mirror of
https://github.com/moodle/moodle.git
synced 2025-03-14 04:30:15 +01:00
MDL-8590 fixed ldap creators, added new option to specify dn in member attribute; merged from MOODLE_18_STABLE
This commit is contained in:
parent
c9e4ba362d
commit
cd874e2133
@ -1215,39 +1215,42 @@ class auth_plugin_ldap extends auth_plugin_base {
|
||||
// Takes username and groupdn(s) , separated by ;
|
||||
// Returns true if user is member of any given groups
|
||||
|
||||
$result = false;
|
||||
$ldapconnection = $this->ldap_connect();
|
||||
|
||||
if (empty($username) or empty($groupdns)) {
|
||||
return $result;
|
||||
if (empty($extusername) or empty($groupdns)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if ($this->config->memberattribute_isdn) {
|
||||
$username=$this->ldap_find_userdn($ldapconnection, $username);
|
||||
$memberuser = $this->ldap_find_userdn($ldapconnection, $extusername);
|
||||
} else {
|
||||
$memberuser = $extusername;
|
||||
}
|
||||
if (! $username ) {
|
||||
return $result;
|
||||
|
||||
if (empty($memberuser)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$groups = explode(";",$groupdns);
|
||||
|
||||
$result = false;
|
||||
foreach ($groups as $group) {
|
||||
$group = trim($group);
|
||||
if (empty($group)) {
|
||||
continue;
|
||||
}
|
||||
//echo "Checking group $group for member $username\n";
|
||||
$search = @ldap_read($ldapconnection, $group, '('.$this->config->memberattribute.'='.$this->filter_addslashes($username).')', array($this->config->memberattribute));
|
||||
|
||||
if (!empty($search) and ldap_count_entries($ldapconnection, $search)) {$info = $this->ldap_get_entries($ldapconnection, $search);
|
||||
$search = ldap_read($ldapconnection, $group, '('.$this->config->memberattribute.'='.$this->filter_addslashes($memberuser).')', array($this->config->memberattribute));
|
||||
if (!empty($search) and ldap_count_entries($ldapconnection, $search)) {
|
||||
$info = $this->ldap_get_entries($ldapconnection, $search);
|
||||
|
||||
if (count($info) > 0 ) {
|
||||
// user is member of group
|
||||
$result = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return $result;
|
||||
|
||||
@ -1572,6 +1575,8 @@ class auth_plugin_ldap extends auth_plugin_base {
|
||||
{$config->objectclass = ''; }
|
||||
if (!isset($config->memberattribute))
|
||||
{$config->memberattribute = ''; }
|
||||
if (!isset($config->memberattribute_isdn))
|
||||
{$config->memberattribute_isdn = ''; }
|
||||
if (!isset($config->creators))
|
||||
{$config->creators = ''; }
|
||||
if (!isset($config->create_context))
|
||||
@ -1612,6 +1617,7 @@ class auth_plugin_ldap extends auth_plugin_base {
|
||||
set_config('version', $config->version, 'auth/ldap');
|
||||
set_config('objectclass', $config->objectclass, 'auth/ldap');
|
||||
set_config('memberattribute', $config->memberattribute, 'auth/ldap');
|
||||
set_config('memberattribute_isdn', $config->memberattribute_isdn, 'auth/ldap');
|
||||
set_config('creators', $config->creators, 'auth/ldap');
|
||||
set_config('create_context', $config->create_context, 'auth/ldap');
|
||||
set_config('expiration', $config->expiration, 'auth/ldap');
|
||||
|
@ -27,6 +27,8 @@
|
||||
{$config->objectclass = ''; }
|
||||
if (!isset($config->memberattribute))
|
||||
{$config->memberattribute = ''; }
|
||||
if (!isset($config->memberattribute_isdn))
|
||||
{$config->memberattribute_isdn = ''; }
|
||||
if (!isset($config->creators))
|
||||
{$config->creators = ''; }
|
||||
if (!isset($config->create_context))
|
||||
@ -221,6 +223,16 @@ if (!function_exists('ldap_connect')) { // Is php4-ldap really there?
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
<tr valign="top" class="required">
|
||||
<td align="right"><label for="memberattribute_isdn"><?php print_string('auth_ldap_memberattribute_isdn_key','auth') ?></label></td>
|
||||
<td>
|
||||
<input name="memberattribute" id="memberattribute_isdn" type="text" size="30" value="<?php echo $config->memberattribute_isdn?>" />
|
||||
<?php if (isset($err['memberattribute_isdn'])) formerr($err['memberattribute_isdn']); ?>
|
||||
</td><td>
|
||||
<?php print_string('auth_ldap_memberattribute_isdn','auth') ?>
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
<tr valign="top" class="required">
|
||||
<td align="right"><label for="objectclass"><?php print_string('auth_ldap_objectclass_key','auth') ?></label></td>
|
||||
<td>
|
||||
|
@ -156,6 +156,7 @@ $string['auth_ldap_host_url'] = 'Specify LDAP host in URL-form like \'ldap://lda
|
||||
$string['auth_ldap_ldap_encoding'] = 'Specify encoding used by LDAP server. Most probably utf-8, MS AD v2 uses default platform encoding such as cp1252, cp1250, etc.';
|
||||
$string['auth_ldap_login_settings'] = 'Login settings';
|
||||
$string['auth_ldap_memberattribute'] = 'Optional: Overrides user member attribute, when users belongs to a group. Usually \'member\'';
|
||||
$string['auth_ldap_memberattribute_isdn'] = 'Optional: Overrides handling of member attribute values, either 0 or 1';
|
||||
$string['auth_ldap_objectclass'] = 'Optional: Overrides objectClass used to name/search users on ldap_user_type. Usually you dont need to chage this.';
|
||||
$string['auth_ldap_opt_deref'] = 'Determines how aliases are handled during search. Select one of the following values: \"No\" (LDAP_DEREF_NEVER) or \"Yes\" (LDAP_DEREF_ALWAYS)';
|
||||
$string['auth_ldap_passwdexpire_settings'] = 'LDAP password expiration settings.';
|
||||
@ -188,6 +189,7 @@ $string['auth_ldap_search_sub_key'] = 'Search subcontexts';
|
||||
$string['auth_ldap_opt_deref_key'] = 'Dereference aliases';
|
||||
$string['auth_ldap_user_attribute_key'] = 'User attribute';
|
||||
$string['auth_ldap_memberattribute_key'] = 'Member attribute';
|
||||
$string['auth_ldap_memberattribute_isdn_key'] = 'Member attribute uses dn';
|
||||
$string['auth_ldap_objectclass_key'] = 'Object class';
|
||||
$string['auth_ldap_changepasswordurl_key'] = 'Password-change URL';
|
||||
$string['auth_ldap_expiration_key'] = 'Expiration';
|
||||
|
Loading…
x
Reference in New Issue
Block a user