From 3e23f03e016611fbb77e51e1ddd7e1e0327f5b2c Mon Sep 17 00:00:00 2001 From: SteScho Date: Thu, 30 Jan 2014 09:31:00 +0100 Subject: Update auth.php In Novell eDir the group search returns strings, not arrays. Added if-statement which determines if the result is an array or an string. --- lib/plugins/authldap/auth.php | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'lib/plugins/authldap') diff --git a/lib/plugins/authldap/auth.php b/lib/plugins/authldap/auth.php index 31e2c5135..d9d4b3d20 100644 --- a/lib/plugins/authldap/auth.php +++ b/lib/plugins/authldap/auth.php @@ -143,6 +143,7 @@ class auth_plugin_authldap extends DokuWiki_Auth_Plugin { * @author Dan Allen * @author * @author Stephane Chazelas + * @author Steffen Schoch * * @param string $user * @param bool $inbind authldap specific, true if in bind phase @@ -241,8 +242,13 @@ class auth_plugin_authldap extends DokuWiki_Auth_Plugin { if(is_array($result)) foreach($result as $grp) { if(!empty($grp[$this->getConf('groupkey')][0])) { - $this->_debug('LDAP usergroup: '.htmlspecialchars($grp[$this->getConf('groupkey')][0]), 0, __LINE__, __FILE__); - $info['grps'][] = $grp[$this->getConf('groupkey')][0]; + if(is_array($grp[$this->getConf('groupkey')][0])) { + $this->_debug('LDAP usergroup: '.htmlspecialchars($grp[$this->getConf('groupkey')][0]), 0, __LINE__, __FILE__); + $info['grps'][] = $grp[$this->getConf('groupkey')][0]; + } else { + $this->_debug('LDAP usergroup: '.htmlspecialchars($grp[$this->getConf('groupkey')]), 0, __LINE__, __FILE__); + $info['grps'][] = $grp[$this->getConf('groupkey')]; + } } } } -- cgit v1.2.3 From 38e97ed02731b8126aff3d921ad82e72212129a2 Mon Sep 17 00:00:00 2001 From: SteScho Date: Mon, 3 Feb 2014 07:39:16 +0100 Subject: Update auth.php As suggested by @selfthinker --- lib/plugins/authldap/auth.php | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) (limited to 'lib/plugins/authldap') diff --git a/lib/plugins/authldap/auth.php b/lib/plugins/authldap/auth.php index d9d4b3d20..98858cb40 100644 --- a/lib/plugins/authldap/auth.php +++ b/lib/plugins/authldap/auth.php @@ -242,13 +242,9 @@ class auth_plugin_authldap extends DokuWiki_Auth_Plugin { if(is_array($result)) foreach($result as $grp) { if(!empty($grp[$this->getConf('groupkey')][0])) { - if(is_array($grp[$this->getConf('groupkey')][0])) { - $this->_debug('LDAP usergroup: '.htmlspecialchars($grp[$this->getConf('groupkey')][0]), 0, __LINE__, __FILE__); - $info['grps'][] = $grp[$this->getConf('groupkey')][0]; - } else { - $this->_debug('LDAP usergroup: '.htmlspecialchars($grp[$this->getConf('groupkey')]), 0, __LINE__, __FILE__); - $info['grps'][] = $grp[$this->getConf('groupkey')]; - } + $groupkey = (is_array($grp[$this->getConf('groupkey')][0])) ? $grp[$this->getConf('groupkey')][0] : $grp[$this->getConf('groupkey')]; + $this->_debug('LDAP usergroup: '.htmlspecialchars($groupkey), 0, __LINE__, __FILE__); + $info['grps'][] = $groupkey; } } } -- cgit v1.2.3 From 9f72d639a21d95cbc5fb211dc4e9bc0584efb0c5 Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Fri, 14 Feb 2014 09:49:55 +0100 Subject: authldap: handle bad groupkey gracefully --- lib/plugins/authldap/auth.php | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) (limited to 'lib/plugins/authldap') diff --git a/lib/plugins/authldap/auth.php b/lib/plugins/authldap/auth.php index 98858cb40..94f3be8d2 100644 --- a/lib/plugins/authldap/auth.php +++ b/lib/plugins/authldap/auth.php @@ -241,10 +241,17 @@ class auth_plugin_authldap extends DokuWiki_Auth_Plugin { ldap_free_result($sr); if(is_array($result)) foreach($result as $grp) { - if(!empty($grp[$this->getConf('groupkey')][0])) { - $groupkey = (is_array($grp[$this->getConf('groupkey')][0])) ? $grp[$this->getConf('groupkey')][0] : $grp[$this->getConf('groupkey')]; - $this->_debug('LDAP usergroup: '.htmlspecialchars($groupkey), 0, __LINE__, __FILE__); - $info['grps'][] = $groupkey; + if(!empty($grp[$this->getConf('groupkey')])) { + $group = $grp[$this->getConf('groupkey')]; + if(is_array($group)){ + $group = $group[0]; + } else { + $this->_debug('groupkey did not return a detailled result', 0, __LINE__, __FILE__); + } + if($group === '') continue; + + $this->_debug('LDAP usergroup: '.htmlspecialchars($group), 0, __LINE__, __FILE__); + $info['grps'][] = $group; } } } -- cgit v1.2.3 From 9a2c73e86d2549a2cd63d7f772b4bb1a3956e46f Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Sat, 15 Feb 2014 12:36:15 +0100 Subject: streamlined retrieveUsers() signature over all auth plugins FS#2919 --- lib/plugins/authldap/auth.