From f4476bd9b5badd36cd0617d76538e47d9649986b Mon Sep 17 00:00:00 2001 From: Jan Schumann Date: Mon, 20 Feb 2012 19:51:26 +0100 Subject: Refactored auth system: All auth methods are now introduced as plugins. --- lib/plugins/authad/auth.php | 359 +++++++++++++++++++++++++++++++++++++ lib/plugins/authad/plugin.info.txt | 7 + 2 files changed, 366 insertions(+) create mode 100644 lib/plugins/authad/auth.php create mode 100644 lib/plugins/authad/plugin.info.txt (limited to 'lib/plugins/authad') diff --git a/lib/plugins/authad/auth.php b/lib/plugins/authad/auth.php new file mode 100644 index 000000000..70d3cfb8c --- /dev/null +++ b/lib/plugins/authad/auth.php @@ -0,0 +1,359 @@ + + */ +// must be run within Dokuwiki +if(!defined('DOKU_INC')) die(); + +require_once(DOKU_INC.'inc/adLDAP.php'); + +/** + * Active Directory authentication backend for DokuWiki + * + * This makes authentication with a Active Directory server much easier + * than when using the normal LDAP backend by utilizing the adLDAP library + * + * Usage: + * Set DokuWiki's local.protected.php auth setting to read + * + * $conf['useacl'] = 1; + * $conf['disableactions'] = 'register'; + * $conf['autopasswd'] = 0; + * $conf['authtype'] = 'authad'; + * $conf['passcrypt'] = 'ssha'; + * + * $conf['plugin']['authad']['account_suffix'] = '@my.domain.org'; + * $conf['plugin']['authad']['base_dn'] = 'DC=my,DC=domain,DC=org'; + * $conf['plugin']['authad']['domain_controllers'] = 'srv1.domain.org,srv2.domain.org'; + * + * //optional: + * $conf['plugin']['authad']['sso'] = 1; + * $conf['plugin']['authad']['ad_username'] = 'root'; + * $conf['plugin']['authad']['ad_password'] = 'pass'; + * $conf['plugin']['authad']['real_primarygroup'] = 1; + * $conf['plugin']['authad']['use_ssl'] = 1; + * $conf['plugin']['authad']['use_tls'] = 1; + * $conf['plugin']['authad']['debug'] = 1; + * + * // get additional information to the userinfo array + * // add a list of comma separated ldap contact fields. + * $conf['plugin']['authad']['additional'] = 'field1,field2'; + * + * @license GPL 2 (http://www.gnu.org/licenses/gpl.html) + * @author James Van Lommel + * @link http://www.nosq.com/blog/2005/08/ldap-activedirectory-and-dokuwiki/ + * @author Andreas Gohr + * @author Jan Schumann + */ +class auth_plugin_authad extends DokuWiki_Auth_Plugin +{ + var $cnf = null; + var $opts = null; + var $adldap = null; + var $users = null; + + /** + * Constructor + */ + function auth_plugin_authad() { + global $conf; + $this->cnf = $conf['auth']['ad']; + + + // additional information fields + if (isset($this->cnf['additional'])) { + $this->cnf['additional'] = str_replace(' ', '', $this->cnf['additional']); + $this->cnf['additional'] = explode(',', $this->cnf['additional']); + } else $this->cnf['additional'] = array(); + + // ldap extension is needed + if (!function_exists('ldap_connect')) { + if ($this->cnf['debug']) + msg("AD Auth: PHP LDAP extension not found.",-1); + $this->success = false; + return; + } + + // Prepare SSO + if($_SERVER['REMOTE_USER'] && $this->cnf['sso']){ + // remove possible NTLM domain + list($dom,$usr) = explode('\\',$_SERVER['REMOTE_USER'],2); + if(!$usr) $usr = $dom; + + // remove possible Kerberos domain + list($usr,$dom) = explode('@',$usr); + + $dom = strtolower($dom); + $_SERVER['REMOTE_USER'] = $usr; + + // we need to simulate a login + if(empty($_COOKIE[DOKU_COOKIE])){ + $_REQUEST['u'] = $_SERVER['REMOTE_USER']; + $_REQUEST['p'] = 'sso_only'; + } + } + + // prepare adLDAP standard configuration + $this->opts = $this->cnf; + + // add possible domain specific configuration + if($dom && is_array($this->cnf[$dom])) foreach($this->cnf[$dom] as $key => $val){ + $this->opts[$key] = $val; + } + + // handle multiple AD servers + $this->opts['domain_controllers'] = explode(',',$this->opts['domain_controllers']); + $this->opts['domain_controllers'] = array_map('trim',$this->opts['domain_controllers']); + $this->opts['domain_controllers'] = array_filter($this->opts['domain_controllers']); + + // we can change the password if SSL is set + if($this->opts['use_ssl'] || $this->opts['use_tls']){ + $this->cando['modPass'] = true; + } + $this->cando['modName'] = true; + $this->cando['modMail'] = true; + } + + /** + * Check user+password [required auth function] + * + * Checks if the given user exists and the given + * plaintext password is correct by trying to bind + * to the LDAP server + * + * @author James Van Lommel + * @return bool + */ + function checkPass($user, $pass){ + if($_SERVER['REMOTE_USER'] && + $_SERVER['REMOTE_USER'] == $user && + $this->cnf['sso']) return true; + + if(!$this->_init()) return false; + return $this->adldap->authenticate($user, $pass); + } + + /** + * Return user info [required auth function] + * + * Returns info about the given user needs to contain + * at least these fields: + * + * name string full name of the user + * mail string email address of the user + * grps array list of groups the user is in + * + * This LDAP specific function returns the following + * addional fields: + * + * dn string distinguished name (DN) + * uid string Posix User ID + * + * @author James Van Lommel + */ + function getUserData($user){ + global $conf; + if(!$this->_init()) return false; + + $fields = array('mail','displayname','samaccountname'); + + // add additional fields to read + $fields = array_merge($fields, $this->cnf['additional']); + $fields = array_unique($fields); + + //get info for given user + $result = $this->adldap->user_info($user, $fields); + //general user info + $info['name'] = $result[0]['displayname'][0]; + $info['mail'] = $result[0]['mail'][0]; + $info['uid'] = $result[0]['samaccountname'][0]; + $info['dn'] = $result[0]['dn']; + + // additional information + foreach ($this->cnf['additional'] as $field) { + if (isset($result[0][strtolower($field)])) { + $info[$field] = $result[0][strtolower($field)][0]; + } + } + + // handle ActiveDirectory memberOf + $info['grps'] = $this->adldap->user_groups($user,(bool) $this->opts['recursive_groups']); + + if (is_array($info['grps'])) { + foreach ($info['grps'] as $ndx => $group) { + $info['grps'][$ndx] = $this->cleanGroup($group); + } + } + + // always add the default group to the list of groups + if(!is_array($info['grps']) || !in_array($conf['defaultgroup'],$info['grps'])){ + $info['grps'][] = $conf['defaultgroup']; + } + + return $info; + } + + /** + * Make AD group names usable by DokuWiki. + * + * Removes backslashes ('\'), pound signs ('#'), and converts spaces to underscores. + * + * @author James Van Lommel (jamesvl@gmail.com) + */ + function cleanGroup($name) { + $sName = str_replace('\\', '', $name); + $sName = str_replace('#', '', $sName); + $sName = preg_replace('[\s]', '_', $sName); + return $sName; + } + + /** + * Sanitize user names + */ + function cleanUser($name) { + return $this->cleanGroup($name); + } + + /** + * Most values in LDAP are case-insensitive + */ + function isCaseSensitive(){ + return false; + } + + /** + * Bulk retrieval of user data + * + * @author Dominik Eckelmann + * @param start index of first user to be returned + * @param limit max number of users to be returned + * @param filter array of field/pattern pairs, null for no filter + * @return array of userinfo (refer getUserData for internal userinfo details) + */ + function retrieveUsers($start=0,$limit=-1,$filter=array()) { + if(!$this->_init()) return false; + + if ($this->users === null) { + //get info for given user + $result = $this->adldap->all_users(); + if (!$result) return array(); + $this->users = array_fill_keys($result, false); + } + + $i = 0; + $count = 0; + $this->_constructPattern($filter); + $result = array(); + + foreach ($this->users as $user => &$info) { + if ($i++ < $start) { + continue; + } + if ($info === false) { + $info = $this->getUserData($user); + } + if ($this->_filter($user, $info)) { + $result[$user] = $info; + if (($limit >= 0) && (++$count >= $limit)) break; + } + } + return $result; + } + + /** + * Modify user data + * + * @param $user nick of the user to be changed + * @param $changes array of field/value pairs to be changed + * @return bool + */ + function modifyUser($user, $changes) { + $return = true; + + // password changing + if(isset($changes['pass'])){ + try { + $return = $this->adldap->user_password($user,$changes['pass']); + } catch (adLDAPException $e) { + if ($this->cnf['debug']) msg('AD Auth: '.$e->getMessage(), -1); + $return = false; + } + if(!$return) msg('AD Auth: failed to change the password. Maybe the password policy was not met?',-1); + } + + // changing user data + $adchanges = array(); + if(isset($changes['name'])){ + // get first and last name + $parts = explode(' ',$changes['name']); + $adchanges['surname'] = array_pop($parts); + $adchanges['firstname'] = join(' ',$parts); + $adchanges['display_name'] = $changes['name']; + } + if(isset($changes['mail'])){ + $adchanges['email'] = $changes['mail']; + } + if(count($adchanges)){ + try { + $return = $return & $this->adldap->user_modify($user,$adchanges); + } catch (adLDAPException $e) { + if ($this->cnf['debug']) msg('AD Auth: '.$e->getMessage(), -1); + $return = false; + } + } + + return $return; + } + + /** + * Initialize the AdLDAP library and connect to the server + */ + function _init(){ + if(!is_null($this->adldap)) return true; + + // connect + try { + $this->adldap = new adLDAP($this->opts); + if (isset($this->opts['ad_username']) && isset($this->opts['ad_password'])) { + $this->canDo['getUsers'] = true; + } + return true; + } catch (adLDAPException $e) { + if ($this->cnf['debug']) { + msg('AD Auth: '.$e->getMessage(), -1); + } + $this->success = false; + $this->adldap = null; + } + return false; + } + + /** + * return 1 if $user + $info match $filter criteria, 0 otherwise + * + * @author Chris Smith + */ + function _filter($user, $info) { + foreach ($this->_pattern as $item => $pattern) { + if ($item == 'user') { + if (!preg_match($pattern, $user)) return 0; + } else if ($item == 'grps') { + if (!count(preg_grep($pattern, $info['grps']))) return 0; + } else { + if (!preg_match($pattern, $info[$item])) return 0; + } + } + return 1; + } + + function _constructPattern($filter) { + $this->_pattern = array(); + foreach ($filter as $item => $pattern) { +// $this->_pattern[$item] = '/'.preg_quote($pattern,"/").'/i'; // don't allow regex characters + $this->_pattern[$item] = '/'.str_replace('/','\/',$pattern).'/i'; // allow regex characters + } + } +} \ No newline at end of file diff --git a/lib/plugins/authad/plugin.info.txt b/lib/plugins/authad/plugin.info.txt new file mode 100644 index 000000000..ad565b853 --- /dev/null +++ b/lib/plugins/authad/plugin.info.txt @@ -0,0 +1,7 @@ +base authad +author +email +date +name active directory auth plugin +desc Provides authentication against a Microsoft Active Directory +url -- cgit v1.2.3 From 94c0297d119ce52ad794c18f26220311e3c0ed8c Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Sat, 6 Oct 2012 11:31:26 +0200 Subject: completed plugin.info.txt files --- lib/plugins/authad/plugin.info.txt | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'lib/plugins/authad') diff --git a/lib/plugins/authad/plugin.info.txt b/lib/plugins/authad/plugin.info.txt index ad565b853..598eb848b 100644 --- a/lib/plugins/authad/plugin.info.txt +++ b/lib/plugins/authad/plugin.info.txt @@ -1,7 +1,7 @@ base authad -author -email -date +author Andreas Gohr +email andi@splitbrain.org +date 2012-10-06 name active directory auth plugin desc Provides authentication against a Microsoft Active Directory -url +url http://www.dokuwiki.org/plugin:authad -- cgit v1.2.3 From 454d868b911059adb8889a2d6afefa016d6a21f5 Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Fri, 9 Nov 2012 14:04:41 +0100 Subject: make all sub auth classes call the parent constructor This does nothing currently but allows us adding certain things to the base class later. --- lib/plugins/authad/auth.php | 2 ++ 1 file changed, 2 insertions(+) (limited to 'lib/plugins/authad') diff --git a/lib/plugins/authad/auth.php b/lib/plugins/authad/auth.php index 35c19f471..0900a3f87 100644 --- a/lib/plugins/authad/auth.php +++ b/lib/plugins/authad/auth.php @@ -82,6 +82,8 @@ class auth_plugin_authad extends DokuWiki_Auth_Plugin { * Constructor */ public function __construct() { + parent::__construct(); + global $conf; $this->cnf = $conf['auth']['ad']; -- cgit v1.2.3 From 5a65cc7f5700c1a96e469b9f5a57bbe1ca879f53 Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Fri, 9 Nov 2012 14:07:17 +0100 Subject: some comment cleanup in authad --- lib/plugins/authad/auth.php | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) (limited to 'lib/plugins/authad') diff --git a/lib/plugins/authad/auth.php b/lib/plugins/authad/auth.php index 0900a3f87..e82610327 100644 --- a/lib/plugins/authad/auth.php +++ b/lib/plugins/authad/auth.php @@ -13,15 +13,9 @@ require_once(DOKU_INC.'inc/adLDAP.php'); * Usage: * Set DokuWiki's local.protected.php auth setting to read * - * $conf['useacl'] = 1; - * $conf['disableactions'] = 'register'; - * $conf['autopasswd'] = 0; * $conf['authtype'] = 'authad'; - * $conf['passcrypt'] = 'ssha'; * - * $conf['auth']['ad']['account_suffix'] = ' - * - * @my.domain.org'; + * $conf['auth']['ad']['account_suffix'] = '@my.domain.org'; * $conf['auth']['ad']['base_dn'] = 'DC=my,DC=domain,DC=org'; * $conf['auth']['ad']['domain_controllers'] = 'srv1.domain.org,srv2.domain.org'; * -- cgit v1.2.3 From 76ce1169a0c8cbb18423b1581800b9aa1050ccd5 Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Fri, 9 Nov 2012 14:13:32 +0100 Subject: moved adLDAP to authad plugin and fixed includes --- lib/plugins/authad/adLDAP/adLDAP.php | 951 +++++++++++++++++++++ .../authad/adLDAP/classes/adLDAPComputers.php | 153 ++++ .../authad/adLDAP/classes/adLDAPContacts.php | 294 +++++++ .../authad/adLDAP/classes/adLDAPExchange.php | 390 +++++++++ .../authad/adLDAP/classes/adLDAPFolders.php | 179 ++++ lib/plugins/authad/adLDAP/classes/adLDAPGroups.php | 631 ++++++++++++++ lib/plugins/authad/adLDAP/classes/adLDAPUsers.php | 682 +++++++++++++++ lib/plugins/authad/adLDAP/classes/adLDAPUtils.php | 264 ++++++ .../authad/adLDAP/collections/adLDAPCollection.php | 137 +++ .../collections/adLDAPComputerCollection.php | 46 + .../adLDAP/collections/adLDAPContactCollection.php | 46 + .../adLDAP/collections/adLDAPGroupCollection.php | 46 + .../adLDAP/collections/adLDAPUserCollection.php | 46 + lib/plugins/authad/auth.php | 4 +- 14 files changed, 3866 insertions(+), 3 deletions(-) create mode 100644 lib/plugins/authad/adLDAP/adLDAP.php create mode 100644 lib/plugins/authad/adLDAP/classes/adLDAPComputers.php create mode 100644 lib/plugins/authad/adLDAP/classes/adLDAPContacts.php create mode 100644 lib/plugins/authad/adLDAP/classes/adLDAPExchange.php create mode 100644 lib/plugins/authad/adLDAP/classes/adLDAPFolders.php create mode 100644 lib/plugins/authad/adLDAP/classes/adLDAPGroups.php create mode 100644 lib/plugins/authad/adLDAP/classes/adLDAPUsers.php create mode 100644 lib/plugins/authad/adLDAP/classes/adLDAPUtils.php create mode 100644 lib/plugins/authad/adLDAP/collections/adLDAPCollection.php create mode 100644 lib/plugins/authad/adLDAP/collections/adLDAPComputerCollection.php create mode 100644 lib/plugins/authad/adLDAP/collections/adLDAPContactCollection.php create mode 100644 lib/plugins/authad/adLDAP/collections/adLDAPGroupCollection.php create mode 100644 lib/plugins/authad/adLDAP/collections/adLDAPUserCollection.php (limited to 'lib/plugins/authad') diff --git a/lib/plugins/authad/adLDAP/adLDAP.php b/lib/plugins/authad/adLDAP/adLDAP.php new file mode 100644 index 000000000..a8f33b47e --- /dev/null +++ b/lib/plugins/authad/adLDAP/adLDAP.php @@ -0,0 +1,951 @@ +ldapConnection) { + return $this->ldapConnection; + } + return false; + } + + /** + * Get the bind status + * + * @return bool + */ + public function getLdapBind() { + return $this->ldapBind; + } + + /** + * Get the current base DN + * + * @return string + */ + public function getBaseDn() { + return $this->baseDn; + } + + /** + * The group class + * + * @var adLDAPGroups + */ + protected $groupClass; + + /** + * Get the group class interface + * + * @return adLDAPGroups + */ + public function group() { + if (!