diff --git a/phpBB/adm/index.php b/phpBB/adm/index.php
index f99a2f8a73..b8b83a439e 100644
--- a/phpBB/adm/index.php
+++ b/phpBB/adm/index.php
@@ -477,7 +477,7 @@ function validate_config_vars($config_vars, &$cfg_array, &$error)
$cfg_array[$config_name] = trim($cfg_array[$config_name]);
// Make sure no NUL byte is present...
- if (strpos($cfg_array[$config_name], '\0') !== false || strpos($cfg_array[$config_name], '%00') !== false)
+ if (strpos($cfg_array[$config_name], "\0") !== false || strpos($cfg_array[$config_name], '%00') !== false)
{
$cfg_array[$config_name] = '';
break;
diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html
index ee0e2ec46e..26c54d18d4 100644
--- a/phpBB/docs/CHANGELOG.html
+++ b/phpBB/docs/CHANGELOG.html
@@ -226,6 +226,8 @@ p a {
<li>[Fix] Header icons fixed in FF for RTL languages (Bug #14084)</li>
<li>[Change] Words in topic titles and post subjects are highlighted on the search results page and viewtopic too now (Bug #13383)</li>
<li>[Fix] Made sure strip_bbcode cannot get the idea that a smiley is a BBCode (Bug #14030)</li>
+ <li>[Change] Added a filter for user objects to LDAP configuration and improved explanations (Bug #12627)</li>
+ <li>[Fix] Display searchable subforums of invisible parents in advanced search forum selection (Bug #11395)</li>
</ul>
</div>
diff --git a/phpBB/includes/acp/acp_search.php b/phpBB/includes/acp/acp_search.php
index 27c3157723..f8d4f1f80d 100644
--- a/phpBB/includes/acp/acp_search.php
+++ b/phpBB/includes/acp/acp_search.php
@@ -92,7 +92,7 @@ class acp_search
unset($search);
unset($error);
- $cfg_array = (isset($_REQUEST['config'])) ? request_var('config', array('' => '')) : array();
+ $cfg_array = (isset($_REQUEST['config'])) ? request_var('config', array('' => ''), true) : array();
$updated = request_var('updated', false);
foreach ($settings as $config_name => $var_type)
diff --git a/phpBB/includes/auth/auth_ldap.php b/phpBB/includes/auth/auth_ldap.php
index ff6ff3edd1..1e90aebe7e 100644
--- a/phpBB/includes/auth/auth_ldap.php
+++ b/phpBB/includes/auth/auth_ldap.php
@@ -46,7 +46,7 @@ function init_ldap()
$search = @ldap_search(
$ldap,
$config['ldap_base_dn'],
- '(' . $config['ldap_uid'] . '=' . ldap_escape(htmlspecialchars_decode($user->data['username'])) . ')',
+ ldap_user_filter($user->data['username']),
(empty($config['ldap_email'])) ? array($config['ldap_uid']) : array($config['ldap_uid'], $config['ldap_email']),
0,
1
@@ -114,7 +114,7 @@ function login_ldap(&$username, &$password)
$search = @ldap_search(
$ldap,
$config['ldap_base_dn'],
- '(' . $config['ldap_uid'] . '=' . ldap_escape(htmlspecialchars_decode($username)) . ')',
+ ldap_user_filter($username),
(empty($config['ldap_email'])) ? array($config['ldap_uid']) : array($config['ldap_uid'], $config['ldap_email']),
0,
1
@@ -215,6 +215,25 @@ function login_ldap(&$username, &$password)
);
}
+/**
+* Generates a filter string for ldap_search to find a user
+*
+* @param $username string Username identifying the searched user
+*
+* @return string A filter string for ldap_search
+*/
+function ldap_user_filter($username)
+{
+ global $config;
+
+ $filter = '(' . $config['ldap_uid'] . '=' . ldap_escape(htmlspecialchars_decode($username)) . ')';
+ if ($config['ldap_user_filter'])
+ {
+ $filter = "(&$filter({$config['ldap_user_filter']}))";