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/plugins/authldap') diff --git a/lib/plugins/authldap/auth.php b/lib/plugins/authldap/auth.php index 94f3be8d2..6c3637e15 100644 --- a/lib/plugins/authldap/auth.php +++ b/lib/plugins/authldap/auth.php @@ -281,7 +281,7 @@ class auth_plugin_authldap extends DokuWiki_Auth_Plugin { * @param array $filter array of field/pattern pairs, null for no filter * @return array of userinfo (refer getUserData for internal userinfo details) */ - function retrieveUsers($start = 0, $limit = -1, $filter = array()) { + function retrieveUsers($start = 0, $limit = 0, $filter = array()) { if(!$this->_openLDAP()) return false; if(is_null($this->users)) { @@ -316,7 +316,7 @@ class auth_plugin_authldap extends DokuWiki_Auth_Plugin { } if($this->_filter($user, $info)) { $result[$user] = $info; - if(($limit >= 0) && (++$count >= $limit)) break; + if(($limit > 0) && (++$count >= $limit)) break; } } return $result; -- cgit v1.2.3 From 948d482d02c7bfd8a6b00e1339e7e2300acde137 Mon Sep 17 00:00:00 2001 From: Marina Vladi Date: Sat, 22 Feb 2014 12:51:41 +0100 Subject: translation update --- lib/plugins/authldap/lang/hu/settings.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'lib/plugins/authldap') diff --git a/lib/plugins/authldap/lang/hu/settings.php b/lib/plugins/authldap/lang/hu/settings.php index 041f82755..1e6608dab 100644 --- a/lib/plugins/authldap/lang/hu/settings.php +++ b/lib/plugins/authldap/lang/hu/settings.php @@ -4,9 +4,10 @@ * @license GPL 2 (http://www.gnu.org/licenses/gpl.html) * * @author Marton Sebok + * @author Marina Vladi */ -$lang['server'] = 'LDAP-szerver. Hosztnév (localhost) vagy abszolút URL portszámmal (ldap://server.tld:389)'; -$lang['port'] = 'LDAP-szerver port, ha nem URL lett megadva'; +$lang['server'] = 'LDAP-szerver. Kiszolgálónév (localhost) vagy teljes URL-cím (ldap://server.tld:389)'; +$lang['port'] = 'LDAP-kiszolgáló portja, ha URL-cím nem lett megadva'; $lang['usertree'] = 'Hol találom a felhasználókat? Pl. ou=People, dc=server, dc=tld'; $lang['grouptree'] = 'Hol találom a csoportokat? Pl. ou=Group, dc=server, dc=tld'; $lang['userfilter'] = 'LDAP szűrő a felhasználók kereséséhez, pl. (&(uid=%{user})(objectClass=posixAccount))'; @@ -20,7 +21,7 @@ $lang['bindpw'] = 'Ehhez tartozó jelszó.'; $lang['userscope'] = 'A keresési tartomány korlátozása erre a felhasználókra való keresésnél'; $lang['groupscope'] = 'A keresési tartomány korlátozása erre a csoportokra való keresésnél'; $lang['groupkey'] = 'Csoport meghatározása a következő attribútumból (az alapértelmezett AD csoporttagság helyett), pl. a szervezeti egység vagy a telefonszám'; -$lang['debug'] = 'Debug-üzenetek megjelenítése?'; +$lang['debug'] = 'Továbi hibakeresési információk megjelenítése hiba esetén'; $lang['deref_o_0'] = 'LDAP_DEREF_NEVER'; $lang['deref_o_1'] = 'LDAP_DEREF_SEARCHING'; $lang['deref_o_2'] = 'LDAP_DEREF_FINDING'; -- cgit v1.2.3 From 6bc2d8e51371c2ee17233d4c76112e3fefca437f Mon Sep 17 00:00:00 2001 From: Aleksandr Selivanov Date: Sat, 8 Mar 2014 13:05:57 +0100 Subject: translation update --- lib/plugins/authldap/lang/ru/settings.php | 2 ++ 1 file changed, 2 insertions(+) (limited to 'lib/plugins/authldap') diff --git a/lib/plugins/authldap/lang/ru/settings.php b/lib/plugins/authldap/lang/ru/settings.php index 2b93e0fd4..fbe75d3cb 100644 --- a/lib/plugins/authldap/lang/ru/settings.php +++ b/lib/plugins/authldap/lang/ru/settings.php @@ -6,6 +6,8 @@ * @author Ivan I. Udovichenko (sendtome@mymailbox.pp.ua) * @author Aleksandr Selivanov * @author Erli Moen + * @author Aleksandr Selivanov */ $lang['deref'] = 'Как расшифровывать псевдонимы?'; $lang['bindpw'] = 'Пароль для указанного пользователя.'; +$lang['deref_o_0'] = 'LDAP_DEREF_NEVER'; -- cgit v1.2.3 From 3b7b1e523ecf0c4752f428e6c5f530988e0b80b9 Mon Sep 17 00:00:00 2001 From: Aleksandr Selivanov Date: Sun, 9 Mar 2014 15:31:27 +0100 Subject: translation update --- lib/plugins/authldap/lang/ru/settings.php | 3 +++ 1 file changed, 3 insertions(+) (limited to 'lib/plugins/authldap') diff --git a/lib/plugins/authldap/lang/ru/settings.php b/lib/plugins/authldap/lang/ru/settings.php index fbe75d3cb..04a3ee784 100644 --- a/lib/plugins/authldap/lang/ru/settings.php +++ b/lib/plugins/authldap/lang/ru/settings.php @@ -11,3 +11,6 @@ $lang['deref'] = 'Как расшифровывать псевдонимы?'; $lang['bindpw'] = 'Пароль для указанного пользователя.'; $lang['deref_o_0'] = 'LDAP_DEREF_NEVER'; +$lang['deref_o_1'] = 'LDAP_DEREF_SEARCHING'; +$lang['deref_o_2'] = 'LDAP_DEREF_FINDING'; +$lang['deref_o_3'] = 'LDAP_DEREF_ALWAYS'; -- cgit v1.2.3 From 3e8d68b4a59e93099da9af13f0825ea2d05d7bd2 Mon Sep 17 00:00:00 2001 From: Janar Leas Date: Thu, 13 Mar 2014 17:36:15 +0100 Subject: translation update --- lib/plugins/authldap/lang/et/settings.php | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 lib/plugins/authldap/lang/et/settings.php (limited to 'lib/plugins/authldap') diff --git a/lib/plugins/authldap/lang/et/settings.php b/lib/plugins/authldap/lang/et/settings.php new file mode 100644 index 000000000..9bba85dda --- /dev/null +++ b/lib/plugins/authldap/lang/et/settings.php @@ -0,0 +1,9 @@ + + */ +$lang['grouptree'] = 'Kus kohast kasutaja rühmi otsida. Nt. ou=Rühm, dc=server, dc=tld Date: Tue, 18 Mar 2014 13:56:35 +0100 Subject: translation update --- lib/plugins/authldap/lang/no/settings.php | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 lib/plugins/authldap/lang/no/settings.php (limited to 'lib/plugins/authldap') diff --git a/lib/plugins/authldap/lang/no/settings.php b/lib/plugins/authldap/lang/no/settings.php new file mode 100644 index 000000000..6bedb2991 --- /dev/null +++ b/lib/plugins/authldap/lang/no/settings.php @@ -0,0 +1,9 @@ + + */ +$lang['port'] = 'LDAP serverport dersom ingen full URL var gitt over.'; +$lang['starttls'] = 'Bruke TLS-forbindelser?'; -- cgit v1.2.3 From a4bc205acc656841e5020ebf63fa1303ebb4f7d5 Mon Sep 17 00:00:00 2001 From: Clomode Date: Thu, 3 Apr 2014 23:58:37 +1100 Subject: fixed unclosed tags in some language translations --- lib/plugins/authldap/lang/et/settings.php | 2 +- lib/plugins/authldap/lang/ja/settings.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/plugins/authldap') diff --git a/lib/plugins/authldap/lang/et/settings.php b/lib/plugins/authldap/lang/et/settings.php index 9bba85dda..f4933b6bf 100644 --- a/lib/plugins/authldap/lang/et/settings.php +++ b/lib/plugins/authldap/lang/et/settings.php @@ -5,5 +5,5 @@ * * @author Janar Leas */ -$lang['grouptree'] = 'Kus kohast kasutaja rühmi otsida. Nt. ou=Rühm, dc=server, dc=tld * @author Hideaki SAWADA */ -$lang['server'] = 'LDAPサーバー。ホスト名(localhostldap://server.tld:389)'; +$lang['server'] = 'LDAPサーバー。ホスト名(localhost)又は完全修飾URL(ldap://server.tld:389)'; $lang['port'] = '上記が完全修飾URLでない場合、LDAPサーバーポート'; $lang['usertree'] = 'ユーザーアカウントを探す場所。例:ou=People, dc=server, dc=tld'; $lang['grouptree'] = 'ユーザーグループを探す場所。