$this->groupClass) { + $this->groupClass = new adLDAPGroups($this); + } + return $this->groupClass; + } + + /** + * The user class + * + * @var adLDAPUsers + */ + protected $userClass; + + /** + * Get the userclass interface + * + * @return adLDAPUsers + */ + public function user() { + if (!$this->userClass) { + $this->userClass = new adLDAPUsers($this); + } + return $this->userClass; + } + + /** + * The folders class + * + * @var adLDAPFolders + */ + protected $folderClass; + + /** + * Get the folder class interface + * + * @return adLDAPFolders + */ + public function folder() { + if (!$this->folderClass) { + $this->folderClass = new adLDAPFolders($this); + } + return $this->folderClass; + } + + /** + * The utils class + * + * @var adLDAPUtils + */ + protected $utilClass; + + /** + * Get the utils class interface + * + * @return adLDAPUtils + */ + public function utilities() { + if (!$this->utilClass) { + $this->utilClass = new adLDAPUtils($this); + } + return $this->utilClass; + } + + /** + * The contacts class + * + * @var adLDAPContacts + */ + protected $contactClass; + + /** + * Get the contacts class interface + * + * @return adLDAPContacts + */ + public function contact() { + if (!$this->contactClass) { + $this->contactClass = new adLDAPContacts($this); + } + return $this->contactClass; + } + + /** + * The exchange class + * + * @var adLDAPExchange + */ + protected $exchangeClass; + + /** + * Get the exchange class interface + * + * @return adLDAPExchange + */ + public function exchange() { + if (!$this->exchangeClass) { + $this->exchangeClass = new adLDAPExchange($this); + } + return $this->exchangeClass; + } + + /** + * The computers class + * + * @var adLDAPComputers + */ + protected $computersClass; + + /** + * Get the computers class interface + * + * @return adLDAPComputers + */ + public function computer() { + if (!$this->computerClass) { + $this->computerClass = new adLDAPComputers($this); + } + return $this->computerClass; + } + + /** + * Getters and Setters + */ + + /** + * Set the account suffix + * + * @param string $accountSuffix + * @return void + */ + public function setAccountSuffix($accountSuffix) + { + $this->accountSuffix = $accountSuffix; + } + + /** + * Get the account suffix + * + * @return string + */ + public function getAccountSuffix() + { + return $this->accountSuffix; + } + + /** + * Set the domain controllers array + * + * @param array $domainControllers + * @return void + */ + public function setDomainControllers(array $domainControllers) + { + $this->domainControllers = $domainControllers; + } + + /** + * Get the list of domain controllers + * + * @return void + */ + public function getDomainControllers() + { + return $this->domainControllers; + } + + /** + * Sets the port number your domain controller communicates over + * + * @param int $adPort + */ + public function setPort($adPort) + { + $this->adPort = $adPort; + } + + /** + * Gets the port number your domain controller communicates over + * + * @return int + */ + public function getPort() + { + return $this->adPort; + } + + /** + * Set the username of an account with higher priviledges + * + * @param string $adminUsername + * @return void + */ + public function setAdminUsername($adminUsername) + { + $this->adminUsername = $adminUsername; + } + + /** + * Get the username of the account with higher priviledges + * + * This will throw an exception for security reasons + */ + public function getAdminUsername() + { + throw new adLDAPException('For security reasons you cannot access the domain administrator account details'); + } + + /** + * Set the password of an account with higher priviledges + * + * @param string $adminPassword + * @return void + */ + public function setAdminPassword($adminPassword) + { + $this->adminPassword = $adminPassword; + } + + /** + * Get the password of the account with higher priviledges + * + * This will throw an exception for security reasons + */ + public function getAdminPassword() + { + throw new adLDAPException('For security reasons you cannot access the domain administrator account details'); + } + + /** + * Set whether to detect the true primary group + * + * @param bool $realPrimaryGroup + * @return void + */ + public function setRealPrimaryGroup($realPrimaryGroup) + { + $this->realPrimaryGroup = $realPrimaryGroup; + } + + /** + * Get the real primary group setting + * + * @return bool + */ + public function getRealPrimaryGroup() + { + return $this->realPrimaryGroup; + } + + /** + * Set whether to use SSL + * + * @param bool $useSSL + * @return void + */ + public function setUseSSL($useSSL) + { + $this->useSSL = $useSSL; + // Set the default port correctly + if($this->useSSL) { + $this->setPort(self::ADLDAP_LDAPS_PORT); + } + else { + $this->setPort(self::ADLDAP_LDAP_PORT); + } + } + + /** + * Get the SSL setting + * + * @return bool + */ + public function getUseSSL() + { + return $this->useSSL; + } + + /** + * Set whether to use TLS + * + * @param bool $useTLS + * @return void + */ + public function setUseTLS($useTLS) + { + $this->useTLS = $useTLS; + } + + /** + * Get the TLS setting + * + * @return bool + */ + public function getUseTLS() + { + return $this->useTLS; + } + + /** + * Set whether to use SSO + * Requires ldap_sasl_bind support. Be sure --with-ldap-sasl is used when configuring PHP otherwise this function will be undefined. + * + * @param bool $useSSO + * @return void + */ + public function setUseSSO($useSSO) + { + if ($useSSO === true && !$this->ldapSaslSupported()) { + throw new adLDAPException('No LDAP SASL support for PHP. See: http://www.php.net/ldap_sasl_bind'); + } + $this->useSSO = $useSSO; + } + + /** + * Get the SSO setting + * + * @return bool + */ + public function getUseSSO() + { + return $this->useSSO; + } + + /** + * Set whether to lookup recursive groups + * + * @param bool $recursiveGroups + * @return void + */ + public function setRecursiveGroups($recursiveGroups) + { + $this->recursiveGroups = $recursiveGroups; + } + + /** + * Get the recursive groups setting + * + * @return bool + */ + public function getRecursiveGroups() + { + return $this->recursiveGroups; + } + + /** + * Default Constructor + * + * Tries to bind to the AD domain over LDAP or LDAPs + * + * @param array $options Array of options to pass to the constructor + * @throws Exception - if unable to bind to Domain Controller + * @return bool + */ + function __construct($options = array()) { + // You can specifically overide any of the default configuration options setup above + if (count($options) > 0) { + if (array_key_exists("account_suffix",$options)){ $this->accountSuffix = $options["account_suffix"]; } + if (array_key_exists("base_dn",$options)){ $this->baseDn = $options["base_dn"]; } + if (array_key_exists("domain_controllers",$options)){ + if (!is_array($options["domain_controllers"])) { + throw new adLDAPException('[domain_controllers] option must be an array'); + } + $this->domainControllers = $options["domain_controllers"]; + } + if (array_key_exists("admin_username",$options)){ $this->adminUsername = $options["admin_username"]; } + if (array_key_exists("admin_password",$options)){ $this->adminPassword = $options["admin_password"]; } + if (array_key_exists("real_primarygroup",$options)){ $this->realPrimaryGroup = $options["real_primarygroup"]; } + if (array_key_exists("use_ssl",$options)){ $this->setUseSSL($options["use_ssl"]); } + if (array_key_exists("use_tls",$options)){ $this->useTLS = $options["use_tls"]; } + if (array_key_exists("recursive_groups",$options)){ $this->recursiveGroups = $options["recursive_groups"]; } + if (array_key_exists("ad_port",$options)){ $this->setPort($options["ad_port"]); } + if (array_key_exists("sso",$options)) { + $this->setUseSSO($options["sso"]); + if (!$this->ldapSaslSupported()) { + $this->setUseSSO(false); + } + } + } + + if ($this->ldapSupported() === false) { + throw new adLDAPException('No LDAP support for PHP. See: http://www.php.net/ldap'); + } + + return $this->connect(); + } + + /** + * Default Destructor + * + * Closes the LDAP connection + * + * @return void + */ + function __destruct() { + $this->close(); + } + + /** + * Connects and Binds to the Domain Controller + * + * @return bool + */ + public function connect() + { + // Connect to the AD/LDAP server as the username/password + $domainController = $this->randomController(); + if ($this->useSSL) { + $this->ldapConnection = ldap_connect("ldaps://" . $domainController, $this->adPort); + } else { + $this->ldapConnection = ldap_connect($domainController, $this->adPort); + } + + // Set some ldap options for talking to AD + ldap_set_option($this->ldapConnection, LDAP_OPT_PROTOCOL_VERSION, 3); + ldap_set_option($this->ldapConnection, LDAP_OPT_REFERRALS, 0); + + if ($this->useTLS) { + ldap_start_tls($this->ldapConnection); + } + + // Bind as a domain admin if they've set it up + if ($this->adminUsername !== NULL && $this->adminPassword !== NULL) { + $this->ldapBind = @ldap_bind($this->ldapConnection, $this->adminUsername . $this->accountSuffix, $this->adminPassword); + if (!$this->ldapBind) { + if ($this->useSSL && !$this->useTLS) { + // If you have problems troubleshooting, remove the @ character from the ldapldapBind command above to get the actual error message + throw new adLDAPException('Bind to Active Directory failed. Either the LDAPs connection failed or the login credentials are incorrect. AD said: ' . $this->getLastError()); + } + else { + throw new adLDAPException('Bind to Active Directory failed. Check the login credentials and/or server details. AD said: ' . $this->getLastError()); + } + } + } + if ($this->useSSO && $_SERVER['REMOTE_USER'] && $this->adminUsername === null && $_SERVER['KRB5CCNAME']) { + putenv("KRB5CCNAME=" . $_SERVER['KRB5CCNAME']); + $this->ldapBind = @ldap_sasl_bind($this->ldapConnection, NULL, NULL, "GSSAPI"); + if (!$this->ldapBind){ + throw new adLDAPException('Rebind to Active Directory failed. AD said: ' . $this->getLastError()); + } + else { + return true; + } + } + + + if ($this->baseDn == NULL) { + $this->baseDn = $this->findBaseDn(); + } + + return true; + } + + /** + * Closes the LDAP connection + * + * @return void + */ + public function close() { + if ($this->ldapConnection) { + @ldap_close($this->ldapConnection); + } + } + + /** + * Validate a user's login credentials + * + * @param string $username A user's AD username + * @param string $password A user's AD password + * @param bool optional $preventRebind + * @return bool + */ + public function authenticate($username, $password, $preventRebind = false) { + // Prevent null binding + if ($username === NULL || $password === NULL) { return false; } + if (empty($username) || empty($password)) { return false; } + + // Allow binding over SSO for Kerberos + if ($this->useSSO && $_SERVER['REMOTE_USER'] && $_SERVER['REMOTE_USER'] == $username && $this->adminUsername === NULL && $_SERVER['KRB5CCNAME']) { + putenv("KRB5CCNAME=" . $_SERVER['KRB5CCNAME']); + $this->ldapBind = @ldap_sasl_bind($this->ldapConnection, NULL, NULL, "GSSAPI"); + if (!$this->ldapBind) { + throw new adLDAPException('Rebind to Active Directory failed. AD said: ' . $this->getLastError()); + } + else { + return true; + } + } + + // Bind as the user + $ret = true; + $this->ldapBind = @ldap_bind($this->ldapConnection, $username . $this->accountSuffix, $password); + if (!$this->ldapBind){ + $ret = false; + } + + // Cnce we've checked their details, kick back into admin mode if we have it + if ($this->adminUsername !== NULL && !$preventRebind) { + $this->ldapBind = @ldap_bind($this->ldapConnection, $this->adminUsername . $this->accountSuffix , $this->adminPassword); + if (!$this->ldapBind){ + // This should never happen in theory + throw new adLDAPException('Rebind to Active Directory failed. AD said: ' . $this->getLastError()); + } + } + + return $ret; + } + + /** + * Find the Base DN of your domain controller + * + * @return string + */ + public function findBaseDn() + { + $namingContext = $this->getRootDse(array('defaultnamingcontext')); + return $namingContext[0]['defaultnamingcontext'][0]; + } + + /** + * Get the RootDSE properties from a domain controller + * + * @param array $attributes The attributes you wish to query e.g. defaultnamingcontext + * @return array + */ + public function getRootDse($attributes = array("*", "+")) { + if (!$this->ldapBind){ return (false); } + + $sr = @ldap_read($this->ldapConnection, NULL, 'objectClass=*', $attributes); + $entries = @ldap_get_entries($this->ldapConnection, $sr); + return $entries; + } + + /** + * Get last error from Active Directory + * + * This function gets the last message from Active Directory + * This may indeed be a 'Success' message but if you get an unknown error + * it might be worth calling this function to see what errors were raised + * + * return string + */ + public function getLastError() { + return @ldap_error($this->ldapConnection); + } + + /** + * Detect LDAP support in php + * + * @return bool + */ + protected function ldapSupported() + { + if (!function_exists('ldap_connect')) { + return false; + } + return true; + } + + /** + * Detect ldap_sasl_bind support in PHP + * + * @return bool + */ + protected function ldapSaslSupported() + { + if (!function_exists('ldap_sasl_bind')) { + return false; + } + return true; + } + + /** + * Schema + * + * @param array $attributes Attributes to be queried + * @return array + */ + public function adldap_schema($attributes){ + + // LDAP doesn't like NULL attributes, only set them if they have values + // If you wish to remove an attribute you should set it to a space + // TO DO: Adapt user_modify to use ldap_mod_delete to remove a NULL attribute + $mod=array(); + + // Check every attribute to see if it contains 8bit characters and then UTF8 encode them + array_walk($attributes, array($this, 'encode8bit')); + + if ($attributes["address_city"]){ $mod["l"][0]=$attributes["address_city"]; } + if ($attributes["address_code"]){ $mod["postalCode"][0]=$attributes["address_code"]; } + //if ($attributes["address_country"]){ $mod["countryCode"][0]=$attributes["address_country"]; } // use country codes? + if ($attributes["address_country"]){ $mod["c"][0]=$attributes["address_country"]; } + if ($attributes["address_pobox"]){ $mod["postOfficeBox"][0]=$attributes["address_pobox"]; } + if ($attributes["address_state"]){ $mod["st"][0]=$attributes["address_state"]; } + if ($attributes["address_street"]){ $mod["streetAddress"][0]=$attributes["address_street"]; } + if ($attributes["company"]){ $mod["company"][0]=$attributes["company"]; } + if ($attributes["change_password"]){ $mod["pwdLastSet"][0]=0; } + if ($attributes["department"]){ $mod["department"][0]=$attributes["department"]; } + if ($attributes["description"]){ $mod["description"][0]=$attributes["description"]; } + if ($attributes["display_name"]){ $mod["displayName"][0]=$attributes["display_name"]; } + if ($attributes["email"]){ $mod["mail"][0]=$attributes["email"]; } + if ($attributes["expires"]){ $mod["accountExpires"][0]=$attributes["expires"]; } //unix epoch format? + if ($attributes["firstname"]){ $mod["givenName"][0]=$attributes["firstname"]; } + if ($attributes["home_directory"]){ $mod["homeDirectory"][0]=$attributes["home_directory"]; } + if ($attributes["home_drive"]){ $mod["homeDrive"][0]=$attributes["home_drive"]; } + if ($attributes["initials"]){ $mod["initials"][0]=$attributes["initials"]; } + if ($attributes["logon_name"]){ $mod["userPrincipalName"][0]=$attributes["logon_name"]; } + if ($attributes["manager"]){ $mod["manager"][0]=$attributes["manager"]; } //UNTESTED ***Use DistinguishedName*** + if ($attributes["office"]){ $mod["physicalDeliveryOfficeName"][0]=$attributes["office"]; } + if ($attributes["password"]){ $mod["unicodePwd"][0]=$this->user()->encodePassword($attributes["password"]); } + if ($attributes["profile_path"]){ $mod["profilepath"][0]=$attributes["profile_path"]; } + if ($attributes["script_path"]){ $mod["scriptPath"][0]=$attributes["script_path"]; } + if ($attributes["surname"]){ $mod["sn"][0]=$attributes["surname"]; } + if ($attributes["title"]){ $mod["title"][0]=$attributes["title"]; } + if ($attributes["telephone"]){ $mod["telephoneNumber"][0]=$attributes["telephone"]; } + if ($attributes["mobile"]){ $mod["mobile"][0]=$attributes["mobile"]; } + if ($attributes["pager"]){ $mod["pager"][0]=$attributes["pager"]; } + if ($attributes["ipphone"]){ $mod["ipphone"][0]=$attributes["ipphone"]; } + if ($attributes["web_page"]){ $mod["wWWHomePage"][0]=$attributes["web_page"]; } + if ($attributes["fax"]){ $mod["facsimileTelephoneNumber"][0]=$attributes["fax"]; } + if ($attributes["enabled"]){ $mod["userAccountControl"][0]=$attributes["enabled"]; } + if ($attributes["homephone"]){ $mod["homephone"][0]=$attributes["homephone"]; } + + // Distribution List specific schema + if ($attributes["group_sendpermission"]){ $mod["dlMemSubmitPerms"][0]=$attributes["group_sendpermission"]; } + if ($attributes["group_rejectpermission"]){ $mod["dlMemRejectPerms"][0]=$attributes["group_rejectpermission"]; } + + // Exchange Schema + if ($attributes["exchange_homemdb"]){ $mod["homeMDB"][0]=$attributes["exchange_homemdb"]; } + if ($attributes["exchange_mailnickname"]){ $mod["mailNickname"][0]=$attributes["exchange_mailnickname"]; } + if ($attributes["exchange_proxyaddress"]){ $mod["proxyAddresses"][0]=$attributes["exchange_proxyaddress"]; } + if ($attributes["exchange_usedefaults"]){ $mod["mDBUseDefaults"][0]=$attributes["exchange_usedefaults"]; } + if ($attributes["exchange_policyexclude"]){ $mod["msExchPoliciesExcluded"][0]=$attributes["exchange_policyexclude"]; } + if ($attributes["exchange_policyinclude"]){ $mod["msExchPoliciesIncluded"][0]=$attributes["exchange_policyinclude"]; } + if ($attributes["exchange_addressbook"]){ $mod["showInAddressBook"][0]=$attributes["exchange_addressbook"]; } + if ($attributes["exchange_altrecipient"]){ $mod["altRecipient"][0]=$attributes["exchange_altrecipient"]; } + if ($attributes["exchange_deliverandredirect"]){ $mod["deliverAndRedirect"][0]=$attributes["exchange_deliverandredirect"]; } + + // This schema is designed for contacts + if ($attributes["exchange_hidefromlists"]){ $mod["msExchHideFromAddressLists"][0]=$attributes["exchange_hidefromlists"]; } + if ($attributes["contact_email"]){ $mod["targetAddress"][0]=$attributes["contact_email"]; } + + //echo ("
