diff --git a/e107_plugins/alt_auth/alt_auth_adminmenu.php b/e107_plugins/alt_auth/alt_auth_adminmenu.php
index a39f59dc2..31076fc25 100755
--- a/e107_plugins/alt_auth/alt_auth_adminmenu.php
+++ b/e107_plugins/alt_auth/alt_auth_adminmenu.php
@@ -27,8 +27,6 @@ function alt_auth_get_authlist()
// All user fields which might, just possibly, be transferred. The option name must be the corresponding field in the E107 user database, prefixed with 'xf_'
$alt_auth_user_fields = array(
-// 'user_loginname' => array('prompt' => LAN_ALT_10, 'optname' => 'xf_user_loginname', 'default' => 'user_loginname', 'optional' => FALSE, 'otherdb' => TRUE, 'e107db' => TRUE, 'importdb' => TRUE, 'ldap' => TRUE, 'ldap_field' => 'cn'),
-// 'user_password' => array('prompt' => LAN_ALT_11, 'optname' => 'xf_user_password', 'default' => 'user_password', 'optional' => FALSE, 'otherdb' => TRUE, 'e107db' => TRUE, 'importdb' => TRUE, 'ldap' => TRUE, 'ldap_field' => ''),
'user_email' => array('prompt' => LAN_ALT_12, 'optname' => 'xf_user_email', 'default' => 'user_email', 'optional' => TRUE, 'otherdb' => TRUE, 'e107db' => TRUE, 'importdb' => FALSE, 'ldap' => TRUE, 'ldap_field' => 'mail'),
'user_hideemail' => array('prompt' => LAN_ALT_13, 'optname' => 'xf_user_hideemail', 'default' => 'user_hideemail', 'optional' => TRUE, 'otherdb' => FALSE, 'e107db' => TRUE, 'importdb' => FALSE, 'ldap' => TRUE, 'ldap_field' => ''),
'user_name' => array('prompt' => LAN_ALT_14, 'optname' => 'xf_user_name', 'default' => 'user_name', 'optional' => TRUE, 'otherdb' => TRUE, 'e107db' => TRUE, 'importdb' => FALSE, 'ldap' => TRUE, 'ldap_field' => ''),
@@ -187,7 +185,7 @@ function alt_auth_test_form($prefix,$frm)
$log_result = AUTH_UNKNOWN;
$pass_vars = array();
$val_name = trim(varset($_POST['nametovalidate'],''));
-
+
if(isset($_login->Available) && ($_login->Available === FALSE))
{ // Relevant auth method not available (e.g. PHP extension not loaded)
$log_result = AUTH_NOT_AVAILABLE;
@@ -282,4 +280,4 @@ function alt_auth_adminmenu()
}
show_admin_menu(LAN_ALT_29, ALT_AUTH_ACTION, $var);
}
-?>
\ No newline at end of file
+?>
diff --git a/e107_plugins/alt_auth/alt_auth_login_class.php b/e107_plugins/alt_auth/alt_auth_login_class.php
index 94c16abb3..ca61e5741 100755
--- a/e107_plugins/alt_auth/alt_auth_login_class.php
+++ b/e107_plugins/alt_auth/alt_auth_login_class.php
@@ -11,8 +11,8 @@
| GNU General Public License (http://gnu.org).
