* Install bouncer
* Seeder and level migration
* Display and edit roles
* remove unused deluser page
* Update Radius and SSO to assign roles
* update AlertUtil direct level check to use roles instead
* rewrite ircbot auth handling
* Remove legacy auth getUserlist and getUserlevel methods, add getRoles
Set roles in LegacyUserProvider
* Small cleanups
* centralize role sync code
show roles on user preferences page
* VueSelect component WIP and a little docs
* WIP
* SelectControllers id and text fields.
* LibrenmsSelect component extracted from SettingSelectDynamic
* Handle multiple selections
* allow type coercion
* full width settings
* final style adjustments
* Final compiled assets update
* Style fixes
* Fix SSO tests
* Lint cleanups
* small style fix
* don't use json yet
* Update baseline for usptream package issues
* Change schema, not 100% sure it is correct
not sure why xor doesn't work
* Adding an option (auth_ldap_skip_group_check) to bypass ldap_compare if the server does not support the option
* add auth_ldap_skip_group_check to config_definitions.json
* update resources/lang/en/settings.php
* add missing comma
* rename auth_ldap_skip_group_check to auth_ldap_require_groupmembership and change logic
Co-authored-by: Tony Murray <murraytony@gmail.com>
* Add option to authenticate user independtly of OU
* Set config option in webui
* Compatibility with bind username option
* ran ./lnms translation:generate
* update doc
* Modification of the getUserlist fonction to use ldap filter
* Modification of the getUserlist fonction to use ldap filter V2
* documentation of auth_ldap_Userlist_filter option
* documentation of auth_ldap_Userlist_filter option V2
* Allow filtering of getUserlist LDAP function
* Fix API auth issues
Api access page now creates tokens with the correct ID.
Correctly creates users for legacy user tokens.
Fix Ldap comparison
Laravel Util class to make code easier to access/read
* More api access page fixes
* fix style
* Use Laravel for authentication
Support legacy auth methods
Always create DB entry for users (segregate by auth method)
Port api auth to Laravel
restrict poller errors to devices the user has access to
Run checks on every page load. But set a 5 minute (configurable) timer.
Only run some checks if the user is an admin
Move toastr down a few pixels so it isn't as annoying.
Fix menu not loaded on laravel pages when twofactor is enabled for the system, but disabled for the user.
Add two missing menu entries in the laravel menu
Rewrite 2FA code
Simplify some and verify code before applying
Get http-auth working
Handle legacy $_SESSION differently. Allows Auth::once(), etc to work.
* Fix tests and mysqli extension check
* remove duplicate Toastr messages
* Fix new items
* Rename 266.sql to 267.sql
Allow to use full DN as value for member attribute instead of member: username
I dont use LDAP so this should be tested with both methods.
For using fulldn as user `$config['ldap_auth_userdn'] = true;` must be set in config.php
This comes from https://community.librenms.org/t/feature-request-full-dn-as-group-member-attibute-in-ldap-auth/4805
DO NOT DELETE THIS TEXT
#### Please note
> Please read this information carefully. You can run `./scripts/pre-commit.php` to check your code before submitting.
- [ x] Have you followed our [code guidelines?](http://docs.librenms.org/Developing/Code-Guidelines/)
#### Testers
If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 5926`
* LDAP debug
Updated LDAP and AD docs
ldap protocol default to v3 (so we don't have to set it all the time). If this fails it should revert to v2.
ad was using auth_ad_timeout incorrectly (1 I think)
* Add option to list all users.
Improve LDAP filtering to improve the speed of some pages (Dashboard and
Edit User mainly). If we don't apply this filter all the users are getted
from LDAP and used in to the loop, with 2k users (for us) the page take
more than 15 seconds to be loaded.
I have check than people still have differante access with this fix.
* refactor: AD Auth defer connection until it is needed
Nice error if php-ldap is missing instead of http 500.
* Add the same error when ldap is missing to other auth methods.
Not as graceful looking in the authorizers since they do not defer connection.
* Refactored authorizers to classes
* Merge changes for #7335
* ! fix php 5.3 incompatibility
* Update ADAuthorizationAuthorizer.php
* Fix get_user -> getUser
* Rename AuthorizerFactory to Auth, fix interface missing functions
* Add phpdocs to all interface methods and normalize the names a bit.
* Re-work auth_test.php AD bind tests to work properly with the new class.
Reflection is not the nicest tool, but I think it is appropriate here.
Handle exceptions more nicely in auth_test.php
* Restore AD getUseList fix
Not sure how it got removed
* fix auth_test.php style
