diff options
| author | Andreas Gohr <gohr@cosmocode.de> | 2010-06-27 13:28:59 +0200 |
|---|---|---|
| committer | Andreas Gohr <gohr@cosmocode.de> | 2010-06-27 13:32:42 +0200 |
| commit | de3427dbc88f1a060e6557d79da3a9bafb9a6039 (patch) | |
| tree | f60dfafe71bd3e6807765ff532ead712113bf39f /inc/auth | |
| parent | e2cf96715e4b23d94ad97f3a22e0ce8bb89ed928 (diff) | |
| download | rpg-de3427dbc88f1a060e6557d79da3a9bafb9a6039.tar.gz rpg-de3427dbc88f1a060e6557d79da3a9bafb9a6039.tar.bz2 | |
Add scope options to LDAP auth backend FS#1832
The scope for the LDAP searches for users and groups can now be set using
the new options 'userscope' and 'groupscope'. Valid options are 'base',
'one' and 'sub'. Defaults to 'sub'.
Diffstat (limited to 'inc/auth')
| -rw-r--r-- | inc/auth/ldap.class.php | 30 |
1 files changed, 27 insertions, 3 deletions
diff --git a/inc/auth/ldap.class.php b/inc/auth/ldap.class.php index c51924135..fc1a7ddb6 100644 --- a/inc/auth/ldap.class.php +++ b/inc/auth/ldap.class.php @@ -27,7 +27,9 @@ class auth_ldap extends auth_basic { return; } - if(empty($this->cnf['groupkey'])) $this->cnf['groupkey'] = 'cn'; + if(empty($this->cnf['groupkey'])) $this->cnf['groupkey'] = 'cn'; + if(empty($this->cnf['userscope'])) $this->cnf['userscope'] = 'sub'; + if(empty($this->cnf['groupscope'])) $this->cnf['groupscope'] = 'sub'; // auth_ldap currently just handles authentication, so no // capabilities are set @@ -171,7 +173,7 @@ class auth_ldap extends auth_basic { $filter = "(ObjectClass=*)"; } - $sr = @ldap_search($this->con, $base, $filter); + $sr = $this->_ldapsearch($this->con, $base, $filter, $this->cnf['userscope']); $result = @ldap_get_entries($this->con, $sr); if($this->cnf['debug']){ msg('LDAP user search: '.htmlspecialchars(ldap_error($this->con)),0,__LINE__,__FILE__); @@ -219,7 +221,7 @@ class auth_ldap extends auth_basic { if ($this->cnf['grouptree'] && $this->cnf['groupfilter']) { $base = $this->_makeFilter($this->cnf['grouptree'], $user_result); $filter = $this->_makeFilter($this->cnf['groupfilter'], $user_result); - $sr = @ldap_search($this->con, $base, $filter, array($this->cnf['groupkey'])); + $sr = $this->_ldapsearch($this->con, $base, $filter, $this->cnf['groupscope'], array($this->cnf['groupkey'])); if(!$sr){ msg("LDAP: Reading group memberships failed",-1); if($this->cnf['debug']){ @@ -352,6 +354,28 @@ class auth_ldap extends auth_basic { return true; } + + /** + * Wraps around ldap_search, ldap_list or ldap_read depending on $scope + * + * @param $scope string - can be 'base', 'one' or 'sub' + * @author Andreas Gohr <andi@splitbrain.org> + */ + function _ldapsearch($link_identifier, $base_dn, $filter, $scope='sub', $attributes=null, + $attrsonly=0, $sizelimit=0, $timelimit=0, $deref=LDAP_DEREF_NEVER){ + if(is_null($attributes)) $attributes = array(); + + if($scope == 'base'){ + return @ldap_read($link_identifier, $base_dn, $filter, $attributes, + $attrsonly, $sizelimit, $timelimit, $deref); + }elseif($scope == 'one'){ + return @ldap_list($link_identifier, $base_dn, $filter, $attributes, + $attrsonly, $sizelimit, $timelimit, $deref); + }else{ + return @ldap_search($link_identifier, $base_dn, $filter, $attributes, + $attrsonly, $sizelimit, $timelimit, $deref); + } + } } //Setup VIM: ex: et ts=4 enc=utf-8 : |