|
| $Source: /cvs_backup/e107_0.8/e107_plugins/alt_auth/alt_auth_login_class.php,v $
-| $Revision: 1.3 $
-| $Date: 2008-07-25 19:33:02 $
+| $Revision: 1.4 $
+| $Date: 2008-12-01 21:47:17 $
| $Author: e107steved $
+----------------------------------------------------------------------------+
*/
@@ -34,9 +34,8 @@ class alt_login
return AUTH_NOCONNECT;
}
-
$login_result = $_login -> login($username, $userpass, $newvals, FALSE);
-
+
if($login_result === AUTH_SUCCESS )
{
if (MAGIC_QUOTES_GPC == FALSE)
@@ -45,7 +44,7 @@ class alt_login
}
$username = preg_replace("/\sOR\s|\=|\#/", "", $username);
$username = substr($username, 0, varset($pref['loginname_maxlength'],30));
-
+
$aa_sql = new db;
$uh = new UserHandler;
$db_vals = array('user_password' => $aa_sql->escape($uh->HashPassword($userpass,$username)));
@@ -65,10 +64,14 @@ class alt_login
}
else
{ // Just add a new user
- if (!isset($db_vals['user_name'])) $db_vals['user_name'] = $username;
- if (!isset($db_vals['user_loginname'])) $db_vals['user_loginname'] = $username;
- if (!isset($db_vals['user_join'])) $db_vals['user_join'] = time();
- $aa_sql->db_Insert('user',$db_vals);
+ if (!isset($db_vals['user_name'])) $db_vals['user_name'] = $username;
+ if (!isset($db_vals['user_loginname'])) $db_vals['user_loginname'] = $username;
+ if (!isset($db_vals['user_join'])) $db_vals['user_join'] = time();
+ $db_vals['user_class'] = varset($pref['initial_user_classes'],'');
+ if (!isset($db_vals['user_signature'])) $db_vals['user_signature'] = '';
+ if (!isset($db_vals['user_prefs'])) $db_vals['user_prefs'] = '';
+ if (!isset($db_vals['user_perms'])) $db_vals['user_perms'] = '';
+ $aa_sql->db_Insert('user',$db_vals);
}
return LOGIN_CONTINUE;
}
diff --git a/e107_plugins/alt_auth/languages/English/lan_ldap_conf.php b/e107_plugins/alt_auth/languages/English/lan_ldap_conf.php
index 845980d97..7f0d77bba 100644
--- a/e107_plugins/alt_auth/languages/English/lan_ldap_conf.php
+++ b/e107_plugins/alt_auth/languages/English/lan_ldap_conf.php
@@ -1,6 +1,6 @@
If LDAP - Enter BaseDN
If AD - Enter domain");
+define("LDAPLAN_2", "Base DN or Domain
LDAP - Enter BaseDN
AD - enter the fqdn eg ad.mydomain.co.uk");
define("LDAPLAN_3", "LDAP Browsing user
Full context of the user who is able to search the directory.");
define("LDAPLAN_4", "LDAP Browsing password
Password for the LDAP Browsing user.");
define("LDAPLAN_5", "LDAP Version");
@@ -10,8 +10,9 @@ define("LDAPLAN_8", "This will be used to ensure the username is in the correct
define("LDAPLAN_9", "Current search filter will be:");
define("LDAPLAN_10", "Settings Updated");
define("LDAPLAN_11", "WARNING: It appears as if the ldap module is not currently available; setting your auth method to LDAP will probably not work!");
-define("LDAPLAN_12", "Server Type");
-define("LDAPLAN_13", "Update settings");
+define("LDAPLAN_12", 'Server Type');
+define("LDAPLAN_13", 'Update settings');
+define('LDAPLAN_14', 'OU for AD (e.g. ou=itdept)');
define('LAN_AUTHENTICATE_HELP','This method can be used to authenticate against most LDAP servers, including Novell\'s eDirectory and Microsoft\'s Active Directory. Refer to the wiki for further information.');
diff --git a/e107_plugins/alt_auth/ldap_auth.php b/e107_plugins/alt_auth/ldap_auth.php
index 930a0dc2e..ad6ea9ae8 100755
--- a/e107_plugins/alt_auth/ldap_auth.php
+++ b/e107_plugins/alt_auth/ldap_auth.php
@@ -11,8 +11,8 @@
| GNU General Public License (http://gnu.org).
