDAP: implement optional group-filter
also some code cleanups and fixes
2022-05-20 21:47:02 +02:00
Ralf Becker
673760f59d * Setup/SAML: fix not stored custome OID and added eduPersonUniqueId 2021-04-07 10:07:56 +02:00
Ralf Becker
51edbcf34e fix logo size in setup 2021-02-26 11:52:26 +02:00
Ralf Becker
3c956d0144 * Saml/Shiboleth/SmallPART: allow to use affiliation attribute to sync with Teachers group 2020-10-30 11:44:49 +01:00
Ralf Becker
3ee7574294 * Authentication: allow using multiple backends, even same backend multiple times with different configuration 2020-09-10 17:12:53 +02:00
Ralf Becker
c3000beb5f * ActiveDirectory: implement addtional user or group filter 2020-09-02 14:14:11 +02:00
Ralf Becker
73515cd412 fix wrong idp example 2020-06-19 14:21:29 +02:00
Ralf Becker
b7ed148371 * SAML: support joining a SAML account to an existing one, if configured in setup
notification of user does not yet work, as redirect on login page looses Api\Framework::message() :(
2020-06-11 16:03:54 +02:00
Ralf Becker
4c131c1866 SAML/Shibboleth with multiple IdP or optional on regular login page 2020-06-10 15:19:24 +02:00
Ralf Becker
b1f79d1c40 * SAML/Shibboleth/SimpleSAMLphp authentication configurable through setup 2020-05-28 23:24:09 +02:00
Ralf Becker
2776d215e2 * Login: RememberMe token for either automatic login or as 2. factor for 2-Factor-Auth 2019-08-03 18:37:18 +02:00
Hadi Nategh
49abce8235 Fix wrongly spelled EGroupware name 2018-04-11 15:13:39 +02:00
Ralf Becker
37957a49f4 update/add support options in setup and about EGroupware page 2018-01-29 10:20:18 +01:00
Ralf Becker
7af18ff895 remove SyncML Authentication config 2016-06-09 16:20:18 +02:00
Ralf Becker
33605585e2 move default login and head templates from idots to api/templates/default and some other fixes to fix up non-Pixelegg login and old templates 2016-05-05 13:29:41 +00:00
Ralf Becker
c15fcdfb52 WIP egw installs now without phpgwapi and allows to login 2016-05-02 22:26:40 +00:00
Ralf Becker
c14f25c0e8 hide spellchecker config and always use browser native spellchecker 2016-04-25 20:14:47 +00:00
Ralf Becker
978f8e282d show api version instead of phpgwapi 2016-04-02 20:25:01 +00:00
Ralf Becker
6c7026fa52 * Setup: support mail authentication without PHP imap extension 2015-06-10 15:44:01 +00:00
Ralf Becker
e5b3a83693 allow to update passwords from LDAP, if accounts stored in SQL and authentication is against LDAP 2014-11-17 12:19:56 +00:00
Ralf Becker
753ce75b15 using univention-directory-manager cli to create not accounts to get Kerberos stuff addded 2014-11-05 20:27:52 +00:00
Ralf Becker
d5cb4112b5 * Setup: fixed fatal error "Cannot redeclare auth_type()", when there is a validation error on saving configuration 2014-07-03 12:46:08 +00:00
Ralf Becker
6a016fac3f prevent false CSRF warning, if DB schema upgrade is needed 2014-06-24 08:43:46 +00:00