+ }
+ return $filter;
+}
+
/**
* Escapes an LDAP AttributeValue
*/
@@ -237,14 +256,6 @@ function acp_ldap(&$new)
<dt><label for="ldap_server">' . $user->lang['LDAP_SERVER'] . ':</label><br /><span>' . $user->lang['LDAP_SERVER_EXPLAIN'] . '</span></dt>
<dd><input type="text" id="ldap_server" size="40" name="config[ldap_server]" value="' . $new['ldap_server'] . '" /></dd>
</dl>
- <dl>
- <dt><label for="ldap_user">' . $user->lang['LDAP_USER'] . ':</label><br /><span>' . $user->lang['LDAP_USER_EXPLAIN'] . '</span></dt>
- <dd><input type="text" id="ldap_user" size="40" name="config[ldap_user]" value="' . $new['ldap_user'] . '" /></dd>
- </dl>
- <dl>
- <dt><label for="ldap_password">' . $user->lang['LDAP_PASSWORD'] . ':</label><br /><span>' . $user->lang['LDAP_PASSWORD_EXPLAIN'] . '</span></dt>
- <dd><input type="password" id="ldap_password" size="40" name="config[ldap_password]" value="' . $new['ldap_password'] . '" /></dd>
- </dl>
<dl>
<dt><label for="ldap_dn">' . $user->lang['LDAP_DN'] . ':</label><br /><span>' . $user->lang['LDAP_DN_EXPLAIN'] . '</span></dt>
<dd><input type="text" id="ldap_dn" size="40" name="config[ldap_base_dn]" value="' . $new['ldap_base_dn'] . '" /></dd>
@@ -253,16 +264,28 @@ function acp_ldap(&$new)
<dt><label for="ldap_uid">' . $user->lang['LDAP_UID'] . ':</label><br /><span>' . $user->lang['LDAP_UID_EXPLAIN'] . '</span></dt>
<dd><input type="text" id="ldap_uid" size="40" name="config[ldap_uid]" value="' . $new['ldap_uid'] . '" /></dd>
</dl>
+ <dl>
+ <dt><label for="ldap_user_filter">' . $user->lang['LDAP_USER_FILTER'] . ':</label><br /><span>' . $user->lang['LDAP_USER_FILTER_EXPLAIN'] . '</span></dt>
+ <dd><input type="text" id="ldap_user_filter" size="40" name="config[ldap_user_filter]" value="' . $new['ldap_user_filter'] . '" /></dd>
+ </dl>
<dl>
<dt><label for="ldap_email">' . $user->lang['LDAP_EMAIL'] . ':</label><br /><span>' . $user->lang['LDAP_EMAIL_EXPLAIN'] . '</span></dt>
<dd><input type="text" id="ldap_email" size="40" name="config[ldap_email]" value="' . $new['ldap_email'] . '" /></dd>
</dl>
+ <dl>
+ <dt><label for="ldap_user">' . $user->lang['LDAP_USER'] . ':</label><br /><span>' . $user->lang['LDAP_USER_EXPLAIN'] . '</span></dt>
+ <dd><input type="text" id="ldap_user" size="40" name="config[ldap_user]" value="' . $new['ldap_user'] . '" /></dd>
+ </dl>
+ <dl>
+ <dt><label for="ldap_password">' . $user->lang['LDAP_PASSWORD'] . ':</label><br /><span>' . $user->lang['LDAP_PASSWORD_EXPLAIN'] . '</span></dt>
+ <dd><input type="password" id="ldap_password" size="40" name="config[ldap_password]" value="' . $new['ldap_password'] . '" /></dd>
+ </dl>
';
// These are fields required in the config table
return array(
'tpl' => $tpl,
- 'config' => array('ldap_server', 'ldap_user', 'ldap_password', 'ldap_base_dn', 'ldap_uid', 'ldap_email')
+ 'config' => array('ldap_server', 'ldap_base_dn', 'ldap_uid', 'ldap_user_filter', 'ldap_email', 'ldap_user', 'ldap_password')
);
}
diff --git a/phpBB/install/database_update.php b/phpBB/install/database_update.php
index 5179979f5f..393d1d3082 100644
--- a/phpBB/install/database_update.php
+++ b/phpBB/install/database_update.php
@@ -1496,6 +1496,7 @@ if (version_compare($current_version, '3.0.RC4', '<='))
// Setting this here again because new installations may not have it...