"); print_r($mod);
+        /*
+        // modifying a name is a bit fiddly
+        if ($attributes["firstname"] && $attributes["surname"]){
+            $mod["cn"][0]=$attributes["firstname"]." ".$attributes["surname"];
+            $mod["displayname"][0]=$attributes["firstname"]." ".$attributes["surname"];
+            $mod["name"][0]=$attributes["firstname"]." ".$attributes["surname"];
+        }
+        */
+
+        if (count($mod)==0){ return (false); }
+        return ($mod);
+    }
+    
+    /**
+    * Convert 8bit characters e.g. accented characters to UTF8 encoded characters
+    */
+    protected function encode8Bit(&$item, $key) {
+        $encode = false;
+        if (is_string($item)) {
+            for ($i=0; $i> 7) {
+                    $encode = true;
+                }
+            }
+        }
+        if ($encode === true && $key != 'password') {
+            $item = utf8_encode($item);   
+        }
+    }
+    
+    /**
+    * Select a random domain controller from your domain controller array
+    * 
+    * @return string
+    */
+    protected function randomController() 
+    {
+        mt_srand(doubleval(microtime()) * 100000000); // For older PHP versions
+        /*if (sizeof($this->domainControllers) > 1) {
+            $adController = $this->domainControllers[array_rand($this->domainControllers)]; 
+            // Test if the controller is responding to pings
+            $ping = $this->pingController($adController); 
+            if ($ping === false) { 
+                // Find the current key in the domain controllers array
+                $key = array_search($adController, $this->domainControllers);
+                // Remove it so that we don't end up in a recursive loop
+                unset($this->domainControllers[$key]);
+                // Select a new controller
+                return $this->randomController(); 
+            }
+            else { 
+                return ($adController); 
+            }
+        } */
+        return $this->domainControllers[array_rand($this->domainControllers)];
+    }  
+    
+    /** 
+    * Test basic connectivity to controller 
+    * 
+    * @return bool
+    */ 
+    protected function pingController($host) {
+        $port = $this->adPort; 
+        fsockopen($host, $port, $errno, $errstr, 10); 
+        if ($errno > 0) {
+            return false;
+        }
+        return true;
+    }
+
+}
+
+/**
+* adLDAP Exception Handler
+* 
+* Exceptions of this type are thrown on bind failure or when SSL is required but not configured
+* Example:
+* try {
+*   $adldap = new adLDAP();
+* }
+* catch (adLDAPException $e) {
+*   echo $e;
+*   exit();
+* }
+*/
+class adLDAPException extends Exception {}
+
+?>
\ No newline at end of file
diff --git a/lib/plugins/authad/adLDAP/classes/adLDAPComputers.php b/lib/plugins/authad/adLDAP/classes/adLDAPComputers.php
new file mode 100644
index 000000000..71b24a04f
--- /dev/null
+++ b/lib/plugins/authad/adLDAP/classes/adLDAPComputers.php
@@ -0,0 +1,153 @@
+adldap = $adldap;
+    }
+    
+    /**
+    * Get information about a specific computer. Returned in a raw array format from AD
+    * 
+    * @param string $computerName The name of the computer
+    * @param array $fields Attributes to return
+    * @return array
+    */
+    public function info($computerName, $fields = NULL)
+    {
+        if ($computerName === NULL) { return false; }
+        if (!$this->adldap->getLdapBind()) { return false; }
+
+        $filter = "(&(objectClass=computer)(cn=" . $computerName . "))";
+        if ($fields === NULL) { 
+            $fields = array("memberof","cn","displayname","dnshostname","distinguishedname","objectcategory","operatingsystem","operatingsystemservicepack","operatingsystemversion"); 
+        }
+        $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+        $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+        
+        return $entries;
+    }
+    
+    /**
+    * Find information about the computers. Returned in a raw array format from AD
+    * 
+    * @param string $computerName The name of the computer
+    * @param array $fields Array of parameters to query
+    * @return mixed
+    */
+    public function infoCollection($computerName, $fields = NULL)
+    {
+        if ($computerName === NULL) { return false; }
+        if (!$this->adldap->getLdapBind()) { return false; }
+        
+        $info = $this->info($computerName, $fields);
+        
+        if ($info !== false) {
+            $collection = new adLDAPComputerCollection($info, $this->adldap);
+            return $collection;
+        }
+        return false;
+    }
+    
+    /**
+    * Check if a computer is in a group
+    * 
+    * @param string $computerName The name of the computer
+    * @param string $group The group to check
+    * @param bool $recursive Whether to check recursively
+    * @return array
+    */
+    public function inGroup($computerName, $group, $recursive = NULL)
+    {
+        if ($computerName === NULL) { return false; }
+        if ($group === NULL) { return false; }
+        if (!$this->adldap->getLdapBind()) { return false; }
+        if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } // use the default option if they haven't set it
+
+        //get a list of the groups
+        $groups = $this->groups($computerName, array("memberof"), $recursive);
+
+        //return true if the specified group is in the group list
+        if (in_array($group, $groups)){ 
+            return true; 
+        }
+
+        return false;
+    }
+    
+    /**
+    * Get the groups a computer is in
+    * 
+    * @param string $computerName The name of the computer
+    * @param bool $recursive Whether to check recursively
+    * @return array
+    */
+    public function groups($computerName, $recursive = NULL)
+    {
+        if ($computerName === NULL) { return false; }
+        if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } //use the default option if they haven't set it
+        if (!$this->adldap->getLdapBind()){ return false; }
+
+        //search the directory for their information
+        $info = @$this->info($computerName, array("memberof", "primarygroupid"));
+        $groups = $this->adldap->utilities()->niceNames($info[0]["memberof"]); //presuming the entry returned is our guy (unique usernames)
+
+        if ($recursive === true) {
+            foreach ($groups as $id => $groupName){
+              $extraGroups = $this->adldap->group()->recursiveGroups($groupName);
+              $groups = array_merge($groups, $extraGroups);
+            }
+        }
+
+        return $groups;
+    }
+    
+}
+?>
\ No newline at end of file
diff --git a/lib/plugins/authad/adLDAP/classes/adLDAPContacts.php b/lib/plugins/authad/adLDAP/classes/adLDAPContacts.php
new file mode 100644
index 000000000..addd3e5f0
--- /dev/null
+++ b/lib/plugins/authad/adLDAP/classes/adLDAPContacts.php
@@ -0,0 +1,294 @@
+adldap = $adldap;
+    }
+    
+    //*****************************************************************************************************************
+    // CONTACT FUNCTIONS
+    // * Still work to do in this area, and new functions to write
+    
+    /**
+    * Create a contact
+    * 
+    * @param array $attributes The attributes to set to the contact
+    * @return bool
+    */
+    public function create($attributes)
+    {
+        // Check for compulsory fields
+        if (!array_key_exists("display_name", $attributes)) { return "Missing compulsory field [display_name]"; }
+        if (!array_key_exists("email", $attributes)) { return "Missing compulsory field [email]"; }
+        if (!array_key_exists("container", $attributes)) { return "Missing compulsory field [container]"; }
+        if (!is_array($attributes["container"])) { return "Container attribute must be an array."; }
+
+        // Translate the schema
+        $add = $this->adldap->adldap_schema($attributes);
+        
+        // Additional stuff only used for adding contacts
+        $add["cn"][0] = $attributes["display_name"];
+        $add["objectclass"][0] = "top";
+        $add["objectclass"][1] = "person";
+        $add["objectclass"][2] = "organizationalPerson";
+        $add["objectclass"][3] = "contact"; 
+        if (!isset($attributes['exchange_hidefromlists'])) {
+            $add["msExchHideFromAddressLists"][0] = "TRUE";
+        }
+
+        // Determine the container
+        $attributes["container"] = array_reverse($attributes["container"]);
+        $container= "OU=" . implode(",OU=", $attributes["container"]);
+
+        // Add the entry
+        $result = @ldap_add($this->adldap->getLdapConnection(), "CN=" . $this->adldap->utilities()->escapeCharacters($add["cn"][0]) . ", " . $container . "," . $this->adldap->getBaseDn(), $add);
+        if ($result != true) { 
+            return false; 
+        }
+        
+        return true;
+    }  
+    
+    /**
+    * Determine the list of groups a contact is a member of
+    * 
+    * @param string $distinguisedname The full DN of a contact
+    * @param bool $recursive Recursively check groups
+    * @return array
+    */
+    public function groups($distinguishedName, $recursive = NULL)
+    {
+        if ($distinguishedName === NULL) { return false; }
+        if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } //use the default option if they haven't set it
+        if (!$this->adldap->getLdapBind()){ return false; }
+        
+        // Search the directory for their information
+        $info = @$this->info($distinguishedName, array("memberof", "primarygroupid"));
+        $groups = $this->adldap->utilities()->niceNames($info[0]["memberof"]); //presuming the entry returned is our contact
+
+        if ($recursive === true){
+            foreach ($groups as $id => $groupName){
+                $extraGroups = $this->adldap->group()->recursiveGroups($groupName);
+                $groups = array_merge($groups, $extraGroups);
+            }
+        }
+        
+        return $groups;
+    }
+    
+    /**
+    * Get contact information. Returned in a raw array format from AD
+    * 
+    * @param string $distinguisedname The full DN of a contact
+    * @param array $fields Attributes to be returned
+    * @return array
+    */
+    public function info($distinguishedName, $fields = NULL)
+    {
+        if ($distinguishedName === NULL) { return false; }
+        if (!$this->adldap->getLdapBind()) { return false; }
+
+        $filter = "distinguishedName=" . $distinguishedName;
+        if ($fields === NULL) { 
+            $fields = array("distinguishedname", "mail", "memberof", "department", "displayname", "telephonenumber", "primarygroupid", "objectsid"); 
+        }
+        $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+        $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+        
+        if ($entries[0]['count'] >= 1) {
+            // AD does not return the primary group in the ldap query, we may need to fudge it
+            if ($this->adldap->getRealPrimaryGroup() && isset($entries[0]["primarygroupid"][0]) && isset($entries[0]["primarygroupid"][0])){
+                //$entries[0]["memberof"][]=$this->group_cn($entries[0]["primarygroupid"][0]);
+                $entries[0]["memberof"][] = $this->adldap->group()->getPrimaryGroup($entries[0]["primarygroupid"][0], $entries[0]["objectsid"][0]);
+            } else {
+                $entries[0]["memberof"][] = "CN=Domain Users,CN=Users," . $this->adldap->getBaseDn();
+            }
+        }
+        
+        $entries[0]["memberof"]["count"]++;
+        return $entries;
+    }
+    
+    /**
+    * Find information about the contacts. Returned in a raw array format from AD
+    * 
+    * @param string $distinguishedName The full DN of a contact 
+    * @param array $fields Array of parameters to query
+    * @return mixed
+    */
+    public function infoCollection($distinguishedName, $fields = NULL)
+    {
+        if ($distinguishedName === NULL) { return false; }
+        if (!$this->adldap->getLdapBind()) { return false; }
+        
+        $info = $this->info($distinguishedName, $fields);
+        
+        if ($info !== false) {
+            $collection = new adLDAPContactCollection($info, $this->adldap);
+            return $collection;
+        }
+        return false;
+    }
+    
+    /**
+    * Determine if a contact is a member of a group
+    * 
+    * @param string $distinguisedName The full DN of a contact
+    * @param string $group The group name to query
+    * @param bool $recursive Recursively check groups
+    * @return bool
+    */
+    public function inGroup($distinguisedName, $group, $recursive = NULL)
+    {
+        if ($distinguisedName === NULL) { return false; }
+        if ($group === NULL) { return false; }
+        if (!$this->adldap->getLdapBind()) { return false; }
+        if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } //use the default option if they haven't set it
+        
+        // Get a list of the groups
+        $groups = $this->groups($distinguisedName, array("memberof"), $recursive);
+        
+        // Return true if the specified group is in the group list
+        if (in_array($group, $groups)){ 
+            return true; 
+        }
+
+        return false;
+    }          
+    
+    /**
+    * Modify a contact
+    * 
+    * @param string $distinguishedName The contact to query
+    * @param array $attributes The attributes to modify.  Note if you set the enabled attribute you must not specify any other attributes
+    * @return bool
+    */
+    public function modify($distinguishedName, $attributes) {
+        if ($distinguishedName === NULL) { return "Missing compulsory field [distinguishedname]"; }
+        
+        // Translate the update to the LDAP schema                
+        $mod = $this->adldap->adldap_schema($attributes);
+        
+        // Check to see if this is an enabled status update
+        if (!$mod) { 
+            return false; 
+        }
+        
+        // Do the update
+        $result = ldap_modify($this->adldap->getLdapConnection(), $distinguishedName, $mod);
+        if ($result == false) { 
+            return false; 
+        }
+        
+        return true;
+    }
+    
+    /**
+    * Delete a contact
+    * 
+    * @param string $distinguishedName The contact dn to delete (please be careful here!)
