From 12d195ab7189878b41dc4d211befafc79ae402a6 Mon Sep 17 00:00:00 2001
From: Andreas Gohr <andi@splitbrain.org>
Date: Fri, 7 Jun 2013 12:48:07 +0200
Subject: treat empty AD credentials as NULL values FS#2781

---
 lib/plugins/authad/auth.php | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'lib/plugins/authad/auth.php')

diff --git a/lib/plugins/authad/auth.php b/lib/plugins/authad/auth.php
index b6b5dd268..fcbd2eeef 100644
--- a/lib/plugins/authad/auth.php
+++ b/lib/plugins/authad/auth.php
@@ -489,6 +489,11 @@ class auth_plugin_authad extends DokuWiki_Auth_Plugin {
             $this->cando['modPass'] = false;
         }
 
+        // adLDAP expects empty user/pass as NULL, we're less strict FS#2781
+        if(empty($opts['admin_username'])) $opts['admin_username'] = null;
+        if(empty($opts['admin_password'])) $opts['admin_password'] = null;
+
+        // user listing needs admin priviledges
         if(!empty($opts['admin_username']) && !empty($opts['admin_password'])) {
             $this->cando['getUsers'] = true;
         } else {
-- 
cgit v1.2.3


From d34a2a38603431bc5caa74b726a6f58d86a70530 Mon Sep 17 00:00:00 2001
From: Andreas Gohr <andi@splitbrain.org>
Date: Tue, 22 Oct 2013 21:45:37 +0200
Subject: allow charset for SSO to be configured FS#2148

---
 lib/plugins/authad/auth.php | 26 +++++++++++++++++---------
 1 file changed, 17 insertions(+), 9 deletions(-)

(limited to 'lib/plugins/authad/auth.php')

diff --git a/lib/plugins/authad/auth.php b/lib/plugins/authad/auth.php
index fcbd2eeef..e1d758fb8 100644
--- a/lib/plugins/authad/auth.php
+++ b/lib/plugins/authad/auth.php
@@ -92,16 +92,24 @@ class auth_plugin_authad extends DokuWiki_Auth_Plugin {
         }
 
         // Prepare SSO
-        if(!utf8_check($_SERVER['REMOTE_USER'])) {
-            $_SERVER['REMOTE_USER'] = utf8_encode($_SERVER['REMOTE_USER']);
-        }
-        if($_SERVER['REMOTE_USER'] && $this->conf['sso']) {
-            $_SERVER['REMOTE_USER'] = $this->cleanUser($_SERVER['REMOTE_USER']);
+        if(!empty($_SERVER['REMOTE_USER'])) {
+
+            // make sure the right encoding is used
+            if($this->getConf('sso_charset')) {
+                $_SERVER['REMOTE_USER'] = iconv($this->getConf('sso_charset'), 'UTF-8', $_SERVER['REMOTE_USER']);
+            } elseif(!utf8_check($_SERVER['REMOTE_USER'])) {
+                $_SERVER['REMOTE_USER'] = utf8_encode($_SERVER['REMOTE_USER']);
+            }
 
-            // we need to simulate a login
-            if(empty($_COOKIE[DOKU_COOKIE])) {
-                $INPUT->set('u', $_SERVER['REMOTE_USER']);
-                $INPUT->set('p', 'sso_only');
+            // trust the incoming user
+            if($this->conf['sso']) {
+                $_SERVER['REMOTE_USER'] = $this->cleanUser($_SERVER['REMOTE_USER']);
+
+                // we need to simulate a login
+                if(empty($_COOKIE[DOKU_COOKIE])) {
+                    $INPUT->set('u', $_SERVER['REMOTE_USER']);
+                    $INPUT->set('p', 'sso_only');
+                }
             }
         }
 
-- 
cgit v1.2.3