diff --git a/auth/ldap/auth.php b/auth/ldap/auth.php
index c107a24c3ff..85c221e4b3b 100644
--- a/auth/ldap/auth.php
+++ b/auth/ldap/auth.php
@@ -1215,39 +1215,42 @@ class auth_plugin_ldap extends auth_plugin_base {
// Takes username and groupdn(s) , separated by ;
// Returns true if user is member of any given groups
- $result = false;
$ldapconnection = $this->ldap_connect();
- if (empty($username) or empty($groupdns)) {
- return $result;
+ if (empty($extusername) or empty($groupdns)) {
+ return false;
}
if ($this->config->memberattribute_isdn) {
- $username=$this->ldap_find_userdn($ldapconnection, $username);
+ $memberuser = $this->ldap_find_userdn($ldapconnection, $extusername);
+ } else {
+ $memberuser = $extusername;
}
- if (! $username ) {
- return $result;
+
+ if (empty($memberuser)) {
+ return false;
}
$groups = explode(";",$groupdns);
+ $result = false;
foreach ($groups as $group) {
$group = trim($group);
if (empty($group)) {
continue;
}
//echo "Checking group $group for member $username\n";
- $search = @ldap_read($ldapconnection, $group, '('.$this->config->memberattribute.'='.$this->filter_addslashes($username).')', array($this->config->memberattribute));
-
- if (!empty($search) and ldap_count_entries($ldapconnection, $search)) {$info = $this->ldap_get_entries($ldapconnection, $search);
+ $search = ldap_read($ldapconnection, $group, '('.$this->config->memberattribute.'='.$this->filter_addslashes($memberuser).')', array($this->config->memberattribute));
+ if (!empty($search) and ldap_count_entries($ldapconnection, $search)) {
+ $info = $this->ldap_get_entries($ldapconnection, $search);
if (count($info) > 0 ) {
// user is member of group
$result = true;
break;
}
+ }
}
- }
return $result;
@@ -1572,6 +1575,8 @@ class auth_plugin_ldap extends auth_plugin_base {
{$config->objectclass = ''; }
if (!isset($config->memberattribute))
{$config->memberattribute = ''; }
+ if (!isset($config->memberattribute_isdn))
+ {$config->memberattribute_isdn = ''; }
if (!isset($config->creators))
{$config->creators = ''; }
if (!isset($config->create_context))
@@ -1612,6 +1617,7 @@ class auth_plugin_ldap extends auth_plugin_base {
set_config('version', $config->version, 'auth/ldap');
set_config('objectclass', $config->objectclass, 'auth/ldap');
set_config('memberattribute', $config->memberattribute, 'auth/ldap');
+ set_config('memberattribute_isdn', $config->memberattribute_isdn, 'auth/ldap');
set_config('creators', $config->creators, 'auth/ldap');
set_config('create_context', $config->create_context, 'auth/ldap');
set_config('expiration', $config->expiration, 'auth/ldap');
diff --git a/auth/ldap/config.html b/auth/ldap/config.html
index 140f1358278..4b729d463f2 100644
--- a/auth/ldap/config.html
+++ b/auth/ldap/config.html
@@ -27,6 +27,8 @@
{$config->objectclass = ''; }
if (!isset($config->memberattribute))
{$config->memberattribute = ''; }
+ if (!isset($config->memberattribute_isdn))
+ {$config->memberattribute_isdn = ''; }
if (!isset($config->creators))
{$config->creators = ''; }
if (!isset($config->create_context))
@@ -221,6 +223,16 @@ if (!function_exists('ldap_connect')) { // Is php4-ldap really there?
+
+
+
+
+
+
+
+
+
+
diff --git a/lang/en_utf8/auth.php b/lang/en_utf8/auth.php
index bdaadd50424..6d3b7a8613b 100644
--- a/lang/en_utf8/auth.php
+++ b/lang/en_utf8/auth.php
@@ -156,6 +156,7 @@ $string['auth_ldap_host_url'] = 'Specify LDAP host in URL-form like \'ldap://lda
$string['auth_ldap_ldap_encoding'] = 'Specify encoding used by LDAP server. Most probably utf-8, MS AD v2 uses default platform encoding such as cp1252, cp1250, etc.';
$string['auth_ldap_login_settings'] = 'Login settings';
$string['auth_ldap_memberattribute'] = 'Optional: Overrides user member attribute, when users belongs to a group. Usually \'member\'';
+$string['auth_ldap_memberattribute_isdn'] = 'Optional: Overrides handling of member attribute values, either 0 or 1';
$string['auth_ldap_objectclass'] = 'Optional: Overrides objectClass used to name/search users on ldap_user_type. Usually you dont need to chage this.';
$string['auth_ldap_opt_deref'] = 'Determines how aliases are handled during search. Select one of the following values: \"No\" (LDAP_DEREF_NEVER) or \"Yes\" (LDAP_DEREF_ALWAYS)';
$string['auth_ldap_passwdexpire_settings'] = 'LDAP password expiration settings.';
@@ -188,6 +189,7 @@ $string['auth_ldap_search_sub_key'] = 'Search subcontexts';
$string['auth_ldap_opt_deref_key'] = 'Dereference aliases';
$string['auth_ldap_user_attribute_key'] = 'User attribute';
$string['auth_ldap_memberattribute_key'] = 'Member attribute';
+$string['auth_ldap_memberattribute_isdn_key'] = 'Member attribute uses dn';
$string['auth_ldap_objectclass_key'] = 'Object class';
$string['auth_ldap_changepasswordurl_key'] = 'Password-change URL';
$string['auth_ldap_expiration_key'] = 'Expiration';