例:ou=Group, dc=server, dc=tld'; -- cgit v1.2.3 From 07ee73eeefb13e9070c05430d5c2730e696f0061 Mon Sep 17 00:00:00 2001 From: Jernej Vidmar Date: Sat, 5 Apr 2014 13:46:05 +0200 Subject: translation update --- lib/plugins/authldap/lang/sl/settings.php | 2 ++ 1 file changed, 2 insertions(+) (limited to 'lib/plugins/authldap') diff --git a/lib/plugins/authldap/lang/sl/settings.php b/lib/plugins/authldap/lang/sl/settings.php index f180226fc..f63070390 100644 --- a/lib/plugins/authldap/lang/sl/settings.php +++ b/lib/plugins/authldap/lang/sl/settings.php @@ -4,5 +4,7 @@ * @license GPL 2 (http://www.gnu.org/licenses/gpl.html) * * @author matej + * @author Jernej Vidmar */ $lang['starttls'] = 'Ali naj se uporabijo povezave TLS?'; +$lang['bindpw'] = 'Geslo uporabnika zgoraj'; -- cgit v1.2.3 From afc19b3d7c042b1257cc4eecd17ad7afba4a4ae9 Mon Sep 17 00:00:00 2001 From: Eloy Date: Fri, 11 Apr 2014 19:36:06 +0200 Subject: translation update --- lib/plugins/authldap/lang/es/settings.php | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'lib/plugins/authldap') diff --git a/lib/plugins/authldap/lang/es/settings.php b/lib/plugins/authldap/lang/es/settings.php index f8c3ad014..9fdbd041c 100644 --- a/lib/plugins/authldap/lang/es/settings.php +++ b/lib/plugins/authldap/lang/es/settings.php @@ -4,8 +4,14 @@ * @license GPL 2 (http://www.gnu.org/licenses/gpl.html) * * @author Antonio Bueno + * @author Eloy */ +$lang['port'] = 'Servidor LDAP en caso de que no se diera la URL completa anteriormente.'; +$lang['usertree'] = 'Donde encontrar cuentas de usuario. Ej. ou=People, dc=server, dc=tld'; +$lang['grouptree'] = 'Donde encontrar grupos de usuarios. Ej. ou=Group, dc=server, dc=tld'; +$lang['version'] = 'La versión del protocolo a usar. Puede que necesites poner esto a 3'; $lang['starttls'] = 'Usar conexiones TLS?'; +$lang['bindpw'] = 'Contraseña del usuario de arriba.'; $lang['debug'] = 'Mostrar información adicional para depuración de errores'; $lang['deref_o_0'] = 'LDAP_DEREF_NEVER'; $lang['deref_o_1'] = 'LDAP_DEREF_SEARCHING'; -- cgit v1.2.3 From fc4ff0c349240d12ff91559183e1103ad2c5fa91 Mon Sep 17 00:00:00 2001 From: Antonio Bueno Date: Wed, 16 Apr 2014 14:36:06 +0200 Subject: translation update --- lib/plugins/authldap/lang/es/settings.php | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'lib/plugins/authldap') diff --git a/lib/plugins/authldap/lang/es/settings.php b/lib/plugins/authldap/lang/es/settings.php index 9fdbd041c..6991546d3 100644 --- a/lib/plugins/authldap/lang/es/settings.php +++ b/lib/plugins/authldap/lang/es/settings.php @@ -6,12 +6,20 @@ * @author Antonio Bueno * @author Eloy */ +$lang['server'] = 'Tu servidor LDAP. Puede ser el nombre del host (localhost) o una URL completa (ldap://server.tld:389)'; $lang['port'] = 'Servidor LDAP en caso de que no se diera la URL completa anteriormente.'; $lang['usertree'] = 'Donde encontrar cuentas de usuario. Ej. ou=People, dc=server, dc=tld'; $lang['grouptree'] = 'Donde encontrar grupos de usuarios. Ej. ou=Group, dc=server, dc=tld'; +$lang['userfilter'] = 'Filtro LDAP para la busqueda de cuentas de usuario. P. E. (&(uid=%{user})(objectClass=posixAccount))'; +$lang['groupfilter'] = 'Filtro LDAP para la busqueda de grupos. P. E. (&(objectClass=posixGroup)(|(gidNumber=%{gid})(memberUID=%{user})))'; $lang['version'] = 'La versión del protocolo a usar. Puede que necesites poner esto a 3'; $lang['starttls'] = 'Usar conexiones TLS?'; +$lang['referrals'] = '¿Deben ser seguidas las referencias?'; +$lang['deref'] = '¿Cómo desreferenciar los alias?'; $lang['bindpw'] = 'Contraseña del usuario de arriba.'; +$lang['userscope'] = 'Limitar ámbito de búsqueda para búsqueda de usuarios'; +$lang['groupscope'] = 'Limitar ámbito de búsqueda para búsqueda de grupos'; +$lang['groupkey'] = 'Pertenencia al grupo desde cualquier atributo de usuario (en lugar de grupos AD estándar) p.e., grupo a partir departamento o número de teléfono'; $lang['debug'] = 'Mostrar información adicional para depuración de errores'; $lang['deref_o_0'] = 'LDAP_DEREF_NEVER'; $lang['deref_o_1'] = 'LDAP_DEREF_SEARCHING'; -- cgit v1.2.3 From da2c1fba42556340dac10a521b9a9e153ded4669 Mon Sep 17 00:00:00 2001 From: Myeongjin Date: Tue, 22 Apr 2014 10:51:03 +0200 Subject: translation update --- lib/plugins/authldap/lang/ko/settings.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/plugins/authldap') diff --git a/lib/plugins/authldap/lang/ko/settings.php b/lib/plugins/authldap/lang/ko/settings.php index ae8dc7ab6..e663ba063 100644 --- a/lib/plugins/authldap/lang/ko/settings.php +++ b/lib/plugins/authldap/lang/ko/settings.php @@ -13,8 +13,8 @@ $lang['userfilter'] = '사용자 계정을 찾을 LDAP 필터. 