Fix LDAP env variables

docker/.env.example

@@ -1,6 +1,5 @@
 # General
 COMPOSE_PROJECT_NAME=taranis-ng
-TARANIS_NG_AUTHENTICATOR=password
 HTTP_PROXY=
 HTTPS_PROXY=
 
@@ -31,6 +30,14 @@ TARANIS_NG_HOSTNAME=localhost
 TARANIS_NG_HTTPS_PORT=4443
 TARANIS_NG_HTTP_PORT=8080
 TARANIS_NG_HTTPS_URI=https://localhost:4443
+TARANIS_NG_AUTHENTICATOR=password
+
+# To use LDAP authentication, adjust the following lines to your LDAP server,
+# change TARANIS_NG_AUTHENTICATOR to ldap and add CA certificate to "auth/ldap_ca.pem"
+# or point LDAP_CA_CERT_PATH to it.
+LDAP_SERVER=ldaps://ldap.example.com
+LDAP_BASE_DN="ou=people,dc=example,dc=com"
+
 TRAEFIK_MANAGEMENT_PORT=127.0.0.1:8081
 
 # Limits

docker/docker-compose.yml

@@ -60,6 +60,9 @@ services:
       DB_POOL_RECYCLE: 300
       DB_POOL_TIMEOUT: 30
       TARANIS_NG_AUTHENTICATOR: "${TARANIS_NG_AUTHENTICATOR}"
+      LDAP_SERVER: "${LDAP_SERVER}"
+      LDAP_BASE_DN: "${LDAP_BASE_DN}"
+      LDAP_CA_CERT_PATH:
 
       JWT_SECRET_KEY: "${JWT_SECRET_KEY}"
       JWT_SECRET_KEY_FILE: /run/secrets/jwt_secret_key

src/core/auth/ldap_authenticator.py

@@ -1,3 +1,15 @@
+"""This module provides an LDAPAuthenticator class that authenticates users against an LDAP server.
+
+Attributes:
+    LDAP_SERVER (str): The LDAP server URL.
+    LDAP_BASE_DN (str): The base DN (Distinguished Name) for LDAP queries.
+    LDAP_CA_CERT_PATH (str): The file path to the LDAP CA certificate.
+
+Classes:
+    LDAPAuthenticator: Authenticates users against an LDAP server.
+
+"""
+
 from managers import log_manager
 from auth.base_authenticator import BaseAuthenticator
 from flask import request
@@ -9,7 +21,7 @@
 
 
 class LDAPAuthenticator(BaseAuthenticator):
-    """Authenticates users against an LDAP server.
+    """Authenticate users against an LDAP server.
 
     Args:
         BaseAuthenticator (_type_): _description_
@@ -18,23 +30,25 @@ class LDAPAuthenticator(BaseAuthenticator):
         _type_: _description_
     """
 
-    LDAP_SERVER = os.getenv('LDAP_SERVER')
-    LDAP_BASE_DN = os.getenv('LDAP_BASE_DN')
-    LDAP_CA_CERT_PATH = os.getenv('LDAP_CA_CERT_PATH')
-    if LDAP_CA_CERT_PATH is not None and not os.path.isfile(LDAP_CA_CERT_PATH):
-        LDAP_CA_CERT_PATH = None
+    LDAP_SERVER = os.getenv("LDAP_SERVER")
+    LDAP_BASE_DN = os.getenv("LDAP_BASE_DN")
+    if os.getenv("LDAP_CA_CERT_PATH") not in [None, ""]:
+        LDAP_CA_CERT_PATH = os.getenv("LDAP_CA_CERT_PATH")
+    elif os.path.isfile("auth/ldap_ca.pem"):
+        LDAP_CA_CERT_PATH = "auth/ldap_ca.pem"
+    else:
         log_manager.store_auth_error_activity("No LDAP CA certificate found. LDAP authentication might not work.")
 
     def get_required_credentials(self):
-        """Gets the username and the password.
+        """Get the username and the password.
 
         Returns:
             _type_: _description_
         """
         return ["username", "password"]
 
     def authenticate(self, credentials):
-        """Tries to authenticate the user against the LDAP server.
+        """Try to authenticate the user against the LDAP server.
 
         Args:
             credentials (_type_): _description_