[PR #5345] Feature/ldap auth #4187

New issue

Open

opened 2026-02-26 08:33:25 +03:00 by kerem · 0 comments

kerem commented

2026-02-26 08:33:25 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/NginxProxyManager/nginx-proxy-manager/pull/5345
Author: @Wadera
Created: 2/23/2026
Status: 🔄 Open

Base: develop ← Head: feature/ldap-auth

📝 Commits (10+)

1f4de6d feat(ldap): LDAP authentication with group-based access control and security hardening
82f669a test(ldap): comprehensive test suite — 196 tests across 4 suites
8b6e65a fix(lint): resolve all Biome lint errors in test mocks and LDAP modules
7f3fa89 ci: retrigger build (transient cypress image failure)
43ff83a fix(ldap): semaphore leak in withServiceClient — use try/finally to guarantee returnToPool
f5a8cee fix(ldap): rate-limit user bind connections via login semaphore
6d3cbd7 fix(ldap): add UNIQUE constraint on user email + skip redundant login patches
005cde6 Merge remote-tracking branch 'github/develop' into feature/ldap-auth
3920d35 fix(ldap): replace plain UNIQUE email index with partial index for soft-delete compatibility
ba3e005 fix(ldap): make email_active migration idempotent for MySQL CI

📊 Changes

63 files changed (+8840 additions, -167 deletions)

View changed files

📝 README.md (+41 -0)
➕ backend/__mocks__/bcrypt.js (+17 -0)
➕ backend/__mocks__/config.js (+42 -0)
➕ backend/__mocks__/db.js (+7 -0)
➕ backend/__mocks__/lodash.js (+74 -0)
➕ backend/__mocks__/moment.js (+32 -0)
➕ backend/__mocks__/node-rsa.js (+15 -0)
➕ backend/__mocks__/objection.js (+56 -0)
➕ backend/__mocks__/signale.js (+40 -0)
➕ backend/__mocks__/tarn.js (+14 -0)
➕ backend/__tests__/README.md (+53 -0)
➕ backend/__tests__/ldap/ldap-client.test.js (+1212 -0)
➕ backend/__tests__/ldap/ldap-env.test.js (+376 -0)
➕ backend/__tests__/ldap/ldap-internal.test.js (+645 -0)
➕ backend/__tests__/ldap/ldap-sync.test.js (+955 -0)
➖ backend/biome.json (+0 -91)
📝 backend/internal/2fa.js (+9 -1)
➕ backend/internal/ldap-settings.js (+284 -0)
➕ backend/internal/ldap-sync.js (+744 -0)
➕ backend/internal/ldap.js (+550 -0)

...and 43 more files

📄 Description

Add support for AD / LDAP authentication.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/NginxProxyManager/nginx-proxy-manager/pull/5345 **Author:** [@Wadera](https://github.com/Wadera) **Created:** 2/23/2026 **Status:** 🔄 Open **Base:** `develop` ← **Head:** `feature/ldap-auth` --- ### 📝 Commits (10+) - [`1f4de6d`](https://github.com/NginxProxyManager/nginx-proxy-manager/commit/1f4de6db71d0f1147622fe9c3daa66914f26a71c) feat(ldap): LDAP authentication with group-based access control and security hardening - [`82f669a`](https://github.com/NginxProxyManager/nginx-proxy-manager/commit/82f669a2fed6b4d5beeb04cc0123cc975fbad1ee) test(ldap): comprehensive test suite — 196 tests across 4 suites - [`8b6e65a`](https://github.com/NginxProxyManager/nginx-proxy-manager/commit/8b6e65a7540197be21786b8bc4dd35ba9155f02a) fix(lint): resolve all Biome lint errors in test mocks and LDAP modules - [`7f3fa89`](https://github.com/NginxProxyManager/nginx-proxy-manager/commit/7f3fa895eaa56dd58cf2ef25b68f0512c74d5c3f) ci: retrigger build (transient cypress image failure) - [`43ff83a`](https://github.com/NginxProxyManager/nginx-proxy-manager/commit/43ff83a31fae25fca13fa5a110e2139e5677b2c0) fix(ldap): semaphore leak in withServiceClient — use try/finally to guarantee returnToPool - [`f5a8cee`](https://github.com/NginxProxyManager/nginx-proxy-manager/commit/f5a8ceea42a99c0daaf9af6530adf6093143c08b) fix(ldap): rate-limit user bind connections via login semaphore - [`6d3cbd7`](https://github.com/NginxProxyManager/nginx-proxy-manager/commit/6d3cbd729dcdeb61c1989ee6bd89162ec9e90e09) fix(ldap): add UNIQUE constraint on user email + skip redundant login patches - [`005cde6`](https://github.com/NginxProxyManager/nginx-proxy-manager/commit/005cde6509a8627648dcb6be7f93ed42547c3575) Merge remote-tracking branch 'github/develop' into feature/ldap-auth - [`3920d35`](https://github.com/NginxProxyManager/nginx-proxy-manager/commit/3920d3590164133b27cfbaa07c9055fa3667a410) fix(ldap): replace plain UNIQUE email index with partial index for soft-delete compatibility - [`ba3e005`](https://github.com/NginxProxyManager/nginx-proxy-manager/commit/ba3e005a9b16a4d7f0df1687709554735a502015) fix(ldap): make email_active migration idempotent for MySQL CI ### 📊 Changes **63 files changed** (+8840 additions, -167 deletions) <details> <summary>View changed files</summary> 📝 `README.md` (+41 -0) ➕ `backend/__mocks__/bcrypt.js` (+17 -0) ➕ `backend/__mocks__/config.js` (+42 -0) ➕ `backend/__mocks__/db.js` (+7 -0) ➕ `backend/__mocks__/lodash.js` (+74 -0) ➕ `backend/__mocks__/moment.js` (+32 -0) ➕ `backend/__mocks__/node-rsa.js` (+15 -0) ➕ `backend/__mocks__/objection.js` (+56 -0) ➕ `backend/__mocks__/signale.js` (+40 -0) ➕ `backend/__mocks__/tarn.js` (+14 -0) ➕ `backend/__tests__/README.md` (+53 -0) ➕ `backend/__tests__/ldap/ldap-client.test.js` (+1212 -0) ➕ `backend/__tests__/ldap/ldap-env.test.js` (+376 -0) ➕ `backend/__tests__/ldap/ldap-internal.test.js` (+645 -0) ➕ `backend/__tests__/ldap/ldap-sync.test.js` (+955 -0) ➖ `backend/biome.json` (+0 -91) 📝 `backend/internal/2fa.js` (+9 -1) ➕ `backend/internal/ldap-settings.js` (+284 -0) ➕ `backend/internal/ldap-sync.js` (+744 -0) ➕ `backend/internal/ldap.js` (+550 -0) _...and 43 more files_ </details> ### 📄 Description Add support for AD / LDAP authentication. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

kerem added the

pull-request

label

2026-02-26 08:33:25 +03:00

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/nginx-proxy-manager-NginxProxyManager#4187

No description provided.

Rows
Columns