예를 $lang['groupfilter'] = '그룹을 찾을 LDAP 필터. 예를 들어 (&(objectClass=posixGroup)(|(gidNumber=%{gid})(memberUID=%{user})))'; $lang['version'] = '사용할 프로토콜 버전. 3으로 설정해야 할 수도 있습니다'; $lang['starttls'] = 'TLS 연결을 사용하겠습니까?'; -$lang['referrals'] = '참고(referrals)를 허용하겠습니까? '; -$lang['deref'] = '어떻게 별명을 간접 참고하겠습니까?'; +$lang['referrals'] = '참조(referrals)를 허용하겠습니까? '; +$lang['deref'] = '어떻게 별명을 간접 참조하겠습니까?'; $lang['binddn'] = '익명 바인드가 충분하지 않으면 선택적인 바인드 사용자의 DN. 예를 들어 cn=admin, dc=my, dc=home'; $lang['bindpw'] = '위 사용자의 비밀번호'; $lang['userscope'] = '사용자 검색에 대한 검색 범위 제한'; -- cgit v1.2.3 From 3dcaf4be3d109863e587097b4258f61872b5eef0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=92=D0=BB=D0=B0=D0=B4=D0=B8=D0=BC=D0=B8=D1=80?= Date: Fri, 25 Apr 2014 09:11:00 +0200 Subject: translation update --- lib/plugins/authldap/lang/ru/settings.php | 3 +++ 1 file changed, 3 insertions(+) (limited to 'lib/plugins/authldap') diff --git a/lib/plugins/authldap/lang/ru/settings.php b/lib/plugins/authldap/lang/ru/settings.php index 04a3ee784..5677e06a3 100644 --- a/lib/plugins/authldap/lang/ru/settings.php +++ b/lib/plugins/authldap/lang/ru/settings.php @@ -7,9 +7,12 @@ * @author Aleksandr Selivanov * @author Erli Moen * @author Aleksandr Selivanov + * @author Владимир */ +$lang['starttls'] = 'Использовать TLS подключения?'; $lang['deref'] = 'Как расшифровывать псевдонимы?'; $lang['bindpw'] = 'Пароль для указанного пользователя.'; +$lang['debug'] = 'Показывать дополнительную отладочную информацию при ошибках'; $lang['deref_o_0'] = 'LDAP_DEREF_NEVER'; $lang['deref_o_1'] = 'LDAP_DEREF_SEARCHING'; $lang['deref_o_2'] = 'LDAP_DEREF_FINDING'; -- cgit v1.2.3 From 06da270e039cf517a6bd847ca0cd4a7819c9f879 Mon Sep 17 00:00:00 2001 From: Axel Angel Date: Sun, 4 May 2014 11:46:35 +0200 Subject: Authldap: implement change password in modifyUser --- lib/plugins/authldap/auth.php | 55 +++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 53 insertions(+), 2 deletions(-) (limited to 'lib/plugins/authldap') diff --git a/lib/plugins/authldap/auth.php b/lib/plugins/authldap/auth.php index 6c3637e15..13ffb8be2 100644 --- a/lib/plugins/authldap/auth.php +++ b/lib/plugins/authldap/auth.php @@ -36,8 +36,8 @@ class auth_plugin_authldap extends DokuWiki_Auth_Plugin { return; } - // auth_ldap currently just handles authentication, so no - // capabilities are set + // Add the capabilities to change the password + $this->cando['modPass'] = true; } /** @@ -263,6 +263,57 @@ class auth_plugin_authldap extends DokuWiki_Auth_Plugin { return $info; } + /** + * Definition of the function modifyUser in order to modify the password + */ + + function modifyUser($user,$changes){ + + // open the connection to the ldap + if(!$this->_openLDAP()){ + msg('LDAP cannot connect: '. htmlspecialchars(ldap_error($this->con))); + return false; + } + + // find the information about the user, in particular the "dn" + $info = $this->getUserData($user,true); + if(empty($info['dn'])) { + msg('LDAP cannot find your user dn: '. htmlspecialchars($info['dn'])); + return false; + } else { + $dn = $info['dn']; + } + + // find the new password and encrypt it whit SSHA + if(empty($changes['pass'])) { + msg('The new password is not allow because it\'s empty'); + return false; + } else { + mt_srand((double)microtime()*1000000); + $salt = pack("CCCC", mt_rand(), mt_rand(), mt_rand(), mt_rand()); + $hash = "{SSHA}" . base64_encode(pack("H*", sha1($changes['pass'] . $salt)) . $salt); + } + + // find the old password of the user + list($loginuser,$loginsticky,$loginpass) = auth_getCookie(); + $secret = auth_cookiesalt(!$sticky, true); //bind non-sticky to session + $pass = auth_decrypt($loginpass, $secret); + + // bind with the ldap + if(!@ldap_bind($this->con,$dn,$pass)){ + msg('LDAP user bind failed: '. htmlspecialchars($dn) .': '.htmlspecialchars(ldap_error($this->con)), 0, __LINE__, __FILE__); + return false; + } + + // change the password + if(!