summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--application/config/config.php8
-rw-r--r--application/libraries/Duser/drivers/Duser_ldap.php17
2 files changed, 21 insertions, 4 deletions
diff --git a/application/config/config.php b/application/config/config.php
index 4f4e868f0..e120beaf6 100644
--- a/application/config/config.php
+++ b/application/config/config.php
@@ -596,7 +596,13 @@ if (extension_loaded("ldap")) {
),
// Please note that php-ldap converts attributes to lowercase
"userid_field" => "uidnumber", // This has to be a unique integer
- "username_field" => "uid" // This is the value the user supplies on the login form
+ "username_field" => "uid", // This is the value the user supplies on the login form
+ // Optional parameters
+ // "bind_rdn" => "uid=search-user,cn=users,dc=example,dc=com", // This is the user used to authenticate for searches
+ // "bind_password" => "***", // This is the password for the search user
+ // You can optionally filter the LDAP users who are allowed to log in using any valid LDAP filter. %s will be replaced
+ // by the user name.
+ // "filter" => "(&(uid=%s)(memberOf=cn=FileBinUsers,cn=groups,dc=example,dc=com))",
);
}
diff --git a/application/libraries/Duser/drivers/Duser_ldap.php b/application/libraries/Duser/drivers/Duser_ldap.php
index b80385fe0..9481397d0 100644
--- a/application/libraries/Duser/drivers/Duser_ldap.php
+++ b/application/libraries/Duser/drivers/Duser_ldap.php
@@ -26,15 +26,26 @@ class Duser_ldap extends Duser_Driver {
return false;
}
+ if (isset($config['bind_rdn']) && isset($config['bind_password'])) {
+ ldap_bind($ds, $config['bind_rdn'], $config['bind_password']);
+ }
+
+ if (isset($config['filter'])) {
+ $filter = sprintf($config['filter'], $username);
+ } else {
+ $filter = $config["username_field"].'='.$username;
+ }
+
+
switch ($config["scope"]) {
case "base":
- $r = ldap_read($ds, $config['basedn'], $config["username_field"].'='.$username);
+ $r = ldap_read($ds, $config['basedn'], $filter);
break;
case "one":
- $r = ldap_list($ds, $config['basedn'], $config["username_field"].'='.$username);
+ $r = ldap_list($ds, $config['basedn'], $filter);
break;
case "subtree":
- $r = ldap_search($ds, $config['basedn'], $config["username_field"].'='.$username);
+ $r = ldap_search($ds, $config['basedn'], $filter);
break;
default:
throw new \exceptions\ApiException("libraries/duser/ldap/invalid-ldap-scope", "Invalid LDAP scope");