+    * @return array
+    */
+    public function delete($distinguishedName) 
+    {
+        $result = $this->folder()->delete($distinguishedName);
+        if ($result != true) { 
+            return false; 
+        }       
+        return true;
+    }
+    
+    /**
+    * Return a list of all contacts
+    * 
+    * @param bool $includeDescription Include a description of a contact
+    * @param string $search The search parameters
+    * @param bool $sorted Whether to sort the results
+    * @return array
+    */
+    public function all($includeDescription = false, $search = "*", $sorted = true) {
+        if (!$this->adldap->getLdapBind()) { return false; }
+        
+        // Perform the search and grab all their details
+        $filter = "(&(objectClass=contact)(cn=" . $search . "))";
+        $fields = array("displayname","distinguishedname");           
+        $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+        $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+
+        $usersArray = array();
+        for ($i=0; $i<$entries["count"]; $i++){
+            if ($includeDescription && strlen($entries[$i]["displayname"][0])>0){
+                $usersArray[$entries[$i]["distinguishedname"][0]] = $entries[$i]["displayname"][0];
+            } elseif ($includeDescription){
+                $usersArray[$entries[$i]["distinguishedname"][0]] = $entries[$i]["distinguishedname"][0];
+            } else {
+                array_push($usersArray, $entries[$i]["distinguishedname"][0]);
+            }
+        }
+        if ($sorted) { 
+            asort($usersArray); 
+        }
+        return $usersArray;
+    }
+    
+    /**
+    * Mail enable a contact
+    * Allows email to be sent to them through Exchange
+    * 
+    * @param string $distinguishedname The contact to mail enable
+    * @param string $emailaddress The email address to allow emails to be sent through
+    * @param string $mailnickname The mailnickname for the contact in Exchange.  If NULL this will be set to the display name
+    * @return bool
+    */
+    public function contactMailEnable($distinguishedName, $emailAddress, $mailNickname = NULL){
+        return $this->adldap->exchange()->contactMailEnable($distinguishedName, $emailAddress, $mailNickname);
+    }
+    
+    
+}
+?>
diff --git a/lib/plugins/authad/adLDAP/classes/adLDAPExchange.php b/lib/plugins/authad/adLDAP/classes/adLDAPExchange.php
new file mode 100644
index 000000000..dd0c6de05
--- /dev/null
+++ b/lib/plugins/authad/adLDAP/classes/adLDAPExchange.php
@@ -0,0 +1,390 @@
+adldap = $adldap;
+    }
+    
+    /**
+    * Create an Exchange account
+    * 
+    * @param string $username The username of the user to add the Exchange account to
+    * @param array $storageGroup The mailbox, Exchange Storage Group, for the user account, this must be a full CN
+    *                            If the storage group has a different base_dn to the adLDAP configuration, set it using $base_dn
+    * @param string $emailAddress The primary email address to add to this user
+    * @param string $mailNickname The mail nick name.  If mail nickname is blank, the username will be used
+    * @param bool $mdbUseDefaults Indicates whether the store should use the default quota, rather than the per-mailbox quota.
+    * @param string $baseDn Specify an alternative base_dn for the Exchange storage group
+    * @param bool $isGUID Is the username passed a GUID or a samAccountName
+    * @return bool
+    */
+    public function createMailbox($username, $storageGroup, $emailAddress, $mailNickname=NULL, $useDefaults=TRUE, $baseDn=NULL, $isGUID=false)
+    {
+        if ($username === NULL){ return "Missing compulsory field [username]"; }     
+        if ($storageGroup === NULL) { return "Missing compulsory array [storagegroup]"; }
+        if (!is_array($storageGroup)) { return "[storagegroup] must be an array"; }
+        if ($emailAddress === NULL) { return "Missing compulsory field [emailAddress]"; }
+        
+        if ($baseDn === NULL) {
+            $baseDn = $this->adldap->getBaseDn();   
+        }
+        
+        $container = "CN=" . implode(",CN=", $storageGroup);
+        
+        if ($mailNickname === NULL) { 
+            $mailNickname = $username; 
+        }
+        $mdbUseDefaults = $this->adldap->utilities()->boolToString($useDefaults);
+        
+        $attributes = array(
+            'exchange_homemdb'=>$container.",".$baseDn,
+            'exchange_proxyaddress'=>'SMTP:' . $emailAddress,
+            'exchange_mailnickname'=>$mailNickname,
+            'exchange_usedefaults'=>$mdbUseDefaults
+        );
+        $result = $this->adldap->user()->modify($username, $attributes, $isGUID);
+        if ($result == false) { 
+            return false; 
+        }
+        return true;
+    }
+    
+    /**
+    * Add an X400 address to Exchange
+    * See http://tools.ietf.org/html/rfc1685 for more information.
+    * An X400 Address looks similar to this X400:c=US;a= ;p=Domain;o=Organization;s=Doe;g=John;
+    * 
+    * @param string $username The username of the user to add the X400 to to
+    * @param string $country Country
+    * @param string $admd Administration Management Domain
+    * @param string $pdmd Private Management Domain (often your AD domain)
+    * @param string $org Organization
+    * @param string $surname Surname
+    * @param string $givenName Given name
+    * @param bool $isGUID Is the username passed a GUID or a samAccountName
+    * @return bool
+    */
+    public function addX400($username, $country, $admd, $pdmd, $org, $surname, $givenName, $isGUID=false) 
+    {
+        if ($username === NULL){ return "Missing compulsory field [username]"; }     
+        
+        $proxyValue = 'X400:';
+            
+        // Find the dn of the user
+        $user = $this->adldap->user()->info($username, array("cn","proxyaddresses"), $isGUID);
+        if ($user[0]["dn"] === NULL) { return false; }
+        $userDn = $user[0]["dn"];
+        
+        // We do not have to demote an email address from the default so we can just add the new proxy address
+        $attributes['exchange_proxyaddress'] = $proxyValue . 'c=' . $country . ';a=' . $admd . ';p=' . $pdmd . ';o=' . $org . ';s=' . $surname . ';g=' . $givenName . ';';
+       
+        // Translate the update to the LDAP schema                
+        $add = $this->adldap->adldap_schema($attributes);
+        
+        if (!$add) { return false; }
+        
+        // Do the update
+        // Take out the @ to see any errors, usually this error might occur because the address already
+        // exists in the list of proxyAddresses
+        $result = @ldap_mod_add($this->adldap->getLdapConnection(), $userDn, $add);
+        if ($result == false) { 
+            return false; 
+        }
+        
+        return true;
+    }
+    
+    /**
+    * Add an address to Exchange
+    * 
+    * @param string $username The username of the user to add the Exchange account to
+    * @param string $emailAddress The email address to add to this user
+    * @param bool $default Make this email address the default address, this is a bit more intensive as we have to demote any existing default addresses
+    * @param bool $isGUID Is the username passed a GUID or a samAccountName
+    * @return bool
+    */
+    public function addAddress($username, $emailAddress, $default = FALSE, $isGUID = false) 
+    {
+        if ($username === NULL) { return "Missing compulsory field [username]"; }     
+        if ($emailAddress === NULL) { return "Missing compulsory fields [emailAddress]"; }
+        
+        $proxyValue = 'smtp:';
+        if ($default === true) {
+            $proxyValue = 'SMTP:';
+        }
+              
+        // Find the dn of the user
+        $user = $this->adldap->user()->info($username, array("cn","proxyaddresses"), $isGUID);
+        if ($user[0]["dn"] === NULL){ return false; }
+        $userDn = $user[0]["dn"];
+        
+        // We need to scan existing proxy addresses and demote the default one
+        if (is_array($user[0]["proxyaddresses"]) && $default === true) {
+            $modAddresses = array();
+            for ($i=0;$iadldap->getLdapConnection(), $userDn, $modAddresses);
+            if ($result == false) { 
+                return false; 
+            }
+            
+            return true;
+        }
+        else {
+            // We do not have to demote an email address from the default so we can just add the new proxy address
+            $attributes['exchange_proxyaddress'] = $proxyValue . $emailAddress;
+            
+            // Translate the update to the LDAP schema                
+            $add = $this->adldap->adldap_schema($attributes);
+            
+            if (!$add) { 
+                return false; 
+            }
+            
+            // Do the update
+            // Take out the @ to see any errors, usually this error might occur because the address already
+            // exists in the list of proxyAddresses
+            $result = @ldap_mod_add($this->adldap->getLdapConnection(), $userDn,$add);
+            if ($result == false) { 
+                return false; 
+            }
+            
+            return true;
+        }
+    }
+    
+    /**
+    * Remove an address to Exchange
+    * If you remove a default address the account will no longer have a default, 
+    * we recommend changing the default address first
+    * 
+    * @param string $username The username of the user to add the Exchange account to
+    * @param string $emailAddress The email address to add to this user
+    * @param bool $isGUID Is the username passed a GUID or a samAccountName
+    * @return bool
+    */
+    public function deleteAddress($username, $emailAddress, $isGUID=false) 
+    {
+        if ($username === NULL) { return "Missing compulsory field [username]"; }     
+        if ($emailAddress === NULL) { return "Missing compulsory fields [emailAddress]"; }
+        
+        // Find the dn of the user
+        $user = $this->adldap->user()->info($username, array("cn","proxyaddresses"), $isGUID);
+        if ($user[0]["dn"] === NULL) { return false; }
+        $userDn = $user[0]["dn"];
+        
+        if (is_array($user[0]["proxyaddresses"])) {
+            $mod = array();
+            for ($i=0;$iadldap->getLdapConnection(), $userDn,$mod);
+            if ($result == false) { 
+                return false; 
+            }
+            
+            return true;
+        }
+        else {
+            return false;
+        }
+    }
+    /**
+    * Change the default address
+    * 
+    * @param string $username The username of the user to add the Exchange account to
+    * @param string $emailAddress The email address to make default
+    * @param bool $isGUID Is the username passed a GUID or a samAccountName
+    * @return bool
+    */
+    public function primaryAddress($username, $emailAddress, $isGUID = false) 
+    {
+        if ($username === NULL) { return "Missing compulsory field [username]"; }     
+        if ($emailAddress === NULL) { return "Missing compulsory fields [emailAddress]"; }
+        
+        // Find the dn of the user
+        $user = $this->adldap->user()->info($username, array("cn","proxyaddresses"), $isGUID);
+        if ($user[0]["dn"] === NULL){ return false; }
+        $userDn = $user[0]["dn"];
+        
+        if (is_array($user[0]["proxyaddresses"])) {
+            $modAddresses = array();
+            for ($i=0;$iadldap->getLdapConnection(), $userDn, $modAddresses);
+            if ($result == false) { 
+                return false; 
+            }
+            
+            return true;
+        }
+        
+    }
+    
+    /**
+    * Mail enable a contact
+    * Allows email to be sent to them through Exchange
+    * 
+    * @param string $distinguishedName The contact to mail enable
+    * @param string $emailAddress The email address to allow emails to be sent through
+    * @param string $mailNickname The mailnickname for the contact in Exchange.  If NULL this will be set to the display name
+    * @return bool
+    */
+    public function contactMailEnable($distinguishedName, $emailAddress, $mailNickname = NULL)
+    {
+        if ($distinguishedName === NULL) { return "Missing compulsory field [distinguishedName]"; }   
+        if ($emailAddress === NULL) { return "Missing compulsory field [emailAddress]"; }  
+        
+        if ($mailNickname !== NULL) {
+            // Find the dn of the user
+            $user = $this->adldap->contact()->info($distinguishedName, array("cn","displayname"));
+            if ($user[0]["displayname"] === NULL) { return false; }
+            $mailNickname = $user[0]['displayname'][0];
+        }
+        
+        $attributes = array("email"=>$emailAddress,"contact_email"=>"SMTP:" . $emailAddress,"exchange_proxyaddress"=>"SMTP:" . $emailAddress,"exchange_mailnickname" => $mailNickname);
+         
+        // Translate the update to the LDAP schema                
+        $mod = $this->adldap->adldap_schema($attributes);
+        
+        // Check to see if this is an enabled status update
+        if (!$mod) { return false; }
+        
+        // Do the update
+        $result = ldap_modify($this->adldap->getLdapConnection(), $distinguishedName, $mod);
+        if ($result == false) { return false; }
+        
+        return true;
+    }
+    
+    /**
+    * Returns a list of Exchange Servers in the ConfigurationNamingContext of the domain
+    * 
+    * @param array $attributes An array of the AD attributes you wish to return
+    * @return array
+    */
+    public function servers($attributes = array('cn','distinguishedname','serialnumber')) 
+    {
+        if (!$this->adldap->getLdapBind()){ return false; }
+        
+        $configurationNamingContext = $this->adldap->getRootDse(array('configurationnamingcontext'));
+        $sr = @ldap_search($this->adldap->getLdapConnection(), $configurationNamingContext[0]['configurationnamingcontext'][0],'(&(objectCategory=msExchExchangeServer))', $attributes);
+        $entries = @ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+        return $entries;
+    }
+    
+    /**
+    * Returns a list of Storage Groups in Exchange for a given mail server
+    * 
+    * @param string $exchangeServer The full DN of an Exchange server.  You can use exchange_servers() to find the DN for your server
+    * @param array $attributes An array of the AD attributes you wish to return
+    * @param bool $recursive If enabled this will automatically query the databases within a storage group
+    * @return array
+    */
+    public function storageGroups($exchangeServer, $attributes = array('cn','distinguishedname'), $recursive = NULL) 
+    {
+        if (!$this->adldap->getLdapBind()){ return false; }
+        if ($exchangeServer === NULL) { return "Missing compulsory field [exchangeServer]"; }
+        if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); }
+
+        $filter = '(&(objectCategory=msExchStorageGroup))';
+        $sr = @ldap_search($this->adldap->getLdapConnection(), $exchangeServer, $filter, $attributes);
+        $entries = @ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+
+        if ($recursive === true) {
+            for ($i=0; $i<$entries['count']; $i++) {
+                $entries[$i]['msexchprivatemdb'] = $this->storageDatabases($entries[$i]['distinguishedname'][0]);       
+            }
+        }
+        
+        return $entries;
+    }
+    
+    /**
+    * Returns a list of Databases within any given storage group in Exchange for a given mail server
+    * 
+    * @param string $storageGroup The full DN of an Storage Group.  You can use exchange_storage_groups() to find the DN 
+    * @param array $attributes An array of the AD attributes you wish to return
+    * @return array
+    */
+    public function storageDatabases($storageGroup, $attributes = array('cn','distinguishedname','displayname')) {
+        if (!$this->adldap->getLdapBind()){ return false; }
+        if ($storageGroup === NULL) { return "Missing compulsory field [storageGroup]"; }
+        
+        $filter = '(&(objectCategory=msExchPrivateMDB))';
+        $sr = @ldap_search($this->adldap->getLdapConnection(), $storageGroup, $filter, $attributes);
+        $entries = @ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+        return $entries;
+    }
+}
+?>
\ No newline at end of file
diff --git a/lib/plugins/authad/adLDAP/classes/adLDAPFolders.php b/lib/plugins/authad/adLDAP/classes/adLDAPFolders.php
new file mode 100644
index 000000000..55120152d
--- /dev/null
+++ b/lib/plugins/authad/adLDAP/classes/adLDAPFolders.php
@@ -0,0 +1,179 @@
+adldap = $adldap;
+    }
+    
+    /**
+    * Delete a distinguished name from Active Directory
+    * You should never need to call this yourself, just use the wrapper functions user_delete and contact_delete
+    *
+    * @param string $dn The distinguished name to delete
+    * @return bool
+    */
+    public function delete($dn){ 
+        $result = ldap_delete($this->adldap->getLdapConnection(), $dn);
+        if ($result != true) { 
+            return false; 
+        }
+        return true;
+    }
+    
+    /**
+    * Returns a folder listing for a specific OU
+    * See http://adldap.sourceforge.net/wiki/doku.php?id=api_folder_functions
+    * 
+    * @param array $folderName An array to the OU you wish to list. 