@ldap_mod_replace($this->con, $dn,array('userpassword' => $hash))){ + msg('LDAP mod replace failed: '. htmlspecialchars($dn) .': '.htmlspecialchars(ldap_error($this->con))); + return false; + } + + return true; + } + /** * Most values in LDAP are case-insensitive * -- cgit v1.2.3 From 719c6730c7da93e830205e42dc230de831446e8f Mon Sep 17 00:00:00 2001 From: Axel Angel Date: Sun, 4 May 2014 12:26:13 +0200 Subject: Allow authldap to change password with ldap superuser only if necessary --- lib/plugins/authldap/auth.php | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) (limited to 'lib/plugins/authldap') diff --git a/lib/plugins/authldap/auth.php b/lib/plugins/authldap/auth.php index 13ffb8be2..5bdaf0446 100644 --- a/lib/plugins/authldap/auth.php +++ b/lib/plugins/authldap/auth.php @@ -296,13 +296,25 @@ class auth_plugin_authldap extends DokuWiki_Auth_Plugin { // find the old password of the user list($loginuser,$loginsticky,$loginpass) = auth_getCookie(); - $secret = auth_cookiesalt(!$sticky, true); //bind non-sticky to session - $pass = auth_decrypt($loginpass, $secret); + if ($loginuser !== null) { // the user is currently logged in + $secret = auth_cookiesalt(!$sticky, true); + $pass = auth_decrypt($loginpass, $secret); - // bind with the ldap - if(!@ldap_bind($this->con,$dn,$pass)){ - msg('LDAP user bind failed: '. htmlspecialchars($dn) .': '.htmlspecialchars(ldap_error($this->con)), 0, __LINE__, __FILE__); - return false; + // bind with the ldap + if(!@ldap_bind($this->con, $dn, $pass)){ + msg('LDAP user bind failed: '. htmlspecialchars($dn) .': '.htmlspecialchars(ldap_error($this->con)), 0, __LINE__, __FILE__); + return false; + } + } elseif ($this->getConf('binddn') && $this->getConf('bindpw')) { + // we are changing the password on behalf of the user (eg: forgotten password) + // bind with the superuser ldap + if (!@ldap_bind($this->con, $this->getConf('binddn'), $this->getConf('bindpw'))){ + $this->_debug('LDAP bind as superuser: '.htmlspecialchars(ldap_error($this->con)), 0, __LINE__, __FILE__); + return false; + } + } + else { + return false; // no otherway } // change the password -- cgit v1.2.3 From 67723447f02824ff2df7daa0f1f97d8b289c5d7a Mon Sep 17 00:00:00 2001 From: Axel Angel Date: Sun, 4 May 2014 19:54:37 +0200 Subject: Hash and salt password with PassHash::ssha Moved the block closer to the variable use (indent clearer) --- lib/plugins/authldap/auth.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'lib/plugins/authldap') diff --git a/lib/plugins/authldap/auth.php b/lib/plugins/authldap/auth.php index 5bdaf0446..ecbbc2a3a 100644 --- a/lib/plugins/authldap/auth.php +++ b/lib/plugins/authldap/auth.php @@ -288,10 +288,6 @@ class auth_plugin_authldap extends DokuWiki_Auth_Plugin { if(empty($changes['pass'])) { msg('The new password is not allow because it\'s empty'); return false; - } else { - mt_srand((double)microtime()*1000000); - $salt = pack("CCCC", mt_rand(), mt_rand(), mt_rand(), mt_rand()); - $hash = "{SSHA}" . base64_encode(pack("H*", sha1($changes['pass'] . $salt)) . $salt); } // find the old password of the user @@ -317,6 +313,10 @@ class auth_plugin_authldap extends DokuWiki_Auth_Plugin { return false; // no otherway } + // Generate the salted hashed password for LDAP + $phash = new PassHash(); + $hash = $phash->hash_ssha($changes['pass']); + // change the password if(!@ldap_mod_replace($this->con, $dn,array('userpassword' => $hash))){ msg('LDAP mod replace failed: '. htmlspecialchars($dn) .': '.htmlspecialchars(ldap_error($this->con))); -- cgit v1.2.3 From 8f2ea93bb09b8744de56a8797176d3a209c2e8d7 Mon Sep 17 00:00:00 2001 From: Axel Angel Date: Thu, 8 May 2014 12:19:39 +0200 Subject: Simplify code and remove unreachable check --- lib/plugins/authldap/auth.php | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) (limited to 'lib/plugins/authldap') diff --git a/lib/plugins/authldap/auth.php b/lib/plugins/authldap/auth.php index ecbbc2a3a..bda8f2abe 100644 --- a/lib/plugins/authldap/auth.php +++ b/lib/plugins/authldap/auth.php @@ -278,17 +278,10 @@ class auth_plugin_authldap extends DokuWiki_Auth_Plugin { // find the information about the user, in particular the "dn" $info = $this->getUserData($user,true); if(empty($info['dn'])) { - msg('LDAP cannot find your user dn: '. htmlspecialchars($info['dn'])); - return false; - } else { - $dn = $info['dn']; - } - - // find the new password and encrypt it whit SSHA - if(empty($changes['pass'])) { - msg('The new password is not allow because it\'s empty'); + msg('LDAP cannot find your user dn'); return false; } + $dn = $info['dn']; // find the old password of the user list($loginuser,$loginsticky,$loginpass) = auth_getCookie(); -- cgit v1.2.3 From 93691af57f65173963a122e19915917814a32b71 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?ilker=20rifat=20kapa=C3=A7?= Date: Tue, 13 May 2014 10:15:52 +0200 Subject: translation update --- lib/plugins/authldap/lang/tr/settings.php | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 lib/plugins/authldap/lang/tr/settings.php (limited to 'lib/plugins/authldap') diff --git a/lib/plugins/authldap/lang/tr/settings.php b/lib/plugins/authldap/lang/tr/settings.php new file mode 100644 index 000000000..843b7ef9c --- /dev/null +++ b/lib/plugins/authldap/lang/tr/settings.php @@ -0,0 +1,8 @@ + + */ +$lang['bindpw'] = 'Üstteki kullanıcının şifresi'; -- cgit v1.2.3 From 33cfab00505903e3bee37020f5e099e5c0fd70a9 Mon Sep 17 00:00:00 2001 From: Francesco Date: Wed, 14 May 2014 21:20:56 +0200 Subject: translation update --- lib/plugins/authldap/lang/it/settings.php | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'lib/plugins/authldap') diff --git a/lib/plugins/authldap/lang/it/settings.php b/lib/plugins/authldap/lang/it/settings.php index eba7cde6e..858c694b8 100644 --- a/lib/plugins/authldap/lang/it/settings.php +++ b/lib/plugins/authldap/lang/it/settings.php @@ -5,6 +5,7 @@ * * @author Edmondo Di Tucci * @author Claudio Lanconelli + * @author Francesco */ $lang['server'] = 'Il tuo server LDAP. Inserire o l\'hostname (localhost) oppure un URL completo (ldap://server.tld:389)'; $lang['port'] = 'Porta del server LDAP se non è stato fornito un URL completo più sopra.'; @@ -14,6 +15,11 @@ $lang['userfilter'] = 'Filtro per cercare l\'account utente LDAP. Eg. $lang['groupfilter'] = 'Filtro per cercare i gruppi LDAP. Eg. (&(objectClass=posixGroup)(|(gidNumber=%{gid})(memberUID=%{user})))'; $lang['version'] = 'Versione protocollo da usare. Pu3'; $lang['starttls'] = 'Usare la connessione TSL?'; +$lang['deref'] = 'Come differenziare un alias?'; $lang['userscope'] = 'Limita il contesto di ricerca per la ricerca degli utenti'; $lang['groupscope'] = 'Limita il contesto di ricerca per la ricerca dei gruppi'; $lang['debug'] = 'In caso di errori mostra ulteriori informazioni di debug'; +$lang['deref_o_0'] = 'LDAP_DEREF_NEVER'; +$lang['deref_o_1'] = 'LDAP_DEREF_SEARCHING'; +$lang['deref_o_2'] = 'LDAP_DEREF_FINDING'; +$lang['deref_o_3'] = 'LDAP_DEREF_ALWAYS'; -- cgit v1.2.3 From f88adfe0b3b6ae718cb4a99c6f8363042c7b0b6e Mon Sep 17 00:00:00 2001 From: PzF_X Date: Sun, 18 May 2014 13:56:03 +0200 Subject: translation update --- lib/plugins/authldap/lang/ja/settings.php | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'lib/plugins/authldap') diff --git a/lib/plugins/authldap/lang/ja/settings.php b/lib/plugins/authldap/lang/ja/settings.php index 3c0e08f6a..6cff0ea67 100644 --- a/lib/plugins/authldap/lang/ja/settings.php +++ b/lib/plugins/authldap/lang/ja/settings.php @@ -6,6 +6,7 @@ * @author Satoshi Sahara * @author Hideaki SAWADA * @author Hideaki SAWADA + * @author PzF_X */ $lang['server'] = 'LDAPサーバー。ホスト名(localhost)又は完全修飾URL(ldap://server.tld:389)'; $lang['port'] = '上記が完全修飾URLでない場合、LDAPサーバーポート'; @@ -15,8 +16,14 @@ $lang['userfilter'] = 'ユーザーアカウントを探すためのL $lang['groupfilter'] = 'グループを探すLDAP抽出条件。例:(&(objectClass=posixGroup)(|(gidNumber=%{gid})(memberUID=%{user})))'; $lang['version'] = '使用するプロトコルのバージョン。3を設定する必要がある場合があります。'