|
| $Source: /cvs_backup/e107_0.8/e107_plugins/alt_auth/ldap_auth.php,v $
-| $Revision: 1.3 $
-| $Date: 2008-09-02 19:39:12 $
+| $Revision: 1.4 $
+| $Date: 2008-12-01 21:47:17 $
| $Author: e107steved $
To do:
@@ -22,9 +22,9 @@ To do:
class auth_login
{
-
var $server;
var $dn;
+ var $ou;
var $usr;
var $pwd;
var $serverType;
@@ -36,78 +36,77 @@ class auth_login
var $ldapVersion;
var $Available;
var $filter;
- var $copyAttribs; // Any attributes which are to be copied on successful login
+ var $copyAttribs; // Any attributes which are to be copied on successful login
function auth_login()
{
$this->copyAttribs = array();
$sql = new db;
- $sql -> db_Select("alt_auth", "*", "auth_type = 'ldap' ");
- while($row = $sql -> db_Fetch())
+ $sql->db_Select("alt_auth", "*", "auth_type = 'ldap' ");
+ while ($row = $sql->db_Fetch())
{
- $ldap[$row['auth_parmname']] = base64_decode(base64_decode($row['auth_parmval']));
- if ((strpos($row['auth_parmname'],'ldap_xf_') === 0) && $ldap[$row['auth_parmname']])
- { // Attribute to copy on successful login
- $this->copyAttribs[$ldap[$row['auth_parmname']]] = substr($row['auth_parmname'],strlen('ldap_xf_')); // Key = LDAP attribute. Value = e107 field name
- unset($row['auth_parmname']);
- }
+ $ldap[$row['auth_parmname']] = base64_decode(base64_decode($row['auth_parmval']));
+ if ((strpos($row['auth_parmname'], 'ldap_xf_') === 0) && $ldap[$row['auth_parmname']]) // Attribute to copy on successful login
+ {
+// $this->copyAttribs[$ldap[$row['auth_parmname']]] = substr($row['auth_parmname'], strlen('ldap_xf_')); // Key = LDAP attribute. Value = e107 field name
+ $this->copyAttribs[substr($row['auth_parmname'], strlen('ldap_xf_'))] = $ldap[$row['auth_parmname']]; // Key = LDAP attribute. Value = e107 field name
+ unset($row['auth_parmname']);
+ }
}
$this->server = explode(",", $ldap['ldap_server']);
$this->serverType = $ldap['ldap_servertype'];
$this->dn = $ldap['ldap_basedn'];
+ $this->ou = $ldap['ldap_ou']; // added by Father Barry Keal
$this->usr = $ldap['ldap_user'];
$this->pwd = $ldap['ldap_passwd'];
$this->ldapVersion = $ldap['ldap_version'];
$this->filter = (isset($ldap['ldap_edirfilter']) ? $ldap['ldap_edirfilter'] : "");
- if(!function_exists('ldap_connect'))
+ if (!function_exists('ldap_connect'))
{
- $this->Available = FALSE;
+ $this->Available = false;
return false;
}
- if(!$this -> connect())
+ if (!$this->connect())
{
return AUTH_NOCONNECT;
}
}
-
function makeErrorText($extra = '')
{
- $this->ldapErrorCode = ldap_errno( $this->connection);
- $this->ldapErrorText = ldap_error( $this->connection);
- $this->ErrorText = $extra.' '.$this->ldapErrorCode.': '.$this->ldapErrorText;
+ $this->ldapErrorCode = ldap_errno($this->connection);
+ $this->ldapErrorText = ldap_error($this->connection);
+ $this->ErrorText = $extra . ' ' . $this->ldapErrorCode . ': ' . $this->ldapErrorText;
}
-
function connect()
{
foreach ($this->server as $key => $host)
{
$this->connection = ldap_connect($host);
- if ( $this->connection) {
- if($this -> ldapVersion == 3 || $this->serverType == "ActiveDirectory")
+ if ($this->connection)
+ {
+ if ($this->ldapVersion == 3 || $this->serverType == "ActiveDirectory")
{
- @ldap_set_option( $this -> connection, LDAP_OPT_PROTOCOL_VERSION, 3 );
+ @ldap_set_option($this->connection, LDAP_OPT_PROTOCOL_VERSION, 3);
}
return true;
}
}
-
+
