From b2e1fc3ad9b4fdd304c3eba80145015147319061 Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <andrea.dellamico@isti.cnr.it>
Date: Thu, 26 Nov 2020 19:20:08 +0100
Subject: [PATCH] epas: fix the authenticated bind behaviour

---
 defaults/main.yml                    | 3 ++-
 templates/epas-docker-compose.yml.j2 | 5 +++--
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 59c8f5c..2e32f24 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -49,7 +49,8 @@ epas_ldap_login_return_uri: '/.'
 epas_ldap_eppn_attribute_name: 'eduPersonPrincipalName'
 epas_ldap_starttls_enabled: 'false'
 epas_ldap_authenticated_bind: False
-epas_ldap_bind_principal: 'cn=readuser,ou=People,o=example,c=org'
+epas_ldap_bind_dn: 'cn=readuser,ou=People,o=example,c=org'
 #epas_ldap_bind_credentials: 'use a vault file'
+epas_ldap_authenticate_user_search_dn: 'o=example,c=org'
 epas_log_level: 'INFO'
 epas_log_appenders: 'stderr'
diff --git a/templates/epas-docker-compose.yml.j2 b/templates/epas-docker-compose.yml.j2
index 93e1dc5..5ce9fed 100644
--- a/templates/epas-docker-compose.yml.j2
+++ b/templates/epas-docker-compose.yml.j2
@@ -67,8 +67,9 @@ services:
       - LDAP_LOGIN_RETURN={{ epas_ldap_login_return_uri }} # default: /. Indirizzo relativo di reindirizzamento dopo il login LDAP.
       - LDAP_EPPN_ATTRIBUTE_NAME={{ epas_ldap_eppn_attribute_name }}  # default: eduPersonPrincipalName. Campo LDAP utilizzato per il mapping con il campo eppn presente in ePAS.
 {% if epas_ldap_authenticated_bind %}
-      - LDAP_ADMIN_PRINCIPAL={{ epas_ldap_bind_principal }}
-      - LDAP_ADMIN_CREDENTIALS={{ epas_ldap_bind_credentials }}
+      - LDAP_BIND_DN={{ epas_ldap_bind_dn }}
+      - LDAP_BIND_CREDENTIALS={{ epas_ldap_bind_credentials }}
+      - LDAP_AUTHENTICATE_USER_SEARCH_DN={{ epas_ldap_authenticate_user_search_dn }}
 {% endif %}
       #### Invio Segnalazioni via email
       #- REPORT_TO=${REPORT_TO}                 # default: epas@iit.cnr.it