; $lang['starttls'] = 'TLS接続を使用しますか?'; +$lang['referrals'] = '紹介に従いますか?'; +$lang['deref'] = 'どのように間接参照のエイリアスにしますか?'; $lang['binddn'] = '匿名バインドでは不十分な場合、オプションバインドユーザーのDN。例:cn=admin, dc=my, dc=home'; $lang['bindpw'] = '上記ユーザーのパスワード'; +$lang['userscope'] = 'ユーザー検索の範囲を限定させる'; +$lang['groupscope'] = 'グループ検索の範囲を限定させる'; +$lang['groupkey'] = 'ユーザー属性をグループのメンバーシップから設定します(代わりに標準のADグループ)。 +例えば、部署や電話番号などです。'; $lang['debug'] = 'エラーに関して追加のデバッグ情報を表示する。'; $lang['deref_o_0'] = 'LDAP_DEREF_NEVER'; $lang['deref_o_1'] = 'LDAP_DEREF_SEARCHING'; -- cgit v1.2.3 From 18496fe0decfb1382393daca3141bf315cda7254 Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Sun, 18 May 2014 20:33:21 +0200 Subject: fixed undefined variable in LDAP plugin --- lib/plugins/authldap/auth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/plugins/authldap') diff --git a/lib/plugins/authldap/auth.php b/lib/plugins/authldap/auth.php index bda8f2abe..0d5e130ea 100644 --- a/lib/plugins/authldap/auth.php +++ b/lib/plugins/authldap/auth.php @@ -286,7 +286,7 @@ class auth_plugin_authldap extends DokuWiki_Auth_Plugin { // find the old password of the user list($loginuser,$loginsticky,$loginpass) = auth_getCookie(); if ($loginuser !== null) { // the user is currently logged in - $secret = auth_cookiesalt(!$sticky, true); + $secret = auth_cookiesalt(!$loginsticky, true); $pass = auth_decrypt($loginpass, $secret); // bind with the ldap -- cgit v1.2.3 From e1f856bac8f154dbb5a51c739630e38115fbbe0b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aivars=20Mi=C5=A1ka?= Date: Tue, 10 Jun 2014 16:51:41 +0200 Subject: translation update --- lib/plugins/authldap/lang/lv/settings.php | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 lib/plugins/authldap/lang/lv/settings.php (limited to 'lib/plugins/authldap') diff --git a/lib/plugins/authldap/lang/lv/settings.php b/lib/plugins/authldap/lang/lv/settings.php new file mode 100644 index 000000000..90986e4f1 --- /dev/null +++ b/lib/plugins/authldap/lang/lv/settings.php @@ -0,0 +1,9 @@ + + */ +$lang['starttls'] = 'Lietot TLS savienojumus?'; +$lang['bindpw'] = 'Lietotāja parole'; -- cgit v1.2.3 From 19accab588843292613a1e12b22b773f07b511ba Mon Sep 17 00:00:00 2001 From: Davor Turkalj Date: Thu, 10 Jul 2014 13:46:11 +0200 Subject: translation update --- lib/plugins/authldap/lang/hr/settings.php | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 lib/plugins/authldap/lang/hr/settings.php (limited to 'lib/plugins/authldap') diff --git a/lib/plugins/authldap/lang/hr/settings.php b/lib/plugins/authldap/lang/hr/settings.php new file mode 100644 index 000000000..44caeacc8 --- /dev/null +++ b/lib/plugins/authldap/lang/hr/settings.php @@ -0,0 +1,23 @@ + + */ +$lang['server'] = 'Vaš LDAP server. Upišite ili naziv računala (localhost) ili puni URL (ldap://server.tld:389)'; +$lang['port'] = 'LDAP server port, ako gore nije specificiran puni URL.'; +$lang['usertree'] = 'Gdje da nađem korisničke prijave. Npr. ou=People, dc=server, dc=tld'; +$lang['grouptree'] = 'Gdje da nađem korisničke grupe. Npr. ou=Group, dc=server, dc=tld'; +$lang['userfilter'] = 'LDAP filter za pretragu korisničkih prijava. Npr. (&(uid=%{user})(objectClass=posixAccount))'; +$lang['groupfilter'] = 'LDAP filter za pretragu grupa. Npr. (&(objectClass=posixGroup)(|(gidNumber=%{gid})(memberUID=%{user})))'; +$lang['version'] = 'Protokol koji se koristi. Možda će te trebati postaviti na 3'; +$lang['starttls'] = 'Korisni TLS vezu?'; +$lang['referrals'] = 'Da li da slijedim uputnice?'; +$lang['deref'] = 'Kako da razlikujem aliase?'; +$lang['binddn'] = 'DN opcionalnog korisnika ako anonimni korisnik nije dovoljan. Npr. cn=admin, dc=my, dc=home'; +$lang['bindpw'] = 'Lozinka gore navedenog korisnika'; +$lang['userscope'] = 'Ograniči područje za pretragu korisnika'; +$lang['groupscope'] = 'Ograniči područje za pretragu grupa'; +$lang['groupkey'] = 'Članstvo grupa iz svih atributa korisnika (umjesto standardnih AD grupa) npr. grupa iz odjela ili telefonskog broja'; +$lang['debug'] = 'Prikaži dodatne informacije u slučaju greške'; -- cgit v1.2.3