diff options
| author | andi <andi@splitbrain.org> | 2005-04-29 13:17:22 +0200 |
|---|---|---|
| committer | andi <andi@splitbrain.org> | 2005-04-29 13:17:22 +0200 |
| commit | 8a33a1aa46f60869ec6e1158c6899200f065eec8 (patch) | |
| tree | 72e26f0667a7b1af2c9608cf4802102b52ee0863 /inc | |
| parent | 92b83b77a91e8d0d82845ec6783c3a181068071d (diff) | |
| download | rpg-8a33a1aa46f60869ec6e1158c6899200f065eec8.tar.gz rpg-8a33a1aa46f60869ec6e1158c6899200f065eec8.tar.bz2 | |
auth_ldap support for nonanonymous bind #234
darcs-hash:20050429111722-9977f-78a8e31341ccbf49785f611575884555aa2b7424.gz
Diffstat (limited to 'inc')
| -rw-r--r-- | inc/auth_ldap.php | 47 |
1 files changed, 37 insertions, 10 deletions
diff --git a/inc/auth_ldap.php b/inc/auth_ldap.php index 7fb9f9934..1ab5206a7 100644 --- a/inc/auth_ldap.php +++ b/inc/auth_ldap.php @@ -108,6 +108,7 @@ function auth_checkPass($user,$pass){ * @author Andreas Gohr <andi@splitbrain.org> * @author Trouble * @author Dan Allen <dan.j.allen@gmail.com> + * @auhtor <evaldas.auryla@pheur.org> */ function auth_getUserData($user){ global $conf; @@ -117,11 +118,21 @@ function auth_getUserData($user){ $conn = auth_ldap_connect(); if(!$conn) return false; - //anonymous bind to lookup userdata - if(!@ldap_bind($conn)){ - msg("LDAP: can not bind anonymously",-1); - if($cnf['debug']) msg('LDAP errstr: '.htmlspecialchars(ldap_error($conn)),0); - return false; + //bind to server to lookup userdata + if ($cnf['binddn']) { + //use superuser credentials + if(!@ldap_bind($conn,$cnf['binddn'],$cnf['bindpw'])){ + msg("LDAP: can not bind as superuser",-1); + if($cnf['debug']) msg('LDAP errstr: '.htmlspecialchars(ldap_error($conn)),0); + return false; + } + }else{ + //bind anonymous + if(!@ldap_bind($conn)){ + msg("LDAP: can not bind anonymously",-1); + if($cnf['debug']) msg('LDAP errstr: '.htmlspecialchars(ldap_error($conn)),0); + return false; + } } //get info for given user @@ -137,11 +148,26 @@ function auth_getUserData($user){ $info['dn'] = $result[0]['dn']; $info['mail']= $result[0]['mail'][0]; $info['name']= $result[0]['cn'][0]; - $info['uid'] = $result[0]['uid'][0]; - //primary group id + //use ActiveDirectory sAMAccountName as uid + if(isset($result[0]['sAMAccountName'][0])){ + $info['uid'] = $result[0]['sAMAccountName'][0]; + }else{ + $info['uid'] = $result[0]['uid'][0]; + } + + //get primary group id $gid = $result[0]['gidnumber'][0]; + //handle ActiveDirectory memberOf + if(is_array($result[0]['memberof'])){ + foreach($result[0]['memberof'] as $grp){ + if (preg_match("/CN=(.+?),/i",$grp,$match)) { + $info['grps'][] = trim($match[1]); + } + } + } + //get groups for given user if grouptree is given if ($cnf['grouptree'] != '') { $filter = str_replace('%i', $info['uid'], $cnf['groupfilter']); @@ -158,10 +184,11 @@ function auth_getUserData($user){ if(!empty($grp['cn'][0])) $info['grps'][] = $grp['cn'][0]; } - }else{ - //if no groups are available in LDAP always return the default group - $info['grps'][] = $conf['defaultgroup']; } + + //if no groups were found always return the default group + if(!count($info['grps'])) $info['grps'][] = $conf['defaultgroup']; + return $info; } |