Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Added easy interface to specify ldap-attribute types and objectclasses.

Just select ldap-server type and you are done. Old variables can still be used
to override builtin settings.
  • Loading branch information...
commit 686650dd3e604859309e7c77ce1437d0849b1779 1 parent 11e16b9
authored September 24, 2004
59  auth/ldap/config.html
@@ -2,6 +2,7 @@
2 2
     // Initialize vars
3 3
     optional_variable($config->ldap_host_url,             "");
4 4
     optional_variable($config->ldap_contexts,             "");
  5
+    optional_variable($config->ldap_user_type,    "");
5 6
     optional_variable($config->ldap_user_attribute,    "");
6 7
     optional_variable($config->ldap_search_sub,         "");
7 8
     optional_variable($config->ldap_bind_dn,             "");
@@ -103,7 +104,6 @@
103 104
    </td>
104 105
 </tr>
105 106
 
106  
-
107 107
 <tr valign="top" bgcolor="<?php echo $THEME->cellheading2 ?>">
108 108
     <td align="right"><P>ldap_bind_dn:</td>
109 109
     <td>
@@ -124,13 +124,45 @@
124 124
     </td>
125 125
 </tr>
126 126
 
127  
-
128 127
 <tr>
129 128
    <td colspan="2">
130 129
         <h4><?php print_string("auth_ldap_user_settings", "auth") ?> </h4>
131 130
    </td>
132 131
 </tr>
133 132
 
  133
+<tr valign="top" bgcolor="<?php echo $THEME->cellheading2 ?>">
  134
+    <td align="right"><P>ldap_user_type:</td>
  135
+    <td>
  136
+    <?php choose_from_menu(auth_ldap_suppported_usertypes(), "ldap_user_type", $config->ldap_user_type, ""); ?>
  137
+    <?php  if (isset($err["ldap_user_type"])) formerr($err["ldap_user_type"]); ?>
  138
+    </td>
  139
+    <td>
  140
+    <?php  print_string("auth_ldap_user_type","auth") ?>
  141
+    </td>
  142
+</tr>
  143
+
  144
+<tr valign="top" bgcolor="<?php echo $THEME->cellheading2 ?>">
  145
+    <td align="right"><P>ldap_contexts:</td>
  146
+    <td>
  147
+    <input name="ldap_contexts" type="text" size="30" value="<?php echo $config->ldap_contexts?>">
  148
+    <?php  if (isset($err["ldap_contexts"])) formerr($err["ldap_contexts"]); ?>
  149
+    </td>
  150
+    <td>
  151
+    <?php  print_string("auth_ldap_contexts","auth") ?>
  152
+    </td>
  153
+</tr>
  154
+
  155
+<tr valign="top" bgcolor="<?php echo $THEME->cellheading2 ?>">
  156
+    <td align="right"><P>ldap_search_sub:</td>
  157
+    <td>
  158
+    <input name="ldap_search_sub" type="text" size="1" value="<?php echo $config->ldap_search_sub?>">
  159
+    <?php  if (isset($err["ldap_search_sub"])) formerr($err["ldap_search_sub"]); ?>
  160
+    </td>
  161
+    <td>
  162
+    <?php  print_string("auth_ldap_search_sub","auth") ?>
  163
+    </td>
  164
+</tr>
  165
+
134 166
 
135 167
 <tr valign="top" bgcolor="<?php echo $THEME->cellheading2 ?>">
136 168
     <td align="right"><P>ldap_user_attribute:</td>
@@ -153,7 +185,6 @@
153 185
     </td>
154 186
 </tr>
155 187
 
156  
-
157 188
 <tr valign="top" bgcolor="<?php echo $THEME->cellheading2 ?>">
158 189
     <td align="right"><P>ldap_objectclass:</td>
159 190
     <td>
@@ -165,28 +196,6 @@
165 196
     </td>
166 197
 </tr>
167 198
 
