From cd874e2133eda198dc7f8c24e8734a774e155661 Mon Sep 17 00:00:00 2001 From: skodak Date: Thu, 29 Mar 2007 15:53:09 +0000 Subject: [PATCH] MDL-8590 fixed ldap creators, added new option to specify dn in member attribute; merged from MOODLE_18_STABLE --- auth/ldap/auth.php | 26 ++++++++++++++++---------- auth/ldap/config.html | 12 ++++++++++++ lang/en_utf8/auth.php | 2 ++ 3 files changed, 30 insertions(+), 10 deletions(-) diff --git a/auth/ldap/auth.php b/auth/ldap/auth.php index c107a24c3ff..85c221e4b3b 100644 --- a/auth/ldap/auth.php +++ b/auth/ldap/auth.php @@ -1215,39 +1215,42 @@ class auth_plugin_ldap extends auth_plugin_base { // Takes username and groupdn(s) , separated by ; // Returns true if user is member of any given groups - $result = false; $ldapconnection = $this->ldap_connect(); - if (empty($username) or empty($groupdns)) { - return $result; + if (empty($extusername) or empty($groupdns)) { + return false; } if ($this->config->memberattribute_isdn) { - $username=$this->ldap_find_userdn($ldapconnection, $username); + $memberuser = $this->ldap_find_userdn($ldapconnection, $extusername); + } else { + $memberuser = $extusername; } - if (! $username ) { - return $result; + + if (empty($memberuser)) { + return false; } $groups = explode(";",$groupdns); + $result = false; foreach ($groups as $group) { $group = trim($group); if (empty($group)) { continue; } //echo "Checking group $group for member $username\n"; - $search = @ldap_read($ldapconnection, $group, '('.$this->config->memberattribute.'='.$this->filter_addslashes($username).')', array($this->config->memberattribute)); - - if (!empty($search) and ldap_count_entries($ldapconnection, $search)) {$info = $this->ldap_get_entries($ldapconnection, $search); + $search = ldap_read($ldapconnection, $group, '('.$this->config->memberattribute.'='.$this->filter_addslashes($memberuser).')', array($this->config->memberattribute)); + if (!empty($search) and ldap_count_entries($ldapconnection, $search)) { + $info = $this->ldap_get_entries($ldapconnection, $search); if (count($info) > 0 ) { // user is member of group $result = true; break; } + } } - } return $result; @@ -1572,6 +1575,8 @@ class auth_plugin_ldap extends auth_plugin_base { {$config->objectclass = ''; } if (!isset($config->memberattribute)) {$config->memberattribute = ''; } + if (!isset($config->memberattribute_isdn)) + {$config->memberattribute_isdn = ''; } if (!isset($config->creators)) {$config->creators = ''; } if (!isset($config->create_context)) @@ -1612,6 +1617,7 @@ class auth_plugin_ldap extends auth_plugin_base { set_config('version', $config->version, 'auth/ldap'); set_config('objectclass', $config->objectclass, 'auth/ldap'); set_config('memberattribute', $config->memberattribute, 'auth/ldap'); + set_config('memberattribute_isdn', $config->memberattribute_isdn, 'auth/ldap'); set_config('creators', $config->creators, 'auth/ldap'); set_config('create_context', $config->create_context, 'auth/ldap'); set_config('expiration', $config->expiration, 'auth/ldap'); diff --git a/auth/ldap/config.html b/auth/ldap/config.html index 140f1358278..4b729d463f2 100644 --- a/auth/ldap/config.html +++ b/auth/ldap/config.html @@ -27,6 +27,8 @@ {$config->objectclass = ''; } if (!isset($config->memberattribute)) {$config->memberattribute = ''; } + if (!isset($config->memberattribute_isdn)) + {$config->memberattribute_isdn = ''; } if (!isset($config->creators)) {$config->creators = ''; } if (!isset($config->create_context)) @@ -221,6 +223,16 @@ if (!function_exists('ldap_connect')) { // Is php4-ldap really there? + + + + + + + + + + diff --git a/lang/en_utf8/auth.php b/lang/en_utf8/auth.php index bdaadd50424..6d3b7a8613b 100644 --- a/lang/en_utf8/auth.php +++ b/lang/en_utf8/auth.php @@ -156,6 +156,7 @@ $string['auth_ldap_host_url'] = 'Specify LDAP host in URL-form like \'ldap://lda $string['auth_ldap_ldap_encoding'] = 'Specify encoding used by LDAP server. Most probably utf-8, MS AD v2 uses default platform encoding such as cp1252, cp1250, etc.'; $string['auth_ldap_login_settings'] = 'Login settings'; $string['auth_ldap_memberattribute'] = 'Optional: Overrides user member attribute, when users belongs to a group. Usually \'member\''; +$string['auth_ldap_memberattribute_isdn'] = 'Optional: Overrides handling of member attribute values, either 0 or 1'; $string['auth_ldap_objectclass'] = 'Optional: Overrides objectClass used to name/search users on ldap_user_type. Usually you dont need to chage this.'; $string['auth_ldap_opt_deref'] = 'Determines how aliases are handled during search. Select one of the following values: \"No\" (LDAP_DEREF_NEVER) or \"Yes\" (LDAP_DEREF_ALWAYS)'; $string['auth_ldap_passwdexpire_settings'] = 'LDAP password expiration settings.'; @@ -188,6 +189,7 @@ $string['auth_ldap_search_sub_key'] = 'Search subcontexts'; $string['auth_ldap_opt_deref_key'] = 'Dereference aliases'; $string['auth_ldap_user_attribute_key'] = 'User attribute'; $string['auth_ldap_memberattribute_key'] = 'Member attribute'; +$string['auth_ldap_memberattribute_isdn_key'] = 'Member attribute uses dn'; $string['auth_ldap_objectclass_key'] = 'Object class'; $string['auth_ldap_changepasswordurl_key'] = 'Password-change URL'; $string['auth_ldap_expiration_key'] = 'Expiration';