set_config('cron_lock', '0', true);
+ set_config('ldap_user_filter', '');
$no_updates = false;
}
diff --git a/phpBB/language/en/acp/board.php b/phpBB/language/en/acp/board.php
index af88b47db5..8c1f502b09 100644
--- a/phpBB/language/en/acp/board.php
+++ b/phpBB/language/en/acp/board.php
@@ -304,13 +304,15 @@ $lang = array_merge($lang, array(
'LDAP_NO_EMAIL' => 'The specified e-mail attribute does not exist.',
'LDAP_NO_IDENTITY' => 'Could not find a login identity for %s.',
'LDAP_PASSWORD' => 'LDAP password',
- 'LDAP_PASSWORD_EXPLAIN' => 'Leave blank to use anonymous access. Else fill in the password for the above user. <strong>WARNING:</strong> This password will be stored as plain text in the database visible to everybody who can access your database.',
+ 'LDAP_PASSWORD_EXPLAIN' => 'Leave blank to use anonymous binding. Else fill in the password for the above user. Required for Active Directory Servers. <strong>WARNING:</strong> This password will be stored as plain text in the database visible to everybody who can access your database or who can view this configuration page.',
'LDAP_SERVER' => 'LDAP server name',
- 'LDAP_SERVER_EXPLAIN' => 'If using LDAP this is the name or IP address of the server.',
+ 'LDAP_SERVER_EXPLAIN' => 'If using LDAP this is the hostname or IP address of the LDAP server. Alternatively you can specify an URL like ldap://hostname:port/',
'LDAP_UID' => 'LDAP <var>uid</var>',
'LDAP_UID_EXPLAIN' => 'This is the key under which to search for a given login identity, e.g. <var>uid</var>, <var>sn</var>, etc.',
- 'LDAP_USER' => 'LDAP user',
- 'LDAP_USER_EXPLAIN' => 'Leave blank to use anonymous access. If filled in phpBB will connect to the LDAP server as the specified user.',
+ 'LDAP_USER' => 'LDAP user <var>dn</var>',
+ 'LDAP_USER_EXPLAIN' => 'Leave blank to use anonymous binding. If filled in phpBB uses the specified distinguished name on login attempts to find the correct user, e.g. <samp>uid=Username,ou=MyUnit,o=MyCompany,c=US</samp>. Required for Active Directory Servers.',
+ 'LDAP_USER_FILTER' => 'LDAP user filter',
+ 'LDAP_USER_FILTER_EXPLAIN' => 'Optionally you can further limit the searched objects with additional filters. For example <samp>objectClass=posixGroup</samp> would result in the use of <samp>(&(uid=$username)(objectClass=posixGroup))</samp>',
));
// Server Settings
diff --git a/phpBB/search.php b/phpBB/search.php
index 9a50ce2fcb..d9010b73a8 100644
--- a/phpBB/search.php
+++ b/phpBB/search.php
@@ -939,9 +939,9 @@ while ($row = $db->sql_fetchrow($result))
continue;
}
- if (!$auth->acl_get('f_list', $row['forum_id']) || $row['forum_type'] == FORUM_LINK || ($row['forum_password'] && !$row['user_id']))
+ if ($row['forum_type'] == FORUM_LINK || ($row['forum_password'] && !$row['user_id']))
{
- // if the user does not have permissions to list this forum skip to the next branch
+ // if this forum is a link or password protected (user has not entered the password yet) then skip to the next branch
continue;
}
@@ -964,9 +964,9 @@ while ($row = $db->sql_fetchrow($result))
$right = $row['right_id'];
- if (!$auth->acl_get('f_search', $row['forum_id']))
+ if ($auth->acl_gets('!f_search', '!f_list', $row['forum_id']))
{
- // if the user does not have permissions to search this forum skip only this forum/category
+ // if the user does not have permissions to search or see this forum skip only this forum/category
continue;
}