diff options
author | Florian Pritz <bluewind@xinu.at> | 2018-07-23 10:47:22 +0200 |
---|---|---|
committer | Florian Pritz <bluewind@xinu.at> | 2018-07-23 10:47:22 +0200 |
commit | 1925f37b96713bffa30c021944c4bc3031e5f1f6 (patch) | |
tree | e3c0ecb5363d25d92e6a01f519ad2ba9cce2f057 | |
parent | 95e600519a98e593540e6ed41570e4915dba862a (diff) | |
parent | fef3ac527c398d179de57361bf27476c504cc061 (diff) |
Merge branch 'raphaelm-patch-1' into dev
-rw-r--r-- | application/config/config.php | 8 | ||||
-rw-r--r-- | application/libraries/Duser/drivers/Duser_ldap.php | 17 |
2 files changed, 21 insertions, 4 deletions
diff --git a/application/config/config.php b/application/config/config.php index 4f4e868f0..e120beaf6 100644 --- a/application/config/config.php +++ b/application/config/config.php @@ -596,7 +596,13 @@ if (extension_loaded("ldap")) { ), // Please note that php-ldap converts attributes to lowercase "userid_field" => "uidnumber", // This has to be a unique integer - "username_field" => "uid" // This is the value the user supplies on the login form + "username_field" => "uid", // This is the value the user supplies on the login form + // Optional parameters + // "bind_rdn" => "uid=search-user,cn=users,dc=example,dc=com", // This is the user used to authenticate for searches + // "bind_password" => "***", // This is the password for the search user + // You can optionally filter the LDAP users who are allowed to log in using any valid LDAP filter. %s will be replaced + // by the user name. + // "filter" => "(&(uid=%s)(memberOf=cn=FileBinUsers,cn=groups,dc=example,dc=com))", ); } diff --git a/application/libraries/Duser/drivers/Duser_ldap.php b/application/libraries/Duser/drivers/Duser_ldap.php index b80385fe0..9481397d0 100644 --- a/application/libraries/Duser/drivers/Duser_ldap.php +++ b/application/libraries/Duser/drivers/Duser_ldap.php @@ -26,15 +26,26 @@ class Duser_ldap extends Duser_Driver { return false; } + if (isset($config['bind_rdn']) && isset($config['bind_password'])) { + ldap_bind($ds, $config['bind_rdn'], $config['bind_password']); + } + + if (isset($config['filter'])) { + $filter = sprintf($config['filter'], $username); + } else { + $filter = $config["username_field"].'='.$username; + } + + switch ($config["scope"]) { case "base": - $r = ldap_read($ds, $config['basedn'], $config["username_field"].'='.$username); + $r = ldap_read($ds, $config['basedn'], $filter); break; case "one": - $r = ldap_list($ds, $config['basedn'], $config["username_field"].'='.$username); + $r = ldap_list($ds, $config['basedn'], $filter); break; case "subtree": - $r = ldap_search($ds, $config['basedn'], $config["username_field"].'='.$username); + $r = ldap_search($ds, $config['basedn'], $filter); break; default: throw new \exceptions\ApiException("libraries/duser/ldap/invalid-ldap-scope", "Invalid LDAP scope"); |