168  
-<tr valign="top" bgcolor="<?php echo $THEME->cellheading2 ?>">
169  
-    <td align="right"><P>ldap_contexts:</td>
170  
-    <td>
171  
-    <input name="ldap_contexts" type="text" size="30" value="<?php echo $config->ldap_contexts?>">
172  
-    <?php  if (isset($err["ldap_contexts"])) formerr($err["ldap_contexts"]); ?>
173  
-    </td>
174  
-    <td>
175  
-    <?php  print_string("auth_ldap_contexts","auth") ?>
176  
-    </td>
177  
-</tr>
178  
-
179  
-
180  
-<tr valign="top" bgcolor="<?php echo $THEME->cellheading2 ?>">
181  
-    <td align="right"><P>ldap_search_sub:</td>
182  
-    <td>
183  
-    <input name="ldap_search_sub" type="text" size="1" value="<?php echo $config->ldap_search_sub?>">
184  
-    <?php  if (isset($err["ldap_search_sub"])) formerr($err["ldap_search_sub"]); ?>
185  
-    </td>
186  
-    <td>
187  
-    <?php  print_string("auth_ldap_search_sub","auth") ?>
188  
-    </td>
189  
-</tr>
190 199
 <tr>
191 200
    <td colspan="2">
192 201
         <h4><?php print_string("forcechangepassword", "auth") ?> </h4>
100  auth/ldap/lib.php
... ...
@@ -1,5 +1,9 @@
1 1
 <?PHP  // $Id$
2 2
 //CHANGELOG:
  3
+//24.09.2004 Lot of changes:
  4
+//           -Added usertype configuration, this removes need for separate obejcclass and attributename configuration
  5
+//            Overriding values is still supported
  6
+//           
3 7
 //21.09.2004 Added support for multiple ldap-servers.
4 8
 //           Theres no nedd to use auth_ldap_bind,
5 9
 //           Anymore auth_ldap_connect does this for you
@@ -112,12 +116,10 @@ function auth_user_login ($username, $password) {
112 116
 function auth_get_userinfo($username){
113 117
 /// reads userinformation from ldap and return it in array()
114 118
     global $CFG;
115  
-
  119
+    $ldapconnection=auth_ldap_connect();
116 120
     $config = (array)$CFG;
117 121
     $attrmap = auth_ldap_attributes();
118  
-   
119  
-    $ldapconnection=auth_ldap_connect();
120  
-
  122
+    
121 123
     $result = array();
122 124
     $search_attribs = array();
123 125
   
@@ -129,10 +131,6 @@ function auth_get_userinfo($username){
129 131
 
130 132
     $user_dn = auth_ldap_find_userdn($ldapconnection, $username);
131 133
 
132  
-    if (empty($CFG->ldap_objectclass)) {        // Can't send empty filter
133  
-        $CFG->ldap_objectclass="objectClass=*";
134  
-    }
135  
-  
136 134
     $user_info_result = ldap_read($ldapconnection,$user_dn,$CFG->ldap_objectclass, $search_attribs);
137 135
 
138 136
     if ($user_info_result) {
@@ -151,10 +149,13 @@ function auth_get_userinfo($username){
151 149
 
152 150
 function auth_get_userlist () {
153 151
     global $CFG;
  152
+    auth_ldap_init();
154 153
     return auth_ldap_get_userlist("($CFG->ldap_user_attribute=*)");
155 154
 }
  155
+
156 156
 function auth_user_exists ($username) {
157 157
    global $CFG; 
  158
+   auth_ldap_init();
158 159
    //returns true if given usernname exist on ldap
159 160
    $users = auth_ldap_get_userlist("($CFG->ldap_user_attribute=$username)");
160 161
    return count($users); 
@@ -165,8 +166,8 @@ function auth_user_create ($userobject,$plainpass) {
165 166
 //use auth_user_exists to prevent dublicate usernames
166 167
 //return true if user is created, false on error
167 168
 	global $CFG;
168  
-    $attrmap = auth_ldap_attributes();
169 169
     $ldapconnection = auth_ldap_connect();
  170
+    $attrmap = auth_ldap_attributes();
170 171
     
171 172
     $newuser = array();
172 173
      
@@ -196,12 +197,8 @@ function auth_get_users($filter='*') {
196 197
 //returns all userobjects from external database
197 198
     global $CFG;
198 199
 
199  
-    $fresult = array();
200 200
     $ldapconnection = auth_ldap_connect();
201  
-
202  
-    if (empty($CFG->ldap_objectclass)) {
203  
-        $CFG->ldap_objectclass="objectClass=*";
204  
-    }
  201
+    $fresult = array();
205 202
 
206 203
     if ($filter=="*") {
207 204
        $filter = "(&(".$CFG->ldap_user_attribute."=*)(".$CFG->ldap_objectclass."))";
@@ -272,6 +269,7 @@ function auth_sync_users ($unsafe_optimizations = false, $bulk_insert_records =
272 269
 ///                         max_allowed_packet limit.
273 270
 
274 271
     global $CFG ;
  272
+    auth_ldap_init();
275 273
     $ldapusers     = auth_get_users();
276 274
     $usedidnumbers = Array();
277 275
 
@@ -415,7 +413,7 @@ function auth_user_disable ($username) {
415 413
 //activate new ldap-user after email-address is confirmed
416 414
 	global $CFG;
417 415
 
418  
-    $ldapconnect = auth_ldap_connect();
  416
+    $ldapconnection = auth_ldap_connect();
419 417
 