+    *                           If set to NULL will list the root, strongly recommended to set 
+    *                           $recursive to false in that instance!
+    * @param string $dnType The type of record to list.  This can be ADLDAP_FOLDER or ADLDAP_CONTAINER.
+    * @param bool $recursive Recursively search sub folders
+    * @param bool $type Specify a type of object to search for
+    * @return array
+    */
+    public function listing($folderName = NULL, $dnType = adLDAP::ADLDAP_FOLDER, $recursive = NULL, $type = NULL) 
+    {
+        if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } //use the default option if they haven't set it
+        if (!$this->adldap->getLdapBind()) { return false; }
+
+        $filter = '(&';
+        if ($type !== NULL) {
+            switch ($type) {
+                case 'contact':
+                    $filter .= '(objectClass=contact)';
+                    break;
+                case 'computer':
+                    $filter .= '(objectClass=computer)';
+                    break;
+                case 'group':
+                    $filter .= '(objectClass=group)';
+                    break;
+                case 'folder':
+                    $filter .= '(objectClass=organizationalUnit)';
+                    break;
+                case 'container':
+                    $filter .= '(objectClass=container)';
+                    break;
+                case 'domain':
+                    $filter .= '(objectClass=builtinDomain)';
+                    break;
+                default:
+                    $filter .= '(objectClass=user)';
+                    break;   
+            }
+        }
+        else {
+            $filter .= '(objectClass=*)';   
+        }
+        // If the folder name is null then we will search the root level of AD
+        // This requires us to not have an OU= part, just the base_dn
+        $searchOu = $this->adldap->getBaseDn();
+        if (is_array($folderName)) {
+            $ou = $dnType . "=" . implode("," . $dnType . "=", $folderName);
+            $filter .= '(!(distinguishedname=' . $ou . ',' . $this->adldap->getBaseDn() . ')))';
+            $searchOu = $ou . ',' . $this->adldap->getBaseDn();
+        }
+        else {
+            $filter .= '(!(distinguishedname=' . $this->adldap->getBaseDn() . ')))';
+        }
+
+        if ($recursive === true) {
+            $sr = ldap_search($this->adldap->getLdapConnection(), $searchOu, $filter, array('objectclass', 'distinguishedname', 'samaccountname'));
+            $entries = @ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+            if (is_array($entries)) {
+                return $entries;
+            }
+        }
+        else {
+            $sr = ldap_list($this->adldap->getLdapConnection(), $searchOu, $filter, array('objectclass', 'distinguishedname', 'samaccountname'));
+            $entries = @ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+            if (is_array($entries)) {
+                return $entries;
+            }
+        }
+        
+        return false;
+    }
+
+    /**
+    * Create an organizational unit
+    * 
+    * @param array $attributes Default attributes of the ou
+    * @return bool
+    */
+    public function create($attributes)
+    {
+        if (!is_array($attributes)){ return "Attributes must be an array"; }
+        if (!is_array($attributes["container"])) { return "Container attribute must be an array."; }
+        if (!array_key_exists("ou_name",$attributes)) { return "Missing compulsory field [ou_name]"; }
+        if (!array_key_exists("container",$attributes)) { return "Missing compulsory field [container]"; }
+        
+        $attributes["container"] = array_reverse($attributes["container"]);
+
+        $add=array();
+        $add["objectClass"] = "organizationalUnit";
+        $add["OU"] = $attributes['ou_name'];
+        $containers = "";
+        if (count($attributes['container']) > 0) {
+            $containers = "OU=" . implode(",OU=", $attributes["container"]) . ",";
+        }
+
+        $containers = "OU=" . implode(",OU=", $attributes["container"]);
+        $result = ldap_add($this->adldap->getLdapConnection(), "OU=" . $add["OU"] . ", " . $containers . $this->adldap->getBaseDn(), $add);
+        if ($result != true) { 
+            return false; 
+        }
+        
+        return true;
+    }
+    
+}
+
+?>
\ No newline at end of file
diff --git a/lib/plugins/authad/adLDAP/classes/adLDAPGroups.php b/lib/plugins/authad/adLDAP/classes/adLDAPGroups.php
new file mode 100644
index 000000000..05e4cc93b
--- /dev/null
+++ b/lib/plugins/authad/adLDAP/classes/adLDAPGroups.php
@@ -0,0 +1,631 @@
+adldap = $adldap;
+    }
+    
+    /**
+    * Add a group to a group
+    * 
+    * @param string $parent The parent group name
+    * @param string $child The child group name
+    * @return bool
+    */
+    public function addGroup($parent,$child){
+
+        // Find the parent group's dn
+        $parentGroup = $this->ginfo($parent, array("cn"));
+        if ($parentGroup[0]["dn"] === NULL){
+            return false; 
+        }
+        $parentDn = $parentGroup[0]["dn"];
+        
+        // Find the child group's dn
+        $childGroup = $this->info($child, array("cn"));
+        if ($childGroup[0]["dn"] === NULL){ 
+            return false; 
+        }
+        $childDn = $childGroup[0]["dn"];
+                
+        $add = array();
+        $add["member"] = $childDn;
+        
+        $result = @ldap_mod_add($this->adldap->getLdapConnection(), $parentDn, $add);
+        if ($result == false) { 
+            return false; 
+        }
+        return true;
+    }
+    
+    /**
+    * Add a user to a group
+    * 
+    * @param string $group The group to add the user to
+    * @param string $user The user to add to the group
+    * @param bool $isGUID Is the username passed a GUID or a samAccountName
+    * @return bool
+    */
+    public function addUser($group, $user, $isGUID = false)
+    {
+        // Adding a user is a bit fiddly, we need to get the full DN of the user
+        // and add it using the full DN of the group
+        
+        // Find the user's dn
+        $userDn = $this->adldap->user()->dn($user, $isGUID);
+        if ($userDn === false) { 
+            return false; 
+        }
+        
+        // Find the group's dn
+        $groupInfo = $this->info($group, array("cn"));
+        if ($groupInfo[0]["dn"] === NULL) { 
+            return false; 
+        }
+        $groupDn = $groupInfo[0]["dn"];
+        
+        $add = array();
+        $add["member"] = $userDn;
+        
+        $result = @ldap_mod_add($this->adldap->getLdapConnection(), $groupDn, $add);
+        if ($result == false) { 
+            return false; 
+        }
+        return true;
+    }
+    
+    /**
+    * Add a contact to a group
+    * 
+    * @param string $group The group to add the contact to
+    * @param string $contactDn The DN of the contact to add
+    * @return bool
+    */
+    public function addContact($group, $contactDn)
+    {
+        // To add a contact we take the contact's DN
+        // and add it using the full DN of the group
+        
+        // Find the group's dn
+        $groupInfo = $this->info($group, array("cn"));
+        if ($groupInfo[0]["dn"] === NULL) { 
+            return false; 
+        }
+        $groupDn = $groupInfo[0]["dn"];
+        
+        $add = array();
+        $add["member"] = $contactDn;
+        
+        $result = @ldap_mod_add($this->adldap->getLdapConnection(), $groupDn, $add);
+        if ($result == false) { 
+            return false; 
+        }
+        return true;
+    }
+
+    /**
+    * Create a group
+    * 
+    * @param array $attributes Default attributes of the group
+    * @return bool
+    */
+    public function create($attributes)
+    {
+        if (!is_array($attributes)){ return "Attributes must be an array"; }
+        if (!array_key_exists("group_name", $attributes)){ return "Missing compulsory field [group_name]"; }
+        if (!array_key_exists("container", $attributes)){ return "Missing compulsory field [container]"; }
+        if (!array_key_exists("description", $attributes)){ return "Missing compulsory field [description]"; }
+        if (!is_array($attributes["container"])){ return "Container attribute must be an array."; }
+        $attributes["container"] = array_reverse($attributes["container"]);
+
+        //$member_array = array();
+        //$member_array[0] = "cn=user1,cn=Users,dc=yourdomain,dc=com";
+        //$member_array[1] = "cn=administrator,cn=Users,dc=yourdomain,dc=com";
+        
+        $add = array();
+        $add["cn"] = $attributes["group_name"];
+        $add["samaccountname"] = $attributes["group_name"];
+        $add["objectClass"] = "Group";
+        $add["description"] = $attributes["description"];
+        //$add["member"] = $member_array; UNTESTED
+
+        $container = "OU=" . implode(",OU=", $attributes["container"]);
+        $result = ldap_add($this->adldap->getLdapConnection(), "CN=" . $add["cn"] . ", " . $container . "," . $this->adldap->getBaseDn(), $add);
+        if ($result != true) { 
+            return false; 
+        }
+        return true;
+    }
+    
+    /**
+    * Delete a group account 
+    * 
+    * @param string $group The group to delete (please be careful here!) 
+    * 
+    * @return array 
+    */
+    public function delete($group) {
+        if (!$this->adldap->getLdapBind()){ return false; }
+        if ($group === null){ return "Missing compulsory field [group]"; }
+        
+        $groupInfo = $this->info($group, array("*"));
+        $dn = $groupInfo[0]['distinguishedname'][0]; 
+        $result = $this->adldap->folder()->delete($dn); 
+        if ($result !== true) { 
+            return false; 
+        } return true;   
+    }
+
+    /**
+    * Remove a group from a group
+    * 
+    * @param string $parent The parent group name
+    * @param string $child The child group name
+    * @return bool
+    */
+    public function removeGroup($parent , $child)
+    {
+    
+        // Find the parent dn
+        $parentGroup = $this->info($parent, array("cn"));
+        if ($parentGroup[0]["dn"] === NULL) { 
+            return false; 
+        }
+        $parentDn = $parentGroup[0]["dn"];
+        
+        // Find the child dn
+        $childGroup = $this->info($child, array("cn"));
+        if ($childGroup[0]["dn"] === NULL) { 
+            return false; 
+        }
+        $childDn = $childGroup[0]["dn"];
+        
+        $del = array();
+        $del["member"] = $childDn;
+        
+        $result = @ldap_mod_del($this->adldap->getLdapConnection(), $parentDn, $del);
+        if ($result == false) { 
+            return false; 
+        }
+        return true;
+    }
+    
+    /**
+    * Remove a user from a group
+    * 
+    * @param string $group The group to remove a user from
+    * @param string $user The AD user to remove from the group
+    * @param bool $isGUID Is the username passed a GUID or a samAccountName
+    * @return bool
+    */
+    public function removeUser($group, $user, $isGUID = false)
+    {
+    
+        // Find the parent dn
+        $groupInfo = $this->info($group, array("cn"));
+        if ($groupInfo[0]["dn"] === NULL){ 
+            return false; 
+        }
+        $groupDn = $groupInfo[0]["dn"];
+        
+        // Find the users dn
+        $userDn = $this->adldap->user()->dn($user, $isGUID);
+        if ($userDn === false) {
+            return false; 
+        }
+
+        $del = array();
+        $del["member"] = $userDn;
+        
+        $result = @ldap_mod_del($this->adldap->getLdapConnection(), $groupDn, $del);
+        if ($result == false) {
+            return false; 
+        }
+        return true;
+    }
+    
+    /**
+    * Remove a contact from a group
+    * 
+    * @param string $group The group to remove a user from
+    * @param string $contactDn The DN of a contact to remove from the group
+    * @return bool
+    */
+    public function removeContact($group, $contactDn)
+    {
+    
+        // Find the parent dn
+        $groupInfo = $this->info($group, array("cn"));
+        if ($groupInfo[0]["dn"] === NULL) { 
+            return false; 
+        }
+        $groupDn = $groupInfo[0]["dn"];
+    
+        $del = array();
+        $del["member"] = $contactDn;
+        
+        $result = @ldap_mod_del($this->adldap->getLdapConnection(), $groupDn, $del);
+        if ($result == false) { 
+            return false; 
+        }
+        return true;
+    }
+    
+    /**
+    * Return a list of groups in a group
+    * 
+    * @param string $group The group to query
+    * @param bool $recursive Recursively get groups
+    * @return array
+    */
+    public function inGroup($group, $recursive = NULL)
+    {
+        if (!$this->adldap->getLdapBind()){ return false; }
+        if ($recursive === NULL){ $recursive = $this->adldap->getRecursiveGroups(); } // Use the default option if they haven't set it 
+        
+        // Search the directory for the members of a group
+        $info = $this->info($group, array("member","cn"));
+        $groups = $info[0]["member"];
+        if (!is_array($groups)) {
+            return false;   
+        }
+ 
+        $groupArray = array();
+
+        for ($i=0; $i<$groups["count"]; $i++){ 
+             $filter = "(&(objectCategory=group)(distinguishedName=" . $this->adldap->utilities()->ldapSlashes($groups[$i]) . "))";
+             $fields = array("samaccountname", "distinguishedname", "objectClass");
+             $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+             $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+
+             // not a person, look for a group  
+             if ($entries['count'] == 0 && $recursive == true) {  
+                $filter = "(&(objectCategory=group)(distinguishedName=" . $this->adldap->utilities()->ldapSlashes($groups[$i]) . "))";  
+                $fields = array("distinguishedname");  
+                $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);  
+                $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);  
+                if (!isset($entries[0]['distinguishedname'][0])) {
+                    continue;  
+                }
+                $subGroups = $this->inGroup($entries[0]['distinguishedname'][0], $recursive);  
+                if (is_array($subGroups)) {
+                    $groupArray = array_merge($groupArray, $subGroups); 
+                    $groupArray = array_unique($groupArray);  
+                }
+                continue;  
+             } 
+
+             $groupArray[] = $entries[0]['distinguishedname'][0];
+        }
+        return $groupArray;
+    }
+    
+    /**
+    * Return a list of members in a group
+    * 
+    * @param string $group The group to query
+    * @param bool $recursive Recursively get group members
+    * @return array
+    */
+    public function members($group, $recursive = NULL)
+    {
+        if (!$this->adldap->getLdapBind()){ return false; }
+        if ($recursive === NULL){ $recursive = $this->adldap->getRecursiveGroups(); } // Use the default option if they haven't set it 
+        // Search the directory for the members of a group
+        $info = $this->info($group, array("member","cn"));
+        $users = $info[0]["member"];
+        if (!is_array($users)) {
+            return false;   
+        }
+ 
+        $userArray = array();
+
+        for ($i=0; $i<$users["count"]; $i++){ 
+             $filter = "(&(objectCategory=person)(distinguishedName=" . $this->adldap->utilities()->ldapSlashes($users[$i]) . "))";
+             $fields = array("samaccountname", "distinguishedname", "objectClass");
+             $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+             $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+
+             // not a person, look for a group  
+             if ($entries['count'] == 0 && $recursive == true) {  
+                $filter = "(&(objectCategory=group)(distinguishedName=" . $this->adldap->utilities()->ldapSlashes($users[$i]) . "))";  
+                $fields = array("samaccountname");  
+                $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);  
+                $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);  
+                if (!isset($entries[0]['samaccountname'][0])) {
+                    continue;  
+                }
+                $subUsers = $this->members($entries[0]['samaccountname'][0], $recursive);  
+                if (is_array($subUsers)) {
+                    $userArray = array_merge($userArray, $subUsers); 
+                    $userArray = array_unique($userArray);  
+                }
+                continue;  
+             } 
+             else if ($entries['count'] == 0) {   
+                continue; 
+             } 
+
+             if ((!isset($entries[0]['samaccountname'][0]) || $entries[0]['samaccountname'][0] === NULL) && $entries[0]['distinguishedname'][0] !== NULL) {
+                 $userArray[] = $entries[0]['distinguishedname'][0];
+             }
+             else if ($entries[0]['samaccountname'][0] !== NULL) {
+                $userArray[] = $entries[0]['samaccountname'][0];
+             }
+        }
+        return $userArray;
+    }
+    
+    /**
+    * Group Information.  Returns an array of raw information about a group.