$this->ldapErrorCode = -1;
$this->ldapErrorText = "Unable to connect to any server";
- $this->ErrorText = $this->ldapErrorCode.': '.$this->ldapErrorText;
+ $this->ErrorText = $this->ldapErrorCode . ': ' . $this->ldapErrorText;
return false;
}
-
-
function close()
{
- if ( !@ldap_close( $this->connection))
+ if (!@ldap_close($this->connection))
{
- $this->makeErrorText(); // Read the error code and explanatory string
+ $this->makeErrorText(); // Read the error code and explanatory string
return false;
}
else
@@ -116,125 +115,137 @@ class auth_login
}
}
-
-
- function login($uname, $pass, &$newvals, $connect_only = FALSE)
+ function login($uname, $pass, &$newvals, $connect_only = false)
{
/* Construct the full DN, eg:-
** "uid=username, ou=People, dc=orgname,dc=com"
*/
-// echo "Login to server type: {$this->serverType}
";
+ // echo "Login to server type: {$this->serverType}
";
$current_filter = "";
if ($this->serverType == "ActiveDirectory")
{
- $checkDn = $uname.'@'.$this->dn;
+ $checkDn = $uname . '@' . $this->dn;
+ // added by Father Barry Keal
+ // $current_filter = "(sAMAccountName={$uname})"; for pre windows 2000
+ $current_filter = "(userprincipalname={$uname}@{$this->dn})"; // for 2000 +
+ // end add by Father Barry Keal
}
else
{
- if ($this -> usr != '' && $this -> pwd != '')
- {
- $this -> result = ldap_bind($this -> connection, $this -> usr, $this -> pwd);
- }
- else
- {
- $this -> result = ldap_bind($this -> connection);
- }
- if ($this->result === FALSE)
- {
-// echo "LDAP bind failed
";
- $this->makeErrorText(); // Read the error code and explanatory string
- return AUTH_NOCONNECT;
- }
-
-// In ldap_auth.php, should look like this instead for eDirectory
-// $query = ldap_search($this -> connection, $this -> dn, "cn=".$uname);
-
- if($this->serverType == "eDirectory")
- {
- $current_filter = "(&(cn={$uname})".$this->filter.")";
- }
- else
- {
- $current_filter = "uid=".$uname;
- }
-// echo "LDAP search: {$this->dn}, {$current_filter}
";
- $query = ldap_search($this->connection, $this->dn, $current_filter);
-
- if ($query === false)
- {
-// Could not perform query to LDAP directory
- echo "LDAP - search for user failed
";
- $this->makeErrorText(); // Read the error code and explanatory string
- return AUTH_NOCONNECT;
- }
- else
- {
- $query_result = ldap_get_entries($this -> connection, $query);
-
- if ($query_result["count"] != 1)
+ if ($this->usr != '' && $this->pwd != '')
{
- if ($connect_only) return AUTH_SUCCESS; else return AUTH_NOUSER;
+ $this->result = ldap_bind($this->connection, $this->usr, $this->pwd);
}
else
{
- $checkDn = $query_result[0]["dn"];
- $this -> close();
- $this -> connect();
+ $this->result = ldap_bind($this->connection);
}
- }
- }
+ if ($this->result === false)
+ {
+ // echo "LDAP bind failed
";
+ $this->makeErrorText(); // Read the error code and explanatory string
+ return AUTH_NOCONNECT;
+ }
+ // In ldap_auth.php, should look like this instead for eDirectory
+ // $query = ldap_search($this -> connection, $this -> dn, "cn=".$uname);
+ if ($this->serverType == "eDirectory")
+ {
+ $current_filter = "(&(cn={$uname})" . $this->filter . ")";
+ }
+ else
+ {
+ $current_filter = "uid=" . $uname;
+ }
+ // echo "LDAP search: {$this->dn}, {$current_filter}
";
+ $query = ldap_search($this->connection, $this->dn, $current_filter);
- // Try and connect...