420 418
     $userdn = auth_ldap_find_userdn($ldapconnection, $username);
421 419
     $newinfo['loginDisabled']="TRUE";
@@ -428,6 +426,8 @@ function auth_user_disable ($username) {
428 426
 function auth_iscreator($username=0) {
429 427
 ///if user is member of creator group return true
430 428
     global $USER , $CFG; 
  429
+    auth_ldap_init();
  430
+
431 431
     if (! $username) {
432 432
         $username=$USER->username;
433 433
     }
@@ -460,10 +460,6 @@ function auth_user_update($olduser, $newuser) {
460 460
 
461 461
     $user_dn = auth_ldap_find_userdn($ldapconnection, $olduser->username);
462 462
 
463  
-    if (empty($CFG->ldap_objectclass)) {
464  
-        $CFG->ldap_objectclass="objectClass=*";
465  
-    }
466  
-  
467 463
     $user_info_result = ldap_read($ldapconnection,$user_dn,$CFG->ldap_objectclass, $search_attribs);
468 464
 
469 465
     if ($user_info_result){
@@ -531,6 +527,67 @@ function auth_user_update_password($username, $newpassword) {
531 527
 //PRIVATE FUNCTIONS starts
532 528
 //private functions are named as auth_ldap*
533 529
 
  530
+function auth_ldap_suppported_usertypes (){
  531
+// returns array of supported usertypes (schemas)
  532
+// If you like to add our own please name and describe it here
  533
+// And then add case clauses in relevant places in functions
  534
+// iauth_ldap_init, auth_user_create, auth_check_expire, auth_check_grace
  535
+    $types['edir']='Novell Edirectory';
  536
+    $types['posix']='posixAccount (rfc2307)';
  537
+    $types['samba']='sambaSamAccount (v.3.0.7)';
  538
+    $types['ad']='ActiveDirectory'; 
  539
+    return $types;
  540
+}    
  541
+
  542
+function auth_ldap_init () {
  543
+// initializes needed variables
  544
+
  545
+    global $CFG;
  546
+    $default['ldap_objectclass'] = array(
  547
+                        'edir' => 'inetOrgPerson',
  548
+                        'posix' => 'posixAccount',
  549
+                        'samba' => 'sambaSamAccount',
  550
+                        'ad' => 'user',
  551
+                        'default' => '*'
  552
+                        );
  553
+    $default['ldap_user_attribute'] = array(
  554
+                        'edir' => 'cn',
  555
+                        'posix' => 'uid',
  556
+                        'samba' => 'uid',
  557
+                        'ad' => 'cn',
  558
+                        'default' => 'cn'
  559
+                        );
  560
+    $default['ldap_memberattribute'] = array(
  561
+                        'edir' => 'groupMembership',
  562
+                        'posix' => 'member',
  563
+                        'samba' => 'member',
  564
+                        'ad' => 'member', //is this right?
  565
+                        'default' => 'member'
  566
+                        );
  567
+
  568
+    foreach ($default as $key => $value) {
  569
+        //set defaults if overriding fields not set
  570
+        if(empty($CFG->{$key})) {
  571
+            if (!empty($CFG->ldap_user_type) && !empty($default[$key][$CFG->ldap_user_type])) {
  572
+                $CFG->{$key} = $default[$key][$CFG->ldap_user_type];
  573
+            }else {
  574
+                //use defaut value if user_type not set
  575
+                if(!empty($default[$key]['default'])){
  576
+                    $CFG->$key = $default[$key][$value]['default'];
  577
+                }else {
  578
+                    unset($CFG->$key);
  579
+                }    
  580
+            }
  581
+        }
  582
+    }   
  583
+    //hack prefix to objectclass
  584
+    if ('objectClass=' != substr($CFG->ldap_objectclass, 0, 12)) {
  585
+       $CFG->ldap_objectclass = 'objectClass='.$CFG->ldap_objectclass;
  586
+    }   
  587
+
  588
+    //all chages go in $CFG , no need to return value
  589
+}
  590
+
534 591
 function auth_ldap_isgroupmember ($username='', $groupdns='') {
535 592
 // Takes username and groupdn(s) , separated by ;
536 593
 // Returns true if user is member of any given groups
@@ -561,6 +618,7 @@ function auth_ldap_connect(){
561 618
 /// Returns connection result
562 619
 
563 620
     global $CFG;
  621
+    auth_ldap_init();
564 622
     $urls = explode(";",$CFG->ldap_host_url);
565 623
 
566 624
     foreach ($urls as $server){
@@ -661,10 +719,6 @@ function auth_ldap_get_userlist($filter="*") {
661 719
 
662 720
     $ldapconnection = auth_ldap_connect();
663 721
 
664  
-    if (empty($CFG->ldap_objectclass)) {
665  
-        $CFG->ldap_objectclass="objectClass=*";
666  
-    }
667  
-
668 722
     if ($filter=="*") {
669 723
        $filter = "(&(".$CFG->ldap_user_attribute."=*)(".$CFG->ldap_objectclass."))";
670 724
     }

0 notes on commit 686650d

Please sign in to comment.
Something went wrong with that request. Please try again.