From 681ce77bc0dc5828eae2bb48471db9e373437e4b Mon Sep 17 00:00:00 2001 From: "bbaetz%acm.org" <> Date: Sat, 22 Mar 2003 12:47:09 +0000 Subject: Bug 180642 - Move authentication code into a module r=gerv, justdave a=justdave --- defparams.pl | 75 ++++++++++++++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 65 insertions(+), 10 deletions(-) (limited to 'defparams.pl') diff --git a/defparams.pl b/defparams.pl index f75ead4b2..31a7786ac 100644 --- a/defparams.pl +++ b/defparams.pl @@ -123,6 +123,31 @@ sub check_netmask { return ""; } +sub check_loginmethod { + # doeditparams traverses the list of params, and for each one it checks, + # then updates. This means that if one param checker wants to look at + # other params, it must be below that other one. So you can't have two + # params mutually dependant on each other. + # This means that if someone clears the LDAP config params after setting + # the login method as LDAP, we won't notice, but all logins will fail. + # So don't do that. + + my ($method, $entry) = @_; + my $res = check_multi($method, $entry); + return $res if $res; + if ($method eq 'DB') { + # No params + } elsif ($method eq 'LDAP') { + eval "require Net::LDAP"; + return "Error requiring Net::LDAP: '$@'" if $@; + return "LDAP servername is missing" unless Param("LDAPserver"); + return "LDAPBaseDN is empty" unless Param("LDAPBaseDN"); + } else { + return "Unknown loginmethod '$method' in check_loginmethod"; + } + return ""; +} + # OK, here are the parameter definitions themselves. # # Each definition is a hash with keys: @@ -322,16 +347,6 @@ sub check_netmask { checker => \&check_shadowdb }, - { - name => 'useLDAP', - desc => 'Turn this on to use an LDAP directory for user authentication ' . - 'instead of the Bugzilla database. (User profiles will still be ' . - 'stored in the database, and will match against the LDAP user by ' . - 'email address.)', - type => 'b', - default => 0 - }, - { name => 'LDAPserver', desc => 'The name (and optionally port) of your LDAP server. (e.g. ' . @@ -340,6 +355,16 @@ sub check_netmask { default => '' }, + { + name => 'LDAPbinddn', + desc => 'If your LDAP server requires that you use a binddn and password ' . + 'instead of binding anonymously, enter it here ' . + '(e.g. cn=default,cn=user:password). ' . + 'Leave this empty for the normal case of an anonymous bind.', + type => 't', + default => '' + }, + { name => 'LDAPBaseDN', desc => 'The BaseDN for authenticating users against. (e.g. ' . @@ -348,6 +373,13 @@ sub check_netmask { default => '' }, + { + name => 'LDAPuidattribute', + desc => 'The name of the attribute containing the user\'s login name.', + type => 't', + default => 'uid' + }, + { name => 'LDAPmailattribute', desc => 'The name of the attribute of a user in your directory that ' . @@ -356,6 +388,29 @@ sub check_netmask { default => 'mail' }, + { + name => 'loginmethod', + desc => 'The type of login authentication to use: +
+
DB
+
+ Bugzilla\'s builtin authentication. This is the most common + choice. +
+
LDAP
+
+ LDAP authentication using an LDAP server. This method is + experimental; please see the Bugzilla documentation for more + information. Using this method requires additional parameters + to be set above. +
+
', + type => 's', + choices => [ 'DB', 'LDAP' ], + default => 'DB', + checker => \&check_loginmethod + }, + { name => 'mostfreqthreshold', desc => 'The minimum number of duplicates a bug needs to show up on the ' . -- cgit v1.2.3-24-g4f1b