summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTroels Liebe Bentsen <tlb@rapanden.dk>2005-05-11 20:16:39 +0200
committerTroels Liebe Bentsen <tlb@rapanden.dk>2005-05-11 20:16:39 +0200
commitfbe2891deead0986a3040a4cbbdfafc913f38542 (patch)
tree6704b757586fe6fb9b9e495776bf4fe5dd755274
parent88f522e9425377c55c77b6a6dad1d5080a2adf75 (diff)
downloadrpg-fbe2891deead0986a3040a4cbbdfafc913f38542.tar.gz
rpg-fbe2891deead0986a3040a4cbbdfafc913f38542.tar.bz2
Add option to not do anonymous bind and make i posible to be more script about where to locate user, version 2.
darcs-hash:20050511181639-ee6b9-c4ffc656a4a6af7848bcbca30270d2a869c02da6.gz
Diffstat
-rw-r--r--inc/auth_ldap.php24
1 files changed, 16 insertions, 8 deletions
diff --git a/inc/auth_ldap.php b/inc/auth_ldap.php
index 6c852810d..5d70f38f5 100644
--- a/inc/auth_ldap.php
+++ b/inc/auth_ldap.php
@@ -76,11 +76,15 @@ function auth_checkPass($user,$pass){
$conn = auth_ldap_connect();
if(!$conn) return false;
- //get dn for given user
- $info = auth_getUserData($user);
- $dn = $info['dn'];
- if(!$dn) return false;
-
+ if(!empty($cnf['userfilter'])) {
+ //get dn for given user
+ $info = auth_getUserData($user);
+ $dn = $info['dn'];
+ if(!$dn) return false;
+ } else {
+ // dn is defined in the usertree
+ $dn = str_replace('%u', $user, $cnf['usertree']);
+ }
//try to bind with dn
if(@ldap_bind($conn,$dn,$pass)){
if($cnf['debug']) msg('LDAP errstr: '.htmlspecialchars(ldap_error($conn)),0);
@@ -126,8 +130,8 @@ function auth_getUserData($user){
if($cnf['debug']) msg('LDAP errstr: '.htmlspecialchars(ldap_error($conn)),0);
return false;
}
- }else{
- //bind anonymous
+ }elseif(!empty($cnf['userfilter'])){
+ //bind anonymous if we need to do a search for the dn
if(!@ldap_bind($conn)){
msg("LDAP: can not bind anonymously",-1);
if($cnf['debug']) msg('LDAP errstr: '.htmlspecialchars(ldap_error($conn)),0);
@@ -136,8 +140,12 @@ function auth_getUserData($user){
}
//get info for given user
- $filter = str_replace('%u',$user,$cnf['userfilter']);
$base = str_replace('%u',$user,$cnf['usertree']);
+ if(!empty($cnf['userfilter'])) {
+ $filter = str_replace('%u',$user,$cnf['userfilter']);
+ } else {
+ $filter = "(ObjectClass=*)";
+ }
$sr = ldap_search($conn, $base, $filter);;
$result = ldap_get_entries($conn, $sr);
if($result['count'] != 1){
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-10 09:29:20 +0000