summaryrefslogtreecommitdiff
path: root/inc/auth
Commit message (Collapse)AuthorAge
* lowercase groupsAndreas Gohr2012-08-23
|
* make AD utilitiy functions publicAndreas Gohr2012-08-23
|
* add user's domain to the list of groupsAndreas Gohr2012-08-22
|
* fixed domain handling in user namesAndreas Gohr2012-08-22
|
* some code cleanup/PHP5izationAndreas Gohr2012-08-22
|
* use UTF-8 aware lower casingAndreas Gohr2012-08-22
|
* Better support for multi domain AD setupsAndreas Gohr2012-08-22
| | | | | | | | | | | | | | | | | | | | | This changes how the AD auth backend handles multiple domains. It is now possible to configure multiple authentication domains even when not using SSO. USers can provide a domain in NTLM- and Kerberos-Style (prepended with a backslash, appended with a @-char). IMPORTANT: If you used AD auth before, you will need to adjust your ACLs and $conf['superuser'] settings. This patch changes how user names are cleaned. Spaces and other special chars are no longer removed. The only adjustment is lowercasing the username and streamlining the domain handling. User's login names will now contain the domain name in Kerberos style (user@yourdomain.com) when they logged in a non-default domain. You need to make sure your ACLs are setup accordingly. Domain names are always lowercased and need to be specified lowercased in the config.
* supress errors from LDAP bindAndreas Gohr2012-07-11
|
* Config method changed from array to comma separated string.Mikhail Krasilnikov2012-06-13
|
* Allow multiple LDAP servers.Mikhail Krasilnikov2012-06-08
|
* make sure SSO data for AD backend is always UTF-8Andreas Gohr2012-05-16
| | | | In some circumstances the username was set in latin1.
* coding style updatesAndreas Gohr2012-03-16
|
* make sure AD pass expiry message is never shown twiceAndreas Gohr2012-02-17
|
* do not hardcode profile link in AD pass expire messageAndreas Gohr2012-02-17
| | | | Changing passwords might not be available.
* translatable AD expiry warning and link to update profile pageAndreas Gohr2011-11-07
|
* Don't return any data for non-existant usersAndreas Gohr2011-11-07
|
* do not query AD for empty user nameAndreas Gohr2011-11-07
|
* always check expire time when configuredAndreas Gohr2011-11-07
|
* Check password expiry times in Active Directory backendAndreas Gohr2011-10-31
| | | | | | | | | | When a user logs in, the password expiry time is checked and compared to the $conf['auth']['ad']['expirywarn'] setting (in days). If the password is about to expire in the specified timeframe, a warning is issued on login. This patch adds a new method to the adLDAP class for querying domain parameters.
* Do not send empty changes to the AD backendAndreas Gohr2011-10-31
| | | | | | This fixes password changing operations: password change and user modification are two different operations on the AD backend - the user modification should not be done on password only changes.
* Use login cookie for LDAP re-auth (closes FS#2260)Michael Hamann2011-05-24
| | | | | Since the password is no longer stored in the session, we need to use the login cookie instead.
* Accept empty MySQL password for database auth.Jérôme Tamarelle2011-02-15
|
* AD auth: set capabilities after handling multi domain setupsAndreas Gohr2011-01-26
|
* AD auth: password changing works via TLS as wellAndreas Gohr2011-01-26
|
* AD auth: allow users to modify their profile dataAndreas Gohr2011-01-26
|
* tmpAdrian Lang2010-12-08
|
* Remove enc=utf-8 in VIM modeline as it is not allowed in VIM 7.3Michael Hamann2010-11-29
| | | | | | As of VIM 7.3 it is no longer possible to specify the encoding in the modeline. This gives an error message whenever such a file is opened, thus this commit removes the enc setting from the modeline.
* print LDAP group debugging even on success (like for user debug)Andreas Gohr2010-10-18
|
* - spelling fixesElan Ruusamäe2010-10-07
|
* Fix variable name in ldap retrieveUsersAdrian Lang2010-08-09
|
* Add getUsers capability to LDAP backendAdrian Lang2010-07-05
|
* Fix for Lotus ldap auth FS#1828Kirill Krasnov2010-07-01
|
* Use config_cascade for ACLs and plain auth users FS#1677Andreas Gohr2010-06-27
|
* Add scope options to LDAP auth backend FS#1832Andreas Gohr2010-06-27
| | | | | | The scope for the LDAP searches for users and groups can now be set using the new options 'userscope' and 'groupscope'. Valid options are 'base', 'one' and 'sub'. Defaults to 'sub'.
