diff options
| author | Troels Liebe Bentsen <tlb@rapanden.dk> | 2005-05-11 21:54:05 +0200 |
|---|---|---|
| committer | Troels Liebe Bentsen <tlb@rapanden.dk> | 2005-05-11 21:54:05 +0200 |
| commit | 2984f237d5db7ebb53ff9b904626c974f74dc415 (patch) | |
| tree | bb53be13af0587ce4e074c529fed1f95a091f2ad | |
| parent | 2560aa4a6bee47f396e0e04b934ebaf3b898c43e (diff) | |
| download | rpg-2984f237d5db7ebb53ff9b904626c974f74dc415.tar.gz rpg-2984f237d5db7ebb53ff9b904626c974f74dc415.tar.bz2 | |
More flexible LDAP syntax for the configuration, should also make it posible to use non std. LDAP's like MS without having to use a special login user.
darcs-hash:20050511195405-ee6b9-07c63cc0e096e22900a77fe8d044d2c3f2500589.gz
| -rw-r--r-- | inc/auth_ldap.php | 51 |
1 files changed, 40 insertions, 11 deletions
diff --git a/inc/auth_ldap.php b/inc/auth_ldap.php index a9cc41112..6c4562313 100644 --- a/inc/auth_ldap.php +++ b/inc/auth_ldap.php @@ -83,7 +83,7 @@ function auth_checkPass($user,$pass){ if(!$dn) return false; } else { // dn is defined in the usertree - $dn = str_replace('%u', $user, $cnf['usertree']); + $dn = auth_ldap_makeFilter($cnf['usertree'], array('user'=>$user)); } //try to bind with dn if(@ldap_bind($conn,$dn,$pass)){ @@ -138,24 +138,26 @@ function auth_getUserData($user){ return false; } } + $info['user']= $user; //get info for given user - $base = str_replace('%u',$user,$cnf['usertree']); + $base = auth_ldap_makeFilter($cnf['usertree'], $info); if(!empty($cnf['userfilter'])) { - $filter = str_replace('%u',$user,$cnf['userfilter']); + $filter = auth_ldap_makeFilter($cnf['userfilter'], $info); } else { $filter = "(ObjectClass=*)"; } $sr = ldap_search($conn, $base, $filter);; $result = ldap_get_entries($conn, $sr); + $user_result = $result[0]; if($result['count'] != 1){ return false; //user not found } //general user info - $info['dn'] = $result[0]['dn']; - $info['mail']= $result[0]['mail'][0]; - $info['name']= $result[0]['cn'][0]; + $info['dn']= $user_result['dn']; + $info['mail']= $user_result['mail'][0]; + $info['name']= $user_result['cn'][0]; //use ActiveDirectory sAMAccountName as uid if(isset($result[0]['sAMAccountName'][0])){ @@ -177,11 +179,11 @@ function auth_getUserData($user){ } //get groups for given user if grouptree is given - if ($cnf['grouptree'] != '') { - $filter = str_replace('%i', $info['uid'], $cnf['groupfilter']); - $filter = str_replace('%u', $user, $filter); - $filter = str_replace('%g', $gid, $filter); - $sr = @ldap_search($conn, $cnf['grouptree'], $filter); + if (!empty($cnf['grouptree'])) { + $base = auth_ldap_makeFilter($cnf['grouptree'], $user_result); + $filter = auth_ldap_makeFilter($cnf['groupfilter'], $user_result); + + $sr = @ldap_search($conn, $base, $filter); if(!$sr){ msg("LDAP: Reading group memberships failed",-1); if($cnf['debug']) msg('LDAP errstr: '.htmlspecialchars(ldap_error($conn)),0); @@ -213,4 +215,31 @@ function auth_createUser($user,$pass,$name,$mail){ } +/** + * Make ldap filter strings. + * + * Used by auth_getUserData to make the filter + * strings for grouptree and groupfilter + * + * filter string ldap search filter with placeholders + * placeholders array array with the placeholders + * + * @author Troels Liebe Bentsen <tlb@rapanden.dk> + * @return string + */ +function auth_ldap_makeFilter($filter, $placeholders) { + preg_match_all("/%{([^}]+)/", $filter, $matches, PREG_PATTERN_ORDER); + //replace each match + foreach ($matches[1] as $match) { + //take first element if array + if(is_array($placeholders[$match])) { + $value = $placeholders[$match][0]; + } else { + $value = $placeholders[$match]; + } + $filter = str_replace('%{'.$match.'}', $value, $filter); + } + return $filter; +} + //Setup VIM: ex: et ts=2 enc=utf-8 : |