[1.7.0] - 2022-03-19
Changed
- to support #ext#-users the following changes were necessary:
- added ldap attribute
AzureADuserPrincipalNamewith the original AAD-User (for login/password check in the AAD) - allowed domain mismatch for AD-Domain and LDAP-Domain
- try binding via
AzureADuserPrincipalNameif no entry foruid/dnis found - env var
GRAPH_FILTER_USERSto filter user entries in graph using the $filter query parameter
(default is set touserType eq 'Member', so external users (guests) will not be synced automatically by default) - env var
GRAPH_FILTER_GROUPSto filter group entries in graph using the $filter query parameter
(e.g. set it tosecurityEnabled eq trueso only security groups will be sync and not every teams-group)
- added ldap attribute
- SID calculation for users is now
sambaSID: fixedBase + "-" + (uidNumber * 2 + 1000) - SID calculation for groups is now
sambaSID: fixedBase + "-" + (gidNumber * 2 + 1001)
Added
- support #ext#-users (guest users from other
ExternalAzureAD) - add ldap attribute
sambaPrimaryGroupSIDfor users - optional env var
LDAP_SAMBADOMAINNAMEto manually set the sambaDomainName attribute in the LDAP - optional env var
SAMBA_BASESIDto overwrite the fixed base SID
Fixed
- documentation for join a device with a non AAD user
- handle for @odata.nextLink in graph responses (should fix parts of #14)
- converted schema csv files from utf-16 to utf-8
- handle cn=subschema like any other ldap entries instead of fixed search attributes
- register an error handler for the server (EventEmitter)
- escape LDAP special chars
,=+<>#;\with an additional backslash