+    * The group name is case sensitive
+    * 
+    * @param string $groupName The group name to retrieve info about
+    * @param array $fields Fields to retrieve
+    * @return array
+    */
+    public function info($groupName, $fields = NULL)
+    {
+        if ($groupName === NULL) { return false; }
+        if (!$this->adldap->getLdapBind()) { return false; }
+        
+        if (stristr($groupName, '+')) {
+            $groupName = stripslashes($groupName);   
+        }
+        
+        $filter = "(&(objectCategory=group)(name=" . $this->adldap->utilities()->ldapSlashes($groupName) . "))";
+        if ($fields === NULL) { 
+            $fields = array("member","memberof","cn","description","distinguishedname","objectcategory","samaccountname"); 
+        }
+        $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+        $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+
+        return $entries;
+    }
+    
+    /**
+    * Group Information.  Returns an collection
+    * The group name is case sensitive
+    * 
+    * @param string $groupName The group name to retrieve info about
+    * @param array $fields Fields to retrieve
+    * @return adLDAPGroupCollection
+    */
+    public function infoCollection($groupName, $fields = NULL)
+    {
+        if ($groupName === NULL) { return false; }
+        if (!$this->adldap->getLdapBind()) { return false; }
+        
+        $info = $this->info($groupName, $fields);
+        if ($info !== false) {
+            $collection = new adLDAPGroupCollection($info, $this->adldap);
+            return $collection;
+        }
+        return false;
+    }
+    
+    /**
+    * Return a complete list of "groups in groups"
+    * 
+    * @param string $group The group to get the list from
+    * @return array
+    */
+    public function recursiveGroups($group)
+    {
+        if ($group === NULL) { return false; }
+
+        $stack = array(); 
+        $processed = array(); 
+        $retGroups = array(); 
+     
+        array_push($stack, $group); // Initial Group to Start with 
+        while (count($stack) > 0) {
+            $parent = array_pop($stack);
+            array_push($processed, $parent);
+            
+            $info = $this->info($parent, array("memberof"));
+            
+            if (isset($info[0]["memberof"]) && is_array($info[0]["memberof"])) {
+                $groups = $info[0]["memberof"]; 
+                if ($groups) {
+                    $groupNames = $this->adldap->utilities()->niceNames($groups);  
+                    $retGroups = array_merge($retGroups, $groupNames); //final groups to return
+                    foreach ($groupNames as $id => $groupName) { 
+                        if (!in_array($groupName, $processed)) {
+                            array_push($stack, $groupName);
+                        }
+                    }
+                }
+            }
+        }
+        
+        return $retGroups;
+    }
+    
+    /**
+    * Returns a complete list of the groups in AD based on a SAM Account Type  
+    * 
+    * @param string $sAMAaccountType The account type to return
+    * @param bool $includeDescription Whether to return a description
+    * @param string $search Search parameters
+    * @param bool $sorted Whether to sort the results
+    * @return array
+    */
+    public function search($sAMAaccountType = adLDAP::ADLDAP_SECURITY_GLOBAL_GROUP, $includeDescription = false, $search = "*", $sorted = true) {
+        if (!$this->adldap->getLdapBind()) { return false; }
+        
+        $filter = '(&(objectCategory=group)';
+        if ($sAMAaccountType !== null) {
+            $filter .= '(samaccounttype='. $sAMAaccountType .')';
+        }
+        $filter .= '(cn=' . $search . '))';
+        // Perform the search and grab all their details
+        $fields = array("samaccountname", "description");
+        $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+        $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+
+        $groupsArray = array();        
+        for ($i=0; $i<$entries["count"]; $i++){
+            if ($includeDescription && strlen($entries[$i]["description"][0]) > 0 ) {
+                $groupsArray[$entries[$i]["samaccountname"][0]] = $entries[$i]["description"][0];
+            }
+            else if ($includeDescription){
+                $groupsArray[$entries[$i]["samaccountname"][0]] = $entries[$i]["samaccountname"][0];
+            }
+            else {
+                array_push($groupsArray, $entries[$i]["samaccountname"][0]);
+            }
+        }
+        if ($sorted) { 
+            asort($groupsArray); 
+        }
+        return $groupsArray;
+    }
+    
+    /**
+    * Returns a complete list of all groups in AD
+    * 
+    * @param bool $includeDescription Whether to return a description
+    * @param string $search Search parameters
+    * @param bool $sorted Whether to sort the results
+    * @return array
+    */
+    public function all($includeDescription = false, $search = "*", $sorted = true){
+        $groupsArray = $this->search(null, $includeDescription, $search, $sorted);
+        return $groupsArray;
+    }
+    
+    /**
+    * Returns a complete list of security groups in AD
+    * 
+    * @param bool $includeDescription Whether to return a description
+    * @param string $search Search parameters
+    * @param bool $sorted Whether to sort the results
+    * @return array
+    */
+    public function allSecurity($includeDescription = false, $search = "*", $sorted = true){
+        $groupsArray = $this->search(adLDAP::ADLDAP_SECURITY_GLOBAL_GROUP, $includeDescription, $search, $sorted);
+        return $groupsArray;
+    }
+    
+    /**
+    * Returns a complete list of distribution lists in AD
+    * 
+    * @param bool $includeDescription Whether to return a description
+    * @param string $search Search parameters
+    * @param bool $sorted Whether to sort the results
+    * @return array
+    */
+    public function allDistribution($includeDescription = false, $search = "*", $sorted = true){
+        $groupsArray = $this->search(adLDAP::ADLDAP_DISTRIBUTION_GROUP, $includeDescription, $search, $sorted);
+        return $groupsArray;
+    }
+    
+    /**
+    * Coping with AD not returning the primary group
+    * http://support.microsoft.com/?kbid=321360 
+    * 
+    * This is a re-write based on code submitted by Bruce which prevents the 
+    * need to search each security group to find the true primary group
+    * 
+    * @param string $gid Group ID
+    * @param string $usersid User's Object SID
+    * @return mixed
+    */
+    public function getPrimaryGroup($gid, $usersid)
+    {
+        if ($gid === NULL || $usersid === NULL) { return false; }
+        $sr = false;
+
+        $gsid = substr_replace($usersid, pack('V',$gid), strlen($usersid)-4,4);
+        $filter = '(objectsid=' . $this->adldap->utilities()->getTextSID($gsid).')';
+        $fields = array("samaccountname","distinguishedname");
+        $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+        $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+
+        if (isset($entries[0]['distinguishedname'][0])) {
+            return $entries[0]['distinguishedname'][0];
+        }
+        return false;
+     }
+     
+     /**
+    * Coping with AD not returning the primary group
+    * http://support.microsoft.com/?kbid=321360 
+    * 
+    * For some reason it's not possible to search on primarygrouptoken=XXX
+    * If someone can show otherwise, I'd like to know about it :)
+    * this way is resource intensive and generally a pain in the @#%^
+    * 
+    * @deprecated deprecated since version 3.1, see get get_primary_group
+    * @param string $gid Group ID
+    * @return string
+    */
+    public function cn($gid){    
+        if ($gid === NULL) { return false; }
+        $sr = false;
+        $r = '';
+        
+        $filter = "(&(objectCategory=group)(samaccounttype=" . adLDAP::ADLDAP_SECURITY_GLOBAL_GROUP . "))";
+        $fields = array("primarygrouptoken", "samaccountname", "distinguishedname");
+        $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+        $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+        
+        for ($i=0; $i<$entries["count"]; $i++){
+            if ($entries[$i]["primarygrouptoken"][0] == $gid) {
+                $r = $entries[$i]["distinguishedname"][0];
+                $i = $entries["count"];
+            }
+        }
+
+        return $r;
+    }
+}
+?>
diff --git a/lib/plugins/authad/adLDAP/classes/adLDAPUsers.php b/lib/plugins/authad/adLDAP/classes/adLDAPUsers.php
new file mode 100644
index 000000000..96a93b512
--- /dev/null
+++ b/lib/plugins/authad/adLDAP/classes/adLDAPUsers.php
@@ -0,0 +1,682 @@
+adldap = $adldap;
+    }
+    
+    /**
+    * Validate a user's login credentials
+    * 
+    * @param string $username A user's AD username
+    * @param string $password A user's AD password
+    * @param bool optional $prevent_rebind
+    * @return bool
+    */
+    public function authenticate($username, $password, $preventRebind = false) {
+        return $this->adldap->authenticate($username, $password, $preventRebind);
+    }
+    
+    /**
+    * Create a user
+    * 
+    * If you specify a password here, this can only be performed over SSL
+    * 
+    * @param array $attributes The attributes to set to the user account
+    * @return bool
+    */
+    public function create($attributes)
+    {
+        // Check for compulsory fields
+        if (!array_key_exists("username", $attributes)){ return "Missing compulsory field [username]"; }
+        if (!array_key_exists("firstname", $attributes)){ return "Missing compulsory field [firstname]"; }
+        if (!array_key_exists("surname", $attributes)){ return "Missing compulsory field [surname]"; }
+        if (!array_key_exists("email", $attributes)){ return "Missing compulsory field [email]"; }
+        if (!array_key_exists("container", $attributes)){ return "Missing compulsory field [container]"; }
+        if (!is_array($attributes["container"])){ return "Container attribute must be an array."; }
+
+        if (array_key_exists("password",$attributes) && (!$this->adldap->getUseSSL() && !$this->adldap->getUseTLS())){ 
+            throw new adLDAPException('SSL must be configured on your webserver and enabled in the class to set passwords.');
+        }
+
+        if (!array_key_exists("display_name", $attributes)) { 
+            $attributes["display_name"] = $attributes["firstname"] . " " . $attributes["surname"]; 
+        }
+
+        // Translate the schema
+        $add = $this->adldap->adldap_schema($attributes);
+        
+        // Additional stuff only used for adding accounts
+        $add["cn"][0] = $attributes["display_name"];
+        $add["samaccountname"][0] = $attributes["username"];
+        $add["objectclass"][0] = "top";
+        $add["objectclass"][1] = "person";
+        $add["objectclass"][2] = "organizationalPerson";
+        $add["objectclass"][3] = "user"; //person?
+        //$add["name"][0]=$attributes["firstname"]." ".$attributes["surname"];
+
+        // Set the account control attribute
+        $control_options = array("NORMAL_ACCOUNT");
+        if (!$attributes["enabled"]) { 
+            $control_options[] = "ACCOUNTDISABLE"; 
+        }
+        $add["userAccountControl"][0] = $this->accountControl($control_options);
+        
+        // Determine the container
+        $attributes["container"] = array_reverse($attributes["container"]);
+        $container = "OU=" . implode(", OU=",$attributes["container"]);
+
+        // Add the entry
+        $result = @ldap_add($this->adldap->getLdapConnection(), "CN=" . $add["cn"][0] . ", " . $container . "," . $this->adldap->getBaseDn(), $add);
+        if ($result != true) { 
+            return false; 
+        }
+        
+        return true;
+    }
+    
+    /**
+    * Account control options
+    *
+    * @param array $options The options to convert to int 
+    * @return int
+    */
+    protected function accountControl($options)
+    {
+        $val=0;
+
+        if (is_array($options)) {
+            if (in_array("SCRIPT",$options)){ $val=$val+1; }
+            if (in_array("ACCOUNTDISABLE",$options)){ $val=$val+2; }
+            if (in_array("HOMEDIR_REQUIRED",$options)){ $val=$val+8; }
+            if (in_array("LOCKOUT",$options)){ $val=$val+16; }
+            if (in_array("PASSWD_NOTREQD",$options)){ $val=$val+32; }
+            //PASSWD_CANT_CHANGE Note You cannot assign this permission by directly modifying the UserAccountControl attribute.
+            //For information about how to set the permission programmatically, see the "Property flag descriptions" section.
+            if (in_array("ENCRYPTED_TEXT_PWD_ALLOWED",$options)){ $val=$val+128; }
+            if (in_array("TEMP_DUPLICATE_ACCOUNT",$options)){ $val=$val+256; }
+            if (in_array("NORMAL_ACCOUNT",$options)){ $val=$val+512; }
+            if (in_array("INTERDOMAIN_TRUST_ACCOUNT",$options)){ $val=$val+2048; }
+            if (in_array("WORKSTATION_TRUST_ACCOUNT",$options)){ $val=$val+4096; }
+            if (in_array("SERVER_TRUST_ACCOUNT",$options)){ $val=$val+8192; }
+            if (in_array("DONT_EXPIRE_PASSWORD",$options)){ $val=$val+65536; }
+            if (in_array("MNS_LOGON_ACCOUNT",$options)){ $val=$val+131072; }
+            if (in_array("SMARTCARD_REQUIRED",$options)){ $val=$val+262144; }
+            if (in_array("TRUSTED_FOR_DELEGATION",$options)){ $val=$val+524288; }
+            if (in_array("NOT_DELEGATED",$options)){ $val=$val+1048576; }
+            if (in_array("USE_DES_KEY_ONLY",$options)){ $val=$val+2097152; }
+            if (in_array("DONT_REQ_PREAUTH",$options)){ $val=$val+4194304; } 
+            if (in_array("PASSWORD_EXPIRED",$options)){ $val=$val+8388608; }
+            if (in_array("TRUSTED_TO_AUTH_FOR_DELEGATION",$options)){ $val=$val+16777216; }
+        }
+        return $val;
+    }
+    
+    /**
+    * Delete a user account
+    * 
+    * @param string $username The username to delete (please be careful here!)
