Merge pull request #2167 from RocketChat/improvements/new-ldap

LDAP Refactor

.jshintrc

@@ -0,0 +1,4 @@
+{
+  "esversion": 6,
+  "predef": [ "Meteor", "RocketChat" ]
+}

i18n/en.i18n.json

@@ -263,25 +263,45 @@
   "Layout_Sidenav_Footer_description" : "Footer size is 260 x 70px",
   "Layout_Terms_of_Service" : "Terms of Service",
   "LDAP" : "LDAP",
-  "LDAP_Bind_Search" : "Bind Search",
-  "LDAP_Bind_Search_Description" : "A piece of JSON that governs bind and connection info and is of the form {\"filter\": \"(&(objectCategory=person)(objectclass=user)(memberOf=CN=ROCKET_ACCESS,CN=Users,DC=domain,DC=com)(sAMAccountName=#{username}))\", \"scope\": \"sub\", \"userDN\": \"rocket.service@domain.com\", \"password\": \"urpass\"}",
   "LDAP_CA_Cert" : "CA Cert",
+  "LDAP_Custom_Domain_Search" : "Custom Domain Search",
+  "LDAP_Custom_Domain_Search_Description" : "A piece of JSON that governs bind and connection info and is of the form:<br/> <code>{\"filter\": \"(&(objectCategory=person)(objectclass=user)(memberOf=CN=ROCKET_ACCESS,CN=Users,DC=domain,DC=com)(sAMAccountName=#{username}))\", \"scope\": \"sub\", \"userDN\": \"rocket.service@domain.com\", \"password\": \"urpass\"}</code>",
   "LDAP_Default_Domain" : "Default Domain",
   "LDAP_Description" : "LDAP is a hierarchical database that many companies use to provide single sign on - a facility for sharing one password between multiple sites and services. For advanced configuration information and examples, please consult our wiki: https://github.com/RocketChat/Rocket.Chat/wiki/LDAP-Authentication.",
-  "LDAP_DN" : "Distinguished Name (DN)",
-  "LDAP_DN_Description" : "Search root; example: dc=domain,dc=com",
-  "LDAP_Enable" : "Enable LDAP",
+  "LDAP_Domain_Base" : "Domain Base",
+  "LDAP_Domain_Base_Description" : "The fully qualified Distinguished Name (DN) of an LDAP subtree you want to search for users and groups. You can add as many as you like; however, each group must be defined in the same domain base as the users that belong to it. If you specify restricted user groups, only users that belong to those groups will be in scope. We recommend that you specify the top level of your LDAP directory tree as your domain base and use search filter to control access.",
+  "LDAP_Domain_Search_Object_Category" : "Domain Search Object Category",
+  "LDAP_Domain_Search_Object_Category_Description" : "The *objectCategory* that identify your users.<br/>Leave empty for *OpenLDAP*.<br/>E.g. `person`, etc.",
+  "LDAP_Domain_Search_Object_Class" : "Domain Search Object Class",
+  "LDAP_Domain_Search_Object_Class_Description" : "The *objectclass* that identify your users. <br/>E.g. `organizationalPerson`, `user`, `inetOrgPerson`, etc.",
+  "LDAP_Domain_Search_Password" : "Domain Search Password",
+  "LDAP_Domain_Search_Password_Description" : "The password for the domain search user.",
+  "LDAP_Domain_Search_User" : "Domain Search User",
+  "LDAP_Domain_Search_User_Description" : "The LDAP user that performs user lookups to authenticate other users when they sign in. <br/>This is typically a service account created specifically for third-party integrations. Use a fully qualified name, such as `cn=Administrator,cn=Users,dc=Example,dc=com`.",
+  "LDAP_Domain_Search_User_ID" : "Domain Search User ID",
+  "LDAP_Domain_Search_User_ID_Description" : "The LDAP attribute that identifies the LDAP user who attempts authentication. This field should be `sAMAccountName` for most Active Directory installations, but it may be `uid` for other LDAP solutions, such as OpenLDAP. You can use `mail` to identify users by e-mail or whatever attribute you want.<br>You can user multiple values separated by comma to allow users to login using multiple identifiers like username or email.",
+  "LDAP_Enable" : "Enable",
   "LDAP_Enable_Description" : "Attempt to utilize LDAP for authentication.",
-  "LDAP_Port" : "LDAP Port",
-  "LDAP_Port_Description" : "Port to access LDAP on; eg: 389",
+  "LDAP_Encryption" : "Encryption",
+  "LDAP_Encryption_Description" : "The encryption method used to secure communications to the LDAP server. Examples include `plain` (no encryption), `SSL/LDAPS` (encrypted from the start), and `StartTLS` (upgrade to encrypted communication once connected).",
+  "LDAP_Host" : "Host",
+  "LDAP_Host_Description": "The LDAP host, e.g. `ldap.example.com` or `10.0.0.30`.",
