Add krbRemoveDomain parameter (#707)

lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm

@@ -71,6 +71,7 @@ sub defaultValues {
         'issuerDBSAMLRule'          => 1,
         'jsRedirect'                => 0,
         'krbAuthnLevel'             => 3,
+        'krbRemoveDomain'           => 1,
         'ldapAuthnLevel'            => 2,
         'ldapBase'                  => 'dc=example,dc=com',
         'ldapExportedVars'          => {

lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/ReConstants.pm

@@ -42,7 +42,7 @@ our $authParameters = {
   dbiParams => [qw(dbiAuthnLevel dbiExportedVars dbiAuthChain dbiAuthUser dbiAuthPassword dbiUserChain dbiUserUser dbiUserPassword dbiAuthTable dbiUserTable dbiAuthLoginCol dbiAuthPasswordCol dbiPasswordMailCol userPivot dbiAuthPasswordHash dbiDynamicHashEnabled dbiDynamicHashValidSchemes dbiDynamicHashValidSaltedSchemes dbiDynamicHashNewPasswordScheme)],
   demoParams => [qw(demoExportedVars)],
   facebookParams => [qw(facebookAuthnLevel facebookExportedVars facebookAppId facebookAppSecret)],
-  kerberosParams => [qw(krbKeytab krbByJs krbAuthnLevel)],
+  kerberosParams => [qw(krbKeytab krbByJs krbAuthnLevel krbRemoveDomain)],
   ldapParams => [qw(ldapAuthnLevel ldapExportedVars ldapServer ldapPort ldapBase managerDn managerPassword ldapTimeout ldapVersion ldapRaw LDAPFilter AuthLDAPFilter mailLDAPFilter ldapSearchDeref ldapGroupBase ldapGroupObjectClass ldapGroupAttributeName ldapGroupAttributeNameUser ldapGroupAttributeNameSearch ldapGroupRecursive ldapGroupAttributeNameGroup ldapPpolicyControl ldapSetPassword ldapChangePasswordAsUser ldapPwdEnc ldapUsePasswordResetAttribute ldapPasswordResetAttribute ldapPasswordResetAttributeValue ldapAllowResetExpiredPassword)],
   linkedinParams => [qw(linkedInAuthnLevel linkedInClientID linkedInClientSecret linkedInFields linkedInUserField linkedInScope)],
   nullParams => [qw(nullAuthnLevel)],

lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm

@@ -1274,6 +1274,10 @@ qr/^(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-
         'krbKeytab' => {
             'type' => 'text'
         },
+        'krbRemoveDomain' => {
+            'default' => 1,
+            'type'    => 'bool'
+        },
         'ldapAllowResetExpiredPassword' => {
             'default' => 0,
             'type'    => 'bool'

lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm

@@ -2350,6 +2350,11 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
             default       => 3,
             documentation => 'Null authentication level',
         },
+        krbRemoveDomain => {
+            type          => 'bool',
+            default       => 1,
+            documentation => 'Remove domain in Kerberos username',
+        },
 
         # Slave
         slaveAuthnLevel => {

lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm

@@ -209,7 +209,7 @@ sub tree {
                         {
                             title => 'kerberosParams',
                             help  => 'authkerberos.html',
-                            nodes => [ 'krbKeytab', 'krbByJs', 'krbAuthnLevel' ]
+                            nodes => [ 'krbKeytab', 'krbByJs', 'krbAuthnLevel', 'krbRemoveDomain' ]
                         },
                         {
                             title => 'ldapParams',

lemonldap-ng-manager/site/htdocs/static/languages/ar.json

@@ -309,6 +309,7 @@
 "krbAuthnLevel": "مستوى مصادقة كيربيروس",
 "krbByJs": "استخدام طلب أجاكس",
 "krbKeytab": "كيتاب",
+"krbRemoveDomain": "Remove domain from Kerberos username",
 "kerberosParams": "معايير كيربيروس",
 "languages": "اللغات",
 "latest": "الأحدث",

lemonldap-ng-manager/site/htdocs/static/languages/en.json

@@ -309,6 +309,7 @@
 "krbAuthnLevel": "Kerberos authn level",
 "krbByJs": "Use Ajax request",
 "krbKeytab": "keytab file",
+"krbRemoveDomain": "Remove domain from Kerberos username",
 "kerberosParams": "Kerberos parameters",
 "languages": "Languages",
 "latest": "Latest",

lemonldap-ng-manager/site/htdocs/static/languages/fr.json

@@ -309,6 +309,7 @@
 "krbAuthnLevel": "Niveau d'authentification Kerberos",
 "krbByJs": "Utilise une requête Ajax",
 "krbKeytab": "Fichier keytab",
+"krbRemoveDomain": "Supprimer le domaine du nom d'utilisateur",
 "kerberosParams": "Paramètres Kerberos",
 "languages": "Langues",
 "latest": "Dernière",

lemonldap-ng-manager/site/htdocs/static/languages/it.json

@@ -309,6 +309,7 @@
 "krbAuthnLevel": "Livello Kerberos authn",
 "krbByJs": "Utilizzare la richiesta Ajax",
 "krbKeytab": "File keytab",
+"krbRemoveDomain": "Remove domain from Kerberos username",
 "kerberosParams": "Parametri di Kerberos",
 "languages": "Lingue",
 "latest": "Più recente",

lemonldap-ng-manager/site/htdocs/static/languages/vi.json

@@ -309,6 +309,7 @@
 "krbAuthnLevel": "Cấp authn Kerberos",
 "krbByJs": "Sử dụng yêu cầu Ajax",
 "krbKeytab": "tệp keytab",
+"krbRemoveDomain": "Remove domain from Kerberos username",
 "kerberosParams": "Tham số Kerberos",
 "languages": "Ngôn ngữ",
 "latest": "Mới nhất",

lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Kerberos.pm

@@ -131,6 +131,10 @@ sub extractFormInfo {
         return PE_ERROR;
     }
     $self->userLogger->notice("$client_name authentified by Kerberos");
+    $req->{_krbUser} = $client_name;
+    if ( $self->conf->{krbRemoveDomain} ) {
+        $client_name =~ s/^(.*)@.*$/$1/;
+    }
     $req->user($client_name);
     return PE_OK;
 }
@@ -146,6 +150,7 @@ sub authLogout {
 sub setAuthSessionInfo {
     my ( $self, $req ) = @_;
     $req->{sessionInfo}->{authenticationLevel} = $self->conf->{krbAuthnLevel};
+    $req->{sessionInfo}->{_krbUser}            = $req->{_krbUser};
     PE_OK;
 }