- $this->result = ldap_bind($this -> connection, $checkDn, $pass);
- if ( $this->result)
- {
- // Connected OK - login credentials are fine!
- // But bind can return success even if no password! Does reject an invalid password, however
- if ($connect_only) return AUTH_SUCCESS;
- if (trim($pass) == '') return AUTH_BADPASSWORD; // Pick up a blank password
- if (count($this->copyAttribs) == 0) return AUTH_SUCCESS; // No attributes required - we're done
- $ldap_attributes = array_keys($this->copyAttribs);
-// echo "Validation search: {$checkDn}, {$current_filter},"; print_a($ldap_attributes); echo "
";
- $this->result = ldap_search($this -> connection, $checkDn, $current_filter, $ldap_attributes);
+ if ($query === false)
+ {
+ // Could not perform query to LDAP directory
+ echo "LDAP - search for user failed
";
+ $this->makeErrorText(); // Read the error code and explanatory string
+ return AUTH_NOCONNECT;
+ }
+ else
+ {
+ $query_result = ldap_get_entries($this->connection, $query);
- if ($this->result)
- {
- $entries = ldap_get_entries($this->connection, $this->result);
-// print_a($entries);
- if (count($entries) == 2)
- { // All OK
- for ($j = 0; $j < $entries[0]['count']; $j++)
- {
- $k = $entries[0][$j];
- $tlv = $entries[0][$k];
- if (is_array($tlv) && isset($this->copyAttribs[$k]))
- { // This bit executed if we've successfully got some data. Key is the attribute name, then array of data
- $newvals[$this->copyAttribs[$k]] = $tlv[0]; // Just grab the first value
-// echo $j.":Key: {$k} (Values: {$tlv['count']})";
-// for ($i = 0; $i < $tlv['count']; $i++) { echo ' '.$tlv[$i]; }
-// echo "
";
+ if ($query_result["count"] != 1)
+ {
+ if ($connect_only) return AUTH_SUCCESS;
+ else return AUTH_NOUSER;
}
else
{
-// echo " Unexpected non-array value - Key: {$k} Value: {$tlv}
";
- $this->makeErrorText(); // Read the error code and explanatory string
- return AUTH_NOCONNECT; // Not really a suitable return code for this - its an error
+ $checkDn = $query_result[0]["dn"];
+ $this->close();
+ $this->connect();
}
- }
}
- else
+ }
+ // Try and connect...
+ $this->result = ldap_bind($this->connection, $checkDn, $pass);
+ if ($this->result)
+ {
+ // Connected OK - login credentials are fine!
