Joplin server integration with LDAP server

arbdevml · 23 April 2023 13:42

Hello.
Joplin server integration with LDAP server.
Algorithm of implementation:

Add a Nodejs LDAP authentication library
(example: shaozi/ldap-authentication)
Add to the environment variables:
LDAP_URL: 'ldap://ldap.example.com'
adminDn: 'cn=read-only-admin,dc=example,dc=com'
adminPassword: 'password'
userSearchBase: 'dc=example,dc=com'
usernameAttribute: 'uid'
Log in
3.1. A user enters login and password,
and then the Joplin server checks if the LDAP environment
variables are present, and try to connect to the LDAP server.
3.2. Find the user in the LDAP server and if successful then check if the internal database has the user
3.3. If the internal database has the user then provide access to the user.
3.4. if the new user is absent from the Joplin database and needs to create a new one in the Joplin database.
3.5. Provide access to the user.
3.6. If the LDAP server is unavailable or has not the user needs to use an internal database.

Let's discuss it.

filimonic · 14 March 2024 16:22

bump. It's required feature, IMO.

server-side features:
- bind user to LDAP attribute (ex, not DN, but guid or any other id) in case user change it's human identifier (change mail, change username, etc.)
client should be managed with some kind of policies:
- disabling per-user encryption
- cloning encryption key to server side in case user forget it.

laurent · 14 March 2024 18:05

It's already implemented and the config documentation is there:

github.com

laurent22/joplin/blob/8eea3953f3f2e91a1250e65f09770ea4d4ac3bea/packages/server/src/env.ts#L111


      
          	STRIPE_SECRET_KEY: '',
          	STRIPE_WEBHOOK_SECRET: '',
          
          	// ==================================================
          	// User data deletion
          	// ==================================================
          
          	USER_DATA_AUTO_DELETE_ENABLED: false,
          	USER_DATA_AUTO_DELETE_AFTER_DAYS: 90,
          
          	// ==================================================
          	// LDAP configuration
          	// ==================================================
          
          	LDAP_1_ENABLED: false,
          	LDAP_1_USER_AUTO_CREATION: true, // if set to true, users will be created on the fly with data from ldap
          	LDAP_1_HOST: '', // ldap server in following format ldap(s)://servername:port
          	LDAP_1_MAIL_ATTRIBUTE: 'mail',
          	LDAP_1_FULLNAME_ATTRIBUTE: 'displayName',
          	LDAP_1_BASE_DN: '',
          	LDAP_1_BIND_DN: '', // used for user search - leave empty if ldap server allows anonymous bind

sargonas · 7 April 2024 03:09

When trying to set this up, I'm getting "Could not bind to the ldap server: Unable to verify the first certificate"

Presumably this is because I am connecting to an LDAPS port, and it's trying to validate the cert. However, I can't seem to find any breadcrumbs to lead me to how to teach the server to accept the cert, or how to tell it to skip verify. Any guidance there?

Topic		Replies	Views
Joplin Server - Admin Instance? Support	1	304	12 November 2023
Open to PR for Joplin Server SSO support? Development	11	2374	3 February 2024
How to access to API of Joplin headless server Support	9	1447	7 May 2020
Apache Reverse Proxy - Use root address Support	6	765	25 September 2021
What are some URLs that were detected by the firewall? Support	4	286	5 January 2024

Joplin server integration with LDAP server

Related Topics