+    * @param bool $isGUID Is the username a GUID or a samAccountName
+    * @return array
+    */
+    public function delete($username, $isGUID = false) 
+    {      
+        $userinfo = $this->info($username, array("*"), $isGUID);
+        $dn = $userinfo[0]['distinguishedname'][0];
+        $result = $this->adldap->folder()->delete($dn);
+        if ($result != true) { 
+            return false;
+        }        
+        return true;
+    }
+    
+    /**
+    * Groups the user is a member of
+    * 
+    * @param string $username The username to query
+    * @param bool $recursive Recursive list of groups
+    * @param bool $isGUID Is the username passed a GUID or a samAccountName
+    * @return array
+    */
+    public function groups($username, $recursive = NULL, $isGUID = false)
+    {
+        if ($username === NULL) { return false; }
+        if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } // Use the default option if they haven't set it
+        if (!$this->adldap->getLdapBind()) { return false; }
+        
+        // Search the directory for their information
+        $info = @$this->info($username, array("memberof", "primarygroupid"), $isGUID);
+        $groups = $this->adldap->utilities()->niceNames($info[0]["memberof"]); // Presuming the entry returned is our guy (unique usernames)
+
+        if ($recursive === true){
+            foreach ($groups as $id => $groupName){
+                $extraGroups = $this->adldap->group()->recursiveGroups($groupName);
+                $groups = array_merge($groups, $extraGroups);
+            }
+        }
+        
+        return $groups;
+    }
+    
+    /**
+    * Find information about the users. Returned in a raw array format from AD
+    * 
+    * @param string $username The username to query
+    * @param array $fields Array of parameters to query
+    * @param bool $isGUID Is the username passed a GUID or a samAccountName
+    * @return array
+    */
+    public function info($username, $fields = NULL, $isGUID = false)
+    {
+        if ($username === NULL) { return false; }
+        if (!$this->adldap->getLdapBind()) { return false; }
+
+        if ($isGUID === true) {
+            $username = $this->adldap->utilities()->strGuidToHex($username);
+            $filter = "objectguid=" . $username;
+        }
+        else if (strstr($username, "@")) {
+             $filter = "userPrincipalName=" . $username;
+        }
+        else {
+             $filter = "samaccountname=" . $username;
+        }
+        $filter = "(&(objectCategory=person)({$filter}))";
+        if ($fields === NULL) { 
+            $fields = array("samaccountname","mail","memberof","department","displayname","telephonenumber","primarygroupid","objectsid"); 
+        }
+        if (!in_array("objectsid", $fields)) {
+            $fields[] = "objectsid";
+        }
+        $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+        $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+        
+        if (isset($entries[0])) {
+            if ($entries[0]['count'] >= 1) {
+                if (in_array("memberof", $fields)) {
+                    // AD does not return the primary group in the ldap query, we may need to fudge it
+                    if ($this->adldap->getRealPrimaryGroup() && isset($entries[0]["primarygroupid"][0]) && isset($entries[0]["objectsid"][0])){
+                        //$entries[0]["memberof"][]=$this->group_cn($entries[0]["primarygroupid"][0]);
+                        $entries[0]["memberof"][] = $this->adldap->group()->getPrimaryGroup($entries[0]["primarygroupid"][0], $entries[0]["objectsid"][0]);
+                    } else {
+                        $entries[0]["memberof"][] = "CN=Domain Users,CN=Users," . $this->adldap->getBaseDn();
+                    }
+                    if (!isset($entries[0]["memberof"]["count"])) {
+                        $entries[0]["memberof"]["count"] = 0;
+                    }
+                    $entries[0]["memberof"]["count"]++;
+                }
+            }
+            
+            return $entries;
+        }
+        return false;
+    }
+    
+    /**
+    * Find information about the users. Returned in a raw array format from AD
+    * 
+    * @param string $username The username to query
+    * @param array $fields Array of parameters to query
+    * @param bool $isGUID Is the username passed a GUID or a samAccountName
+    * @return mixed
+    */
+    public function infoCollection($username, $fields = NULL, $isGUID = false)
+    {
+        if ($username === NULL) { return false; }
+        if (!$this->adldap->getLdapBind()) { return false; }
+        
+        $info = $this->info($username, $fields, $isGUID);
+        
+        if ($info !== false) {
+            $collection = new adLDAPUserCollection($info, $this->adldap);
+            return $collection;
+        }
+        return false;
+    }
+    
+    /**
+    * Determine if a user is in a specific group
+    * 
+    * @param string $username The username to query
+    * @param string $group The name of the group to check against
+    * @param bool $recursive Check groups recursively
+    * @param bool $isGUID Is the username passed a GUID or a samAccountName
+    * @return bool
+    */
+    public function inGroup($username, $group, $recursive = NULL, $isGUID = false)
+    {
+        if ($username === NULL) { return false; }
+        if ($group === NULL) { return false; }
+        if (!$this->adldap->getLdapBind()) { return false; }
+        if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } // Use the default option if they haven't set it
+        
+        // Get a list of the groups
+        $groups = $this->groups($username, $recursive, $isGUID);
+        
+        // Return true if the specified group is in the group list
+        if (in_array($group, $groups)) { 
+            return true; 
+        }
+
+        return false;
+    }
+    
+    /**
+    * Determine a user's password expiry date
+    * 
+    * @param string $username The username to query
+    * @param book $isGUID Is the username passed a GUID or a samAccountName
+    * @requires bcmath http://www.php.net/manual/en/book.bc.php
+    * @return array
+    */
+    public function passwordExpiry($username, $isGUID = false) 
+    {
+        if ($username === NULL) { return "Missing compulsory field [username]"; }
+        if (!$this->adldap->getLdapBind()) { return false; }
+        if (!function_exists('bcmod')) { throw new adLDAPException("Missing function support [bcmod] http://www.php.net/manual/en/book.bc.php"); };
+        
+        $userInfo = $this->info($username, array("pwdlastset", "useraccountcontrol"), $isGUID);
+        $pwdLastSet = $userInfo[0]['pwdlastset'][0];
+        $status = array();
+        
+        if ($userInfo[0]['useraccountcontrol'][0] == '66048') {
+            // Password does not expire
+            return "Does not expire";
+        }
+        if ($pwdLastSet === '0') {
+            // Password has already expired
+            return "Password has expired";
+        }
+        
+         // Password expiry in AD can be calculated from TWO values:
+         //   - User's own pwdLastSet attribute: stores the last time the password was changed
+         //   - Domain's maxPwdAge attribute: how long passwords last in the domain
+         //
+         // Although Microsoft chose to use a different base and unit for time measurements.
+         // This function will convert them to Unix timestamps
+         $sr = ldap_read($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), 'objectclass=*', array('maxPwdAge'));
+         if (!$sr) {
+             return false;
+         }
+         $info = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+         $maxPwdAge = $info[0]['maxpwdage'][0];
+         
+
+         // See MSDN: http://msdn.microsoft.com/en-us/library/ms974598.aspx
+         //
+         // pwdLastSet contains the number of 100 nanosecond intervals since January 1, 1601 (UTC), 
+         // stored in a 64 bit integer. 
+         //
+         // The number of seconds between this date and Unix epoch is 11644473600.
+         //
+         // maxPwdAge is stored as a large integer that represents the number of 100 nanosecond
+         // intervals from the time the password was set before the password expires.
+         //
+         // We also need to scale this to seconds but also this value is a _negative_ quantity!
+         //
+         // If the low 32 bits of maxPwdAge are equal to 0 passwords do not expire
+         //
+         // Unfortunately the maths involved are too big for PHP integers, so I've had to require
+         // BCMath functions to work with arbitrary precision numbers.
+         if (bcmod($maxPwdAge, 4294967296) === '0') {
+            return "Domain does not expire passwords";
+        }
+        
+        // Add maxpwdage and pwdlastset and we get password expiration time in Microsoft's
+        // time units.  Because maxpwd age is negative we need to subtract it.
+        $pwdExpire = bcsub($pwdLastSet, $maxPwdAge);
+    
+        // Convert MS's time to Unix time
+        $status['expiryts'] = bcsub(bcdiv($pwdExpire, '10000000'), '11644473600');
+        $status['expiryformat'] = date('Y-m-d H:i:s', bcsub(bcdiv($pwdExpire, '10000000'), '11644473600'));
+        
+        return $status;
+    }
+    
+    /**
+    * Modify a user
+    * 
+    * @param string $username The username to query
+    * @param array $attributes The attributes to modify.  Note if you set the enabled attribute you must not specify any other attributes
+    * @param bool $isGUID Is the username passed a GUID or a samAccountName
+    * @return bool
+    */
+    public function modify($username, $attributes, $isGUID = false)
+    {
+        if ($username === NULL) { return "Missing compulsory field [username]"; }
+        if (array_key_exists("password", $attributes) && !$this->adldap->getUseSSL() && !$this->adldap->getUseTLS()) { 
+            throw new adLDAPException('SSL/TLS must be configured on your webserver and enabled in the class to set passwords.');
+        }
+
+        // Find the dn of the user
+        $userDn = $this->dn($username, $isGUID);
+        if ($userDn === false) { 
+            return false; 
+        }
+        
+        // Translate the update to the LDAP schema                
+        $mod = $this->adldap->adldap_schema($attributes);
+        
+        // Check to see if this is an enabled status update
+        if (!$mod && !array_key_exists("enabled", $attributes)){ 
+            return false; 
+        }
+        
+        // Set the account control attribute (only if specified)
+        if (array_key_exists("enabled", $attributes)){
+            if ($attributes["enabled"]){ 
+                $controlOptions = array("NORMAL_ACCOUNT"); 
+            }
+            else { 
+                $controlOptions = array("NORMAL_ACCOUNT", "ACCOUNTDISABLE"); 
+            }
+            $mod["userAccountControl"][0] = $this->accountControl($controlOptions);
+        }
+
+        // Do the update
+        $result = @ldap_modify($this->adldap->getLdapConnection(), $userDn, $mod);
+        if ($result == false) { 
+            return false; 
+        }
+        
+        return true;
+    }
+    
+    /**
+    * Disable a user account
+    * 
+    * @param string $username The username to disable
+    * @param bool $isGUID Is the username passed a GUID or a samAccountName
+    * @return bool
+    */
+    public function disable($username, $isGUID = false)
+    {
+        if ($username === NULL) { return "Missing compulsory field [username]"; }
+        $attributes = array("enabled" => 0);
+        $result = $this->modify($username, $attributes, $isGUID);
+        if ($result == false) { return false; }
+        
+        return true;
+    }
+    
+    /**
+    * Enable a user account
+    * 
+    * @param string $username The username to enable
+    * @param bool $isGUID Is the username passed a GUID or a samAccountName
+    * @return bool
+    */
+    public function enable($username, $isGUID = false)
+    {
+        if ($username === NULL) { return "Missing compulsory field [username]"; }
+        $attributes = array("enabled" => 1);
+        $result = $this->modify($username, $attributes, $isGUID);
+        if ($result == false) { return false; }
+        
+        return true;
+    }
+    
+    /**
+    * Set the password of a user - This must be performed over SSL
+    * 
+    * @param string $username The username to modify
+    * @param string $password The new password
+    * @param bool $isGUID Is the username passed a GUID or a samAccountName
+    * @return bool
+    */
+    public function password($username, $password, $isGUID = false)
+    {
+        if ($username === NULL) { return false; }
+        if ($password === NULL) { return false; }
+        if (!$this->adldap->getLdapBind()) { return false; }
+        if (!$this->adldap->getUseSSL() && !$this->adldap->getUseTLS()) { 
+            throw new adLDAPException('SSL must be configured on your webserver and enabled in the class to set passwords.');
+        }
+        
+        $userDn = $this->dn($username, $isGUID);
+        if ($userDn === false) { 
+            return false; 
+        }
+                
+        $add=array();
+        $add["unicodePwd"][0] = $this->encodePassword($password);
+        
+        $result = @ldap_mod_replace($this->adldap->getLdapConnection(), $userDn, $add);
+        if ($result === false){
+            $err = ldap_errno($this->adldap->getLdapConnection());
+            if ($err) {
+                $msg = 'Error ' . $err . ': ' . ldap_err2str($err) . '.';
+                if($err == 53) {
+                    $msg .= ' Your password might not match the password policy.';
+                }
+                throw new adLDAPException($msg);
+            }
+            else {
+                return false;
+            }
+        }
+        
+        return true;
+    }
+    
+    /**
+    * Encode a password for transmission over LDAP
+    *
+    * @param string $password The password to encode
+    * @return string
+    */
+    public function encodePassword($password)
+    {
+        $password="\"".$password."\"";
+        $encoded="";
+        for ($i=0; $i info($username, array("cn"), $isGUID);
+        if ($user[0]["dn"] === NULL) { 
+            return false; 
+        }
+        $userDn = $user[0]["dn"];
+        return $userDn;
+    }
+    
+    /**
+    * Return a list of all users in AD
+    * 
+    * @param bool $includeDescription Return a description of the user
+    * @param string $search Search parameter
+    * @param bool $sorted Sort the user accounts
+    * @return array
+    */
+    public function all($includeDescription = false, $search = "*", $sorted = true)
+    {
+        if (!$this->adldap->getLdapBind()) { return false; }
+        
+        // Perform the search and grab all their details
+        $filter = "(&(objectClass=user)(samaccounttype=" . adLDAP::ADLDAP_NORMAL_ACCOUNT .")(objectCategory=person)(cn=" . $search . "))";
+        $fields = array("samaccountname","displayname");
+        $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+        $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+
+        $usersArray = array();
+        for ($i=0; $i<$entries["count"]; $i++){
+            if ($includeDescription && strlen($entries[$i]["displayname"][0])>0){
+                $usersArray[$entries[$i]["samaccountname"][0]] = $entries[$i]["displayname"][0];
+            } elseif ($includeDescription){
+                $usersArray[$entries[$i]["samaccountname"][0]] = $entries[$i]["samaccountname"][0];
+            } else {
+                array_push($usersArray, $entries[$i]["samaccountname"][0]);
+            }
+        }
+        if ($sorted) { 
+            asort($usersArray); 
+        }
+        return $usersArray;
+    }
+    
+    /**
+    * Converts a username (samAccountName) to a GUID
+    * 
+    * @param string $username The username to query
+    * @return string
+    */
+    public function usernameToGuid($username) 
+    {
+        if (!$this->adldap->getLdapBind()){ return false; }
+        if ($username === null){ return "Missing compulsory field [username]"; }
+        
+        $filter = "samaccountname=" . $username; 
+        $fields = array("objectGUID"); 
+        $sr = @ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields); 
+        if (ldap_count_entries($this->adldap->getLdapConnection(), $sr) > 0) { 
+            $entry = @ldap_first_entry($this->adldap->getLdapConnection(), $sr); 
+            $guid = @ldap_get_values_len($this->adldap->getLdapConnection(), $entry, 'objectGUID'); 
+            $strGUID = $this->adldap->utilities()->binaryToText($guid[0]);          
+            return $strGUID; 
+        }
+        return false; 
+    }
+    
+    /**
+    * Return a list of all users in AD that have a specific value in a field
+    *
+    * @param bool $includeDescription Return a description of the user
+    * @param string $searchField Field to search search for
+    * @param string $searchFilter Value to search for in the specified field
+    * @param bool $sorted Sort the user accounts
+    * @return array
+    */
+    public function find($includeDescription = false, $searchField = false, $searchFilter = false, $sorted = true){
+        if (!$this->adldap->getLdapBind()){ return false; }
+          
+        // Perform the search and grab all their details
+        $searchParams = "";
+        if ($searchField) {
+            $searchParams = "(" . $searchField . "=" . $searchFilter . ")";
+        }                           
+        $filter = "(&(objectClass=user)(samaccounttype=" . adLDAP::ADLDAP_NORMAL_ACCOUNT .")(objectCategory=person)" . $searchParams . ")";
+        $fields = array("samaccountname","displayname");
+        $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+        $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+
+        $usersArray = array();
+        for ($i=0; $i < $entries["count"]; $i++) {
+            if ($includeDescription && strlen($entries[$i]["displayname"][0]) > 0) {
+                $usersArray[$entries[$i]["samaccountname"][0]] = $entries[$i]["displayname"][0];
+            }
+            else if ($includeDescription) {
+                $usersArray[$entries[$i]["samaccountname"][0]] = $entries[$i]["samaccountname"][0];
+            }
+            else {
+                array_push($usersArray, $entries[$i]["samaccountname"][0]);
+            }
+        }
+        if ($sorted){ 
+          asort($usersArray); 
+        }
+        return ($usersArray);
+    }
+    
+    /**
+    * Move a user account to a different OU
+    *
+    * @param string $username The username to move (please be careful here!)
