diff options
| author | Andreas Gohr <andi@splitbrain.org> | 2009-11-02 21:19:48 +0100 |
|---|---|---|
| committer | Andreas Gohr <andi@splitbrain.org> | 2009-11-02 21:19:48 +0100 |
| commit | 827893ea5ac427cd528a2e7c84663755a79c4f55 (patch) | |
| tree | 4d835d200dc59a193f8c30f47a830f0e36bbde85 | |
| parent | e296275643ea58a33070e4e81bf9ddbc5f476dcf (diff) | |
| download | rpg-827893ea5ac427cd528a2e7c84663755a79c4f55.tar.gz rpg-827893ea5ac427cd528a2e7c84663755a79c4f55.tar.bz2 | |
ad backend: multi domain setup
Ignore-this: 730fc5ffd5facc5ebea39c6613f44493
Support for doing SSO with multiple AD Domain Servers
darcs-hash:20091102201948-7ad00-34872ba3e4adbaa9d97bcdf18b8bf2fc31410077.gz
| -rw-r--r-- | inc/auth/ad.class.php | 49 |
1 files changed, 27 insertions, 22 deletions
diff --git a/inc/auth/ad.class.php b/inc/auth/ad.class.php index f1440969a..15559112f 100644 --- a/inc/auth/ad.class.php +++ b/inc/auth/ad.class.php @@ -34,27 +34,6 @@ require_once(DOKU_INC.'inc/adLDAP.php'); -/** - * Prepare SSO - */ -if($_SERVER['REMOTE_USER'] && $conf['auth']['ad']['sso']){ - // remove possible domain prefix - list($dom,$usr) = explode('\\',$_SERVER['REMOTE_USER'],2); - if(!$usr) $usr = $dom; - - // remove possible Kerberos domain - list($usr,$dom) = explode('@',$usr); - - $_SERVER['REMOTE_USER'] = $usr; - unset($usr); - unset($dom); - - // we need to simulate a login - if(empty($_COOKIE[DOKU_COOKIE])){ - $_REQUEST['u'] = $_SERVER['REMOTE_USER']; - $_REQUEST['p'] = 'sso_only'; - } -} class auth_ad extends auth_basic { var $cnf = null; @@ -75,8 +54,34 @@ class auth_ad extends auth_basic { return; } - // prepare adLDAP object + // Prepare SSO + if($_SERVER['REMOTE_USER'] && $this->cnf['sso']){ + // remove possible NTLM domain + list($dom,$usr) = explode('\\',$_SERVER['REMOTE_USER'],2); + if(!$usr) $usr = $dom; + + // remove possible Kerberos domain + list($usr,$dom) = explode('@',$usr); + + $dom = strtolower($dom); + $_SERVER['REMOTE_USER'] = $usr; + + // we need to simulate a login + if(empty($_COOKIE[DOKU_COOKIE])){ + $_REQUEST['u'] = $_SERVER['REMOTE_USER']; + $_REQUEST['p'] = 'sso_only'; + } + } + + // prepare adLDAP standard configuration $opts = $this->cnf; + + // add possible domain specific configuration + if($dom && is_array($this->cnf[$dom])) foreach($this->cnf[$dom] as $key => $val){ + $opts[$key] = $val; + } + + // handle multiple AD servers $opts['domain_controllers'] = explode(',',$opts['domain_controllers']); $opts['domain_controllers'] = array_map('trim',$opts['domain_controllers']); $opts['domain_controllers'] = array_filter($opts['domain_controllers']); |