+ // But bind can return success even if no password! Does reject an invalid password, however
+ if ($connect_only) return AUTH_SUCCESS;
+ if (trim($pass) == '') return AUTH_BADPASSWORD; // Pick up a blank password
+ if (count($this->copyAttribs) == 0) return AUTH_SUCCESS; // No attributes required - we're done
+ $ldap_attributes = array_values(array_unique($this->copyAttribs));
+ if ($this->serverType == "ActiveDirectory")
+ { // If we are using AD then build up the full string from the fqdn
+ $altauth_tmp = explode('.', $this->dn);
+ $checkDn='';
+ foreach($altauth_tmp as $$altauth_dc)
+ {
+ $checkDn .= ",DC={$altauth_dc}";
+ }
+ // prefix with the OU
+ $checkDn = $this->ou . $checkDn;
+ }
+ $this->result = ldap_search($this->connection, $checkDn, $current_filter, $ldap_attributes);
+ if ($this->result)
{
-// echo "Got wrong number of entries
";
- $this->makeErrorText(); // Read the error code and explanatory string
- return AUTH_NOUSER; // Bit debateable what to return if this happens
+ $entries = ldap_get_entries($this->connection, $this->result);
+ if (count($entries) == 2) // All OK
+ {
+ echo "Count: {$entries[0]['count']}
";
+ for ($j = 0; $j < $entries[0]['count']; $j++)
+ {
+ $k = $entries[0][$j]; // LDAP attribute name
+ $tlv = $entries[0][$k]; // Array of LDAP data
+ if (is_array($tlv) && count($tempKeys = array_keys($this->copyAttribs,$k))) // This bit executed if we've successfully got some data. Key is the attribute name, then array of data
+ {
+ foreach ($tempKeys as $tk) // Single LDAP attribute may be mapped to several fields
+ {
+ $newvals[$tk] = $this->translate($tlv[0]); // Just grab the first value
+ }
+ // echo $j.":Key: {$k} (Values: {$tlv['count']})";
+ // for ($i = 0; $i < $tlv['count']; $i++) { echo ' '.$tlv[$i]; }
+ // echo "
";
+ }
+ else
+ {
+ // echo " Unexpected non-array value - Key: {$k} Value: {$tlv}
";
+ $this->makeErrorText(); // Read the error code and explanatory string
+ return AUTH_NOCONNECT; // Not really a suitable return code for this - its an error
+ }
+ }
+ }
+ else
+ {
+ // echo "Got wrong number of entries
";
+ $this->makeErrorText(); // Read the error code and explanatory string
+ return AUTH_NOUSER; // Bit debateable what to return if this happens
+ }
}
- }
- else
- { // Probably a bit strange if we don't get any info back - but possible
-// echo "No results!
";
- }
+ else // Probably a bit strange if we don't get any info back - but possible
+ {
+ // echo "No results!
";
+ }
- return AUTH_SUCCESS;
+ return AUTH_SUCCESS;
}
else
{
@@ -246,18 +257,31 @@ class auth_login
** 49 - Wrong password
** 53 - Account inactive (manually locked out by administrator)
*/
- $this->makeErrorText(); // Read the error code and explanatory string
+ $this->makeErrorText(); // Read the error code and explanatory string
- switch ($this -> ldapErrorCode)
+ switch ($this->ldapErrorCode)
{
- case 32 :
- return AUTH_NOUSER;
- case 49 :
- return AUTH_BADPASSWORD;
+ case 32 :
+ return AUTH_NOUSER;
+ case 49 :
+ return AUTH_BADPASSWORD;
}
// return error code as if it never connected, maybe change that in the future
- return AUTH_NOCONNECT;
+ return AUTH_NOCONNECT;
}
}
+
+ // Function to decode some special values
+ function translate($word)
+ {
+ global $tp;
+ switch ($tp->uStrToUpper($word))
+ {
+ case 'TRUE' : return TRUE;
+ case 'FALSE' : return FALSE;
+ }
+ return $word;
+ }
}
+
?>
diff --git a/e107_plugins/alt_auth/ldap_conf.php b/e107_plugins/alt_auth/ldap_conf.php
index 0a3ff4ae6..ef0e9ccc0 100755
--- a/e107_plugins/alt_auth/ldap_conf.php
+++ b/e107_plugins/alt_auth/ldap_conf.php
@@ -11,8 +11,8 @@
| GNU General Public License (http://gnu.org).
|
| $Source: /cvs_backup/e107_0.8/e107_plugins/alt_auth/ldap_conf.php,v $
-| $Revision: 1.3 $
-| $Date: 2008-09-02 19:39:12 $
+| $Revision: 1.4 $
+| $Date: 2008-12-01 21:47:17 $
| $Author: e107steved $
+----------------------------------------------------------------------------+
*/
@@ -77,10 +77,12 @@ $text .= "";
$text .= "|
";
-
$text .= "|
";
+$text .= "|
";
$text .= "|