+  "LDAP_Port" : "Port",
+  "LDAP_Port_Description" : "Port to access LDAP. eg: `389` or `636` for LDAPS",
   "LDAP_Reject_Unauthorized" : "Reject Unauthorized",
+  "LDAP_Domain_Search_Filter" : "Domain Search Filter",
+  "LDAP_Domain_Search_Filter_Description" : "If specified, only users that match this filter will be allowed to log in. If no filter is specified, all users within the scope of the specified domain base will be able to sign in.<br/>E.g. for Active Directory `memberOf=cn=ROCKET_CHAT,ou=General Groups`.<br/>E.g. for OpenLDAP (extensible match search) `ou:dn:=ROCKET_CHAT`.",
   "LDAP_Sync_User_Data" : "Sync Data",
   "LDAP_Sync_User_Data_Description" : "Keep user data in sync with server on login (eg: name, email).",
   "LDAP_Sync_User_Data_FieldMap" : "User Data Field Map",
-  "LDAP_Sync_User_Data_FieldMap_Description" : "Configure how user account fields (like email) are populated from a record in LDAP (once found). As an example, {\"cn\":\"name\", \"mail\":\"email\"} will choose a person's human readable name from the cn attribute, and their email from the mail attribute. Available fields include name, and email.",
-  "LDAP_TLS" : "TLS",
-  "LDAP_Url" : "LDAP URL",
-  "LDAP_Url_Description" : "URL of the LDAP server; example: ldap://company.dns.com",
+  "LDAP_Sync_User_Data_FieldMap_Description" : "Configure how user account fields (like email) are populated from a record in LDAP (once found). <br/>As an example, `{\"cn\":\"name\", \"mail\":\"email\"}` will choose a person's human readable name from the cn attribute, and their email from the mail attribute.<br/> Available fields include `name`, and `email`.",
+  "LDAP_Test_Connection" : "Test Connection",
+  "LDAP_Unique_Identifier_Field" : "Unique Identifier Field",
+  "LDAP_Unique_Identifier_Field_Description" : "Which field will be used to link the LDAP user and the Rocket.Chat user. You can inform multiple values separated by comma to try to get the value from LDAP record.<br/>Default value is `objectGUID,ibm-entryUUID,GUID,dominoUNID,nsuniqueId,uidNumber`",
+  "LDAP_Use_Custom_Domain_Search" : "Use Custom Domain Search",
+  "LDAP_Use_Custom_Domain_Search_Description" : "Write your own filter to search users in the LDAP server.",
+  "LDAP_Username_Field" : "Username Field",
+  "LDAP_Username_Field_Description" : "Which field will be used as *username* for new users. Leave empty to use the username informed on longin page.<br/>Default value is `sAMAccountName`.",
   "Leave_Group_Warning": "Are you sure you want to leave the group \"%s\"?",
   "Leave_Private_Warning": "Are you sure you want to leave the discussion with \"%s\"?",
   "Leave_room" : "Leave room",
@@ -355,6 +375,7 @@
   "No_channel_with_name_%s_was_found" : "No channel with name <strong>\"%s\"</strong> was found!",
   "No_channels_yet" : "You aren't part of any channel yet.",
   "No_direct_messages_yet" : "You haven't started any conversations yet.",
+  "No_Encryption" : "No Encryption",
   "No_favorites_yet" : "You haven't added any favorites yet.",
   "No_group_with_name_%s_was_found" : "No private group with name <strong>\"%s\"</strong> was found!",
   "No_groups_yet" : "You have no private groups yet.",
@@ -468,6 +489,7 @@
   "SAML_Custom_Provider" : "Custom Provider",
   "Save_changes" : "Save changes",
   "Save_Mobile_Bandwidth" : "Save Mobile Bandwidth",
+  "Save_to_enable_this_action" : "Save to enable this action",
   "Screen_Share" : "Screen Share",
   "Search" : "Search",
   "Search_Messages" : "Search Messages",
@@ -535,6 +557,7 @@
   "strike" : "strike",
   "Submit" : "Submit",
   "Success" : "Success",
+  "Test_Connection" : "Test Connection",
   "The_application_name_is_required" : "Th _application name is required",
   "The_channel_name_is_required" : "The channel name is required",
   "The_field_is_required" : "The field %s is required.",

packages/rocketchat-ldap/ldap_client.js → packages/rocketchat-ldap/client/loginHelper.js

@@ -32,10 +32,14 @@ Meteor.loginWithLDAP = function(username, password, customLdapOptions, callback)
 		methodArguments: [loginRequest],
 		userCallback: function(error, result) {
 			if (error) {
-				callback && callback(error);
+				if (callback) {
+					callback(error);
+				}
 			} else {
-				callback && callback();
+				if (callback) {
+					callback();
+				}
 			}
 		}
 	});
-}
+};