MDL-8590 fixed ldap creators, added new option to specify dn in member attribute; merged from MOODLE_18_STABLE

This commit is contained in:
skodak 2007-03-29 15:53:09 +00:00
parent c9e4ba362d
commit cd874e2133
3 changed files with 30 additions and 10 deletions

View File

@ -1215,39 +1215,42 @@ class auth_plugin_ldap extends auth_plugin_base {
// Takes username and groupdn(s) , separated by ;
// Returns true if user is member of any given groups
$result = false;
$ldapconnection = $this->ldap_connect();
if (empty($username) or empty($groupdns)) {
return $result;
if (empty($extusername) or empty($groupdns)) {
return false;
}
if ($this->config->memberattribute_isdn) {
$username=$this->ldap_find_userdn($ldapconnection, $username);
$memberuser = $this->ldap_find_userdn($ldapconnection, $extusername);
} else {
$memberuser = $extusername;
}
if (! $username ) {
return $result;
if (empty($memberuser)) {
return false;
}
$groups = explode(";",$groupdns);
$result = false;
foreach ($groups as $group) {
$group = trim($group);
if (empty($group)) {
continue;
}
//echo "Checking group $group for member $username\n";
$search = @ldap_read($ldapconnection, $group, '('.$this->config->memberattribute.'='.$this->filter_addslashes($username).')', array($this->config->memberattribute));
if (!empty($search) and ldap_count_entries($ldapconnection, $search)) {$info = $this->ldap_get_entries($ldapconnection, $search);
$search = ldap_read($ldapconnection, $group, '('.$this->config->memberattribute.'='.$this->filter_addslashes($memberuser).')', array($this->config->memberattribute));
if (!empty($search) and ldap_count_entries($ldapconnection, $search)) {
$info = $this->ldap_get_entries($ldapconnection, $search);
if (count($info) > 0 ) {
// user is member of group
$result = true;
break;
}
}
}
}
return $result;
@ -1572,6 +1575,8 @@ class auth_plugin_ldap extends auth_plugin_base {
{$config->objectclass = ''; }
if (!isset($config->memberattribute))
{$config->memberattribute = ''; }
if (!isset($config->memberattribute_isdn))
{$config->memberattribute_isdn = ''; }
if (!isset($config->creators))
{$config->creators = ''; }
if (!isset($config->create_context))
@ -1612,6 +1617,7 @@ class auth_plugin_ldap extends auth_plugin_base {
set_config('version', $config->version, 'auth/ldap');
set_config('objectclass', $config->objectclass, 'auth/ldap');
set_config('memberattribute', $config->memberattribute, 'auth/ldap');
set_config('memberattribute_isdn', $config->memberattribute_isdn, 'auth/ldap');
set_config('creators', $config->creators, 'auth/ldap');
set_config('create_context', $config->create_context, 'auth/ldap');
set_config('expiration', $config->expiration, 'auth/ldap');

View File

@ -27,6 +27,8 @@
{$config->objectclass = ''; }
if (!isset($config->memberattribute))
{$config->memberattribute = ''; }
if (!isset($config->memberattribute_isdn))
{$config->memberattribute_isdn = ''; }
if (!isset($config->creators))
{$config->creators = ''; }
if (!isset($config->create_context))
@ -221,6 +223,16 @@ if (!function_exists('ldap_connect')) { // Is php4-ldap really there?
</td>
</tr>
<tr valign="top" class="required">
<td align="right"><label for="memberattribute_isdn"><?php print_string('auth_ldap_memberattribute_isdn_key','auth') ?></label></td>
<td>
<input name="memberattribute" id="memberattribute_isdn" type="text" size="30" value="<?php echo $config->memberattribute_isdn?>" />
<?php if (isset($err['memberattribute_isdn'])) formerr($err['memberattribute_isdn']); ?>
</td><td>
<?php print_string('auth_ldap_memberattribute_isdn','auth') ?>
</td>
</tr>
<tr valign="top" class="required">
<td align="right"><label for="objectclass"><?php print_string('auth_ldap_objectclass_key','auth') ?></label></td>
<td>

View File

@ -156,6 +156,7 @@ $string['auth_ldap_host_url'] = 'Specify LDAP host in URL-form like \'ldap://lda
$string['auth_ldap_ldap_encoding'] = 'Specify encoding used by LDAP server. Most probably utf-8, MS AD v2 uses default platform encoding such as cp1252, cp1250, etc.';
$string['auth_ldap_login_settings'] = 'Login settings';
$string['auth_ldap_memberattribute'] = 'Optional: Overrides user member attribute, when users belongs to a group. Usually \'member\'';
$string['auth_ldap_memberattribute_isdn'] = 'Optional: Overrides handling of member attribute values, either 0 or 1';
$string['auth_ldap_objectclass'] = 'Optional: Overrides objectClass used to name/search users on ldap_user_type. Usually you dont need to chage this.';
$string['auth_ldap_opt_deref'] = 'Determines how aliases are handled during search. Select one of the following values: \"No\" (LDAP_DEREF_NEVER) or \"Yes\" (LDAP_DEREF_ALWAYS)';
$string['auth_ldap_passwdexpire_settings'] = 'LDAP password expiration settings.';
@ -188,6 +189,7 @@ $string['auth_ldap_search_sub_key'] = 'Search subcontexts';
$string['auth_ldap_opt_deref_key'] = 'Dereference aliases';
$string['auth_ldap_user_attribute_key'] = 'User attribute';
$string['auth_ldap_memberattribute_key'] = 'Member attribute';
$string['auth_ldap_memberattribute_isdn_key'] = 'Member attribute uses dn';
$string['auth_ldap_objectclass_key'] = 'Object class';
$string['auth_ldap_changepasswordurl_key'] = 'Password-change URL';
$string['auth_ldap_expiration_key'] = 'Expiration';