* basic_auth is loaded by inc/auth.phpAdrian Lang2010-06-23
|
* new auth capability 'logout'Andreas Gohr2010-06-22
| | | | | | | | | | | | | | | | | | | | This patch implements what Adrian's patch "Hide logout button if auth backend cannot logout" intended to do. The 'logoff' capability was used to decide if a special method called $auth->logOff() should be called when the user logs out, not if the backend supports logouts at all. This was a superflous capability since an empty logOff() method is implemented in the base class anyway - it doesn't hurt to always call the method. The 'logoff' capability is now deprecated. Backends who want to do actions on logout simply need to overwrite logOff(). A new capability 'logout' was added which defaults to true. Backends that can't logoff the user (eg. because they use some automatic login/logoff mechanism) can set this to false. Probably makes sense to add a 'login' capability as well...
* Add debug message for adLDAP class constructionAdrian Lang2010-05-17
|
* gather additional information from ad backendDominik Eckelmann2010-04-29
|
* added getUsers to ad auth backendDominik Eckelmann2010-04-29
|
* honor recursive_groups setting in auth:ad FS#1825Andreas Gohr2009-12-19
| | | | | | Ignore-this: f3c965c87145c41e19f4bdf2b157efcc darcs-hash:20091219121749-7ad00-0b21fcd23a23b0b43dbd3ba9d170a7730b8c93d9.gz
* Added isCaseSensitive() to auth backends FS#1657Andreas Gohr2009-11-15
| | | | | | Ignore-this: 3591e5a36126c72bd9b931e4aa832da8 darcs-hash:20091115141725-7ad00-7c2fc662d1999731660673d05299c4f357b797b3.gz
* fixed copypasta in plain::cleanGroupAndreas Gohr2009-11-15
| | | | | | Ignore-this: 7a9e8fe59a2d054a6b706db773fd9e1d darcs-hash:20091115123954-7ad00-4d22dbec1a425bcc5370b62fc6d4586beec04161.gz
* more work on user and group cleaningAndreas Gohr2009-11-14
| | | | | | Ignore-this: b824c2941d3631bdf83350e325606d3e darcs-hash:20091114123517-7ad00-d32833a88cb5f654a8874542d4d59f1f401d4453.gz
* Added group and user sanitationAndreas Gohr2009-11-13
| | | | | | Ignore-this: 26392125523d2c822580346074330ebe darcs-hash:20091113102249-7ad00-4cede040a940d739bd34d548e12956e8d8609cfa.gz
* Fixed bug in the ad auth classAndreas Gohr2009-11-03
| | | | | | Ignore-this: 3896e395c6b4f5d994a4f0c541da9847 darcs-hash:20091103104030-6e07b-363c2fc2ced21906aac1e1a729ddbbee81d1b286.gz
* do not connect in constructor of auth:ldap backendAndreas Gohr2009-11-02
| | | | | | Ignore-this: d28a6859cd788559f2e5b68b1a9bfaf0 darcs-hash:20091102142153-6e07b-78ba14b9d861cfd6422432770a85d23c9cc16c7b.gz
* ad backend: multi domain setupAndreas Gohr2009-11-02
| | | | | | | Ignore-this: 730fc5ffd5facc5ebea39c6613f44493 Support for doing SSO with multiple AD Domain Servers darcs-hash:20091102201948-7ad00-34872ba3e4adbaa9d97bcdf18b8bf2fc31410077.gz
* ad auth: do not connect to AD server in constructor FS#1791Andreas Gohr2009-11-02
| | | | | | Ignore-this: 5b5b6e67b2800c0ecde8b65de303c4df darcs-hash:20091102141333-6e07b-70ea837064d771c088b4e0000021778b5b8178c5.gz
* Support for even more debugging in mysql backendAndreas Gohr2009-10-15
| | | | | | Ignore-this: 47b7640fefc8a7f15f39d4deb2e7fb10 darcs-hash:20091015202718-7ad00-44d90ae0cc61d2433f15865715bee68273f04232.gz
* more debugging infos in LDAP backendAndreas Gohr2009-10-04
| | | | darcs-hash:20091004115803-6e07b-5244748bc12e7e8db2d90d6a4ffe0b27ab47922b.gz
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-19 11:49:11 +0000