+    * @param array $container The container or containers to move the user to (please be careful here!).
+    * accepts containers in 1. parent 2. child order
+    * @return array
+    */
+    public function move($username, $container) 
+    {
+        if (!$this->adldap->getLdapBind()) { return false; }
+        if ($username === null) { return "Missing compulsory field [username]"; }
+        if ($container === null) { return "Missing compulsory field [container]"; }
+        if (!is_array($container)) { return "Container must be an array"; }
+        
+        $userInfo = $this->info($username, array("*"));
+        $dn = $userInfo[0]['distinguishedname'][0];
+        $newRDn = "cn=" . $username;
+        $container = array_reverse($container);
+        $newContainer = "ou=" . implode(",ou=",$container);
+        $newBaseDn = strtolower($newContainer) . "," . $this->adldap->getBaseDn();
+        $result = @ldap_rename($this->adldap->getLdapConnection(), $dn, $newRDn, $newBaseDn, true);
+        if ($result !== true) {
+            return false;
+        }
+        return true;
+    }
+    
+    /**
+    * Get the last logon time of any user as a Unix timestamp
+    * 
+    * @param string $username
+    * @return long $unixTimestamp
+    */
+    public function getLastLogon($username) {
+        if (!$this->adldap->getLdapBind()) { return false; }
+        if ($username === null) { return "Missing compulsory field [username]"; }
+        $userInfo = $this->info($username, array("lastLogonTimestamp"));
+        $lastLogon = adLDAPUtils::convertWindowsTimeToUnixTime($userInfo[0]['lastLogonTimestamp'][0]);
+        return $lastLogon;
+    }
+    
+}
+?>
diff --git a/lib/plugins/authad/adLDAP/classes/adLDAPUtils.php b/lib/plugins/authad/adLDAP/classes/adLDAPUtils.php
new file mode 100644
index 000000000..f039a4290
--- /dev/null
+++ b/lib/plugins/authad/adLDAP/classes/adLDAPUtils.php
@@ -0,0 +1,264 @@
+adldap = $adldap;
+    }
+    
+    
+    /**
+    * Take an LDAP query and return the nice names, without all the LDAP prefixes (eg. CN, DN)
+    *
+    * @param array $groups
+    * @return array
+    */
+    public function niceNames($groups)
+    {
+
+        $groupArray = array();
+        for ($i=0; $i<$groups["count"]; $i++){ // For each group
+            $line = $groups[$i];
+            
+            if (strlen($line)>0) { 
+                // More presumptions, they're all prefixed with CN=
+                // so we ditch the first three characters and the group
+                // name goes up to the first comma
+                $bits=explode(",", $line);
+                $groupArray[] = substr($bits[0], 3, (strlen($bits[0])-3));
+            }
+        }
+        return $groupArray;    
+    }
+    
+    /**
+    * Escape characters for use in an ldap_create function
+    * 
+    * @param string $str
+    * @return string
+    */
+    public function escapeCharacters($str) {
+        $str = str_replace(",", "\,", $str);
+        return $str;
+    }
+    
+    /**
+    * Escape strings for the use in LDAP filters
+    * 
+    * DEVELOPERS SHOULD BE DOING PROPER FILTERING IF THEY'RE ACCEPTING USER INPUT
+    * Ported from Perl's Net::LDAP::Util escape_filter_value
+    *
+    * @param string $str The string the parse
+    * @author Port by Andreas Gohr 
+    * @return string
+    */
+    public function ldapSlashes($str){
+        return preg_replace('/([\x00-\x1F\*\(\)\\\\])/e',
+                            '"\\\\\".join("",unpack("H2","$1"))',
+                            $str);
+    }
+    
+    /**
+    * Converts a string GUID to a hexdecimal value so it can be queried
+    * 
+    * @param string $strGUID A string representation of a GUID
+    * @return string
+    */
+    public function strGuidToHex($strGUID) 
+    {
+        $strGUID = str_replace('-', '', $strGUID);
+
+        $octet_str = '\\' . substr($strGUID, 6, 2);
+        $octet_str .= '\\' . substr($strGUID, 4, 2);
+        $octet_str .= '\\' . substr($strGUID, 2, 2);
+        $octet_str .= '\\' . substr($strGUID, 0, 2);
+        $octet_str .= '\\' . substr($strGUID, 10, 2);
+        $octet_str .= '\\' . substr($strGUID, 8, 2);
+        $octet_str .= '\\' . substr($strGUID, 14, 2);
+        $octet_str .= '\\' . substr($strGUID, 12, 2);
+        //$octet_str .= '\\' . substr($strGUID, 16, strlen($strGUID));
+        for ($i=16; $i<=(strlen($strGUID)-2); $i++) {
+            if (($i % 2) == 0) {
+                $octet_str .= '\\' . substr($strGUID, $i, 2);
+            }
+        }
+        
+        return $octet_str;
+    }
+    
+    /**
+    * Convert a binary SID to a text SID
+    * 
+    * @param string $binsid A Binary SID
+    * @return string
+    */
+     public function getTextSID($binsid) {
+        $hex_sid = bin2hex($binsid);
+        $rev = hexdec(substr($hex_sid, 0, 2));
+        $subcount = hexdec(substr($hex_sid, 2, 2));
+        $auth = hexdec(substr($hex_sid, 4, 12));
+        $result = "$rev-$auth";
+
+        for ($x=0;$x < $subcount; $x++) {
+            $subauth[$x] =
+                hexdec($this->littleEndian(substr($hex_sid, 16 + ($x * 8), 8)));
+                $result .= "-" . $subauth[$x];
+        }
+
+        // Cheat by tacking on the S-
+        return 'S-' . $result;
+     }
+     
+    /**
+    * Converts a little-endian hex number to one that hexdec() can convert
+    * 
+    * @param string $hex A hex code
+    * @return string
+    */
+     public function littleEndian($hex) 
+     {
+        $result = '';
+        for ($x = strlen($hex) - 2; $x >= 0; $x = $x - 2) {
+            $result .= substr($hex, $x, 2);
+        }
+        return $result;
+     }
+     
+     /**
+    * Converts a binary attribute to a string
+    * 
+    * @param string $bin A binary LDAP attribute
+    * @return string
+    */
+    public function binaryToText($bin) 
+    {
+        $hex_guid = bin2hex($bin); 
+        $hex_guid_to_guid_str = ''; 
+        for($k = 1; $k <= 4; ++$k) { 
+            $hex_guid_to_guid_str .= substr($hex_guid, 8 - 2 * $k, 2); 
+        } 
+        $hex_guid_to_guid_str .= '-'; 
+        for($k = 1; $k <= 2; ++$k) { 
+            $hex_guid_to_guid_str .= substr($hex_guid, 12 - 2 * $k, 2); 
+        } 
+        $hex_guid_to_guid_str .= '-'; 
+        for($k = 1; $k <= 2; ++$k) { 
+            $hex_guid_to_guid_str .= substr($hex_guid, 16 - 2 * $k, 2); 
+        } 
+        $hex_guid_to_guid_str .= '-' . substr($hex_guid, 16, 4); 
+        $hex_guid_to_guid_str .= '-' . substr($hex_guid, 20); 
+        return strtoupper($hex_guid_to_guid_str);   
+    }
+    
+    /**
+    * Converts a binary GUID to a string GUID
+    * 
+    * @param string $binaryGuid The binary GUID attribute to convert
+    * @return string
+    */
+    public function decodeGuid($binaryGuid) 
+    {
+        if ($binaryGuid === null){ return "Missing compulsory field [binaryGuid]"; }
+        
+        $strGUID = $this->binaryToText($binaryGuid);          
+        return $strGUID; 
+    }
+    
+    /**
+    * Convert a boolean value to a string
+    * You should never need to call this yourself
+    *
+    * @param bool $bool Boolean value
+    * @return string
+    */
+    public function boolToStr($bool) 
+    {
+        return ($bool) ? 'TRUE' : 'FALSE';
+    }
+    
+    /**
+    * Convert 8bit characters e.g. accented characters to UTF8 encoded characters
+    */
+    public function encode8Bit(&$item, $key) {
+        $encode = false;
+        if (is_string($item)) {
+            for ($i=0; $i> 7) {
+                    $encode = true;
+                }
+            }
+        }
+        if ($encode === true && $key != 'password') {
+            $item = utf8_encode($item);   
+        }
+    }  
+    
+    /**
+    * Get the current class version number
+    * 
+    * @return string
+    */
+    public function getVersion() {
+        return self::ADLDAP_VERSION;
+    }
+    
+    /**
+    * Round a Windows timestamp down to seconds and remove the seconds between 1601-01-01 and 1970-01-01
+    * 
+    * @param long $windowsTime
+    * @return long $unixTime
+    */
+    public static function convertWindowsTimeToUnixTime($windowsTime) {
+      $unixTime = round($windowsTime / 10000000) - 11644477200; 
+      return $unixTime; 
+    }
+}
+
+?>
\ No newline at end of file
diff --git a/lib/plugins/authad/adLDAP/collections/adLDAPCollection.php b/lib/plugins/authad/adLDAP/collections/adLDAPCollection.php
new file mode 100644
index 000000000..c0a2eb2fa
--- /dev/null
+++ b/lib/plugins/authad/adLDAP/collections/adLDAPCollection.php
@@ -0,0 +1,137 @@
+setInfo($info);   
+        $this->adldap = $adldap;
+    }
+    
+    /**
+    * Set the raw info array from Active Directory
+    * 
+    * @param array $info
+    */
+    public function setInfo(array $info) 
+    {
+        if ($this->info && sizeof($info) >= 1) {
+            unset($this->info);
+        }
+        $this->info = $info;   
+    }
+    
+    /**
+    * Magic get method to retrieve data from the raw array in a formatted way
+    * 
+    * @param string $attribute
+    * @return mixed
+    */
+    public function __get($attribute)
+    {
+        if (isset($this->info[0]) && is_array($this->info[0])) {
+            foreach ($this->info[0] as $keyAttr => $valueAttr) {
+                if (strtolower($keyAttr) == strtolower($attribute)) {
+                    if ($this->info[0][strtolower($attribute)]['count'] == 1) {
+                        return $this->info[0][strtolower($attribute)][0];   
+                    }
+                    else {
+                        $array = array();
+                        foreach ($this->info[0][strtolower($attribute)] as $key => $value) {
+                            if ((string)$key != 'count') {
+                                $array[$key] = $value;
+                            } 
+                        }  
+                        return $array;   
+                    }
+                }   
+            }
+        }
+        else {
+            return NULL;   
+        }
+    }    
+    
+    /**
+    * Magic set method to update an attribute
+    * 
+    * @param string $attribute
+    * @param string $value
+    * @return bool
+    */
+    abstract public function __set($attribute, $value);
+    
+    /** 
+    * Magic isset method to check for the existence of an attribute 
+    * 
+    * @param string $attribute 
+    * @return bool 
+    */ 
+    public function __isset($attribute) {
+        if (isset($this->info[0]) && is_array($this->info[0])) { 
+            foreach ($this->info[0] as $keyAttr => $valueAttr) { 
+                if (strtolower($keyAttr) == strtolower($attribute)) { 
+                    return true; 
+                } 
+            } 
+        } 
+        return false; 
+     } 
+}
+?>
diff --git a/lib/plugins/authad/adLDAP/collections/adLDAPComputerCollection.php b/lib/plugins/authad/adLDAP/collections/adLDAPComputerCollection.php
new file mode 100644
index 000000000..4f11d8f41
--- /dev/null
+++ b/lib/plugins/authad/adLDAP/collections/adLDAPComputerCollection.php
@@ -0,0 +1,46 @@
+
diff --git a/lib/plugins/authad/adLDAP/collections/adLDAPContactCollection.php b/lib/plugins/authad/adLDAP/collections/adLDAPContactCollection.php
new file mode 100644
index 000000000..d42fe6d4c
--- /dev/null
+++ b/lib/plugins/authad/adLDAP/collections/adLDAPContactCollection.php
@@ -0,0 +1,46 @@
+
diff --git a/lib/plugins/authad/adLDAP/collections/adLDAPGroupCollection.php b/lib/plugins/authad/adLDAP/collections/adLDAPGroupCollection.php
new file mode 100644
index 000000000..cff12fc20
--- /dev/null
+++ b/lib/plugins/authad/adLDAP/collections/adLDAPGroupCollection.php
@@ -0,0 +1,46 @@
+
diff --git a/lib/plugins/authad/adLDAP/collections/adLDAPUserCollection.php b/lib/plugins/authad/adLDAP/collections/adLDAPUserCollection.php
new file mode 100644
index 000000000..801d90296
--- /dev/null
+++ b/lib/plugins/authad/adLDAP/collections/adLDAPUserCollection.php
@@ -0,0 +1,46 @@
+
diff --git a/lib/plugins/authad/auth.php b/lib/plugins/authad/auth.php
index e82610327..5c566195e 100644
--- a/lib/plugins/authad/auth.php
+++ b/lib/plugins/authad/auth.php
@@ -2,8 +2,6 @@
 // must be run within Dokuwiki
 if(!defined('DOKU_INC')) die();
 
-require_once(DOKU_INC.'inc/adLDAP.php');
-
 /**
  * Active Directory authentication backend for DokuWiki
  *
@@ -41,7 +39,7 @@ require_once(DOKU_INC.'inc/adLDAP.php');
  * @author  Jan Schumann 
  */
 
-require_once(DOKU_INC.'inc/adLDAP/adLDAP.php');
+require_once(DOKU_PLUGIN.'authad/adLDAP/adLDAP.php');
 
 class auth_plugin_authad extends DokuWiki_Auth_Plugin {
     /**
-- 
cgit v1.2.3


From 32fd494aaeb28179d8823354e07c1399e7443c90 Mon Sep 17 00:00:00 2001
From: Andreas Gohr 
Date: Fri, 9 Nov 2012 14:54:48 +0100
Subject: authad fixes

* fixes incorrect $this->adldap calls
* makes use of correct plugin config
---
 lib/plugins/authad/auth.php        | 83 ++++++++++++++++++--------------------
 lib/plugins/authad/plugin.info.txt |  4 +-
 2 files changed, 42 insertions(+), 45 deletions(-)

(limited to 'lib/plugins/authad')

diff --git a/lib/plugins/authad/auth.php b/lib/plugins/authad/auth.php
index 5c566195e..f651d87a1 100644
--- a/lib/plugins/authad/auth.php
+++ b/lib/plugins/authad/auth.php
@@ -2,6 +2,8 @@
 // must be run within Dokuwiki
 if(!defined('DOKU_INC')) die();
 
+require_once(DOKU_PLUGIN.'authad/adLDAP/adLDAP.php');
+
 /**
  * Active Directory authentication backend for DokuWiki
  *
@@ -13,20 +15,20 @@ if(!defined('DOKU_INC')) die();
  *
  *   $conf['authtype']       = 'authad';
  *
- *   $conf['auth']['ad']['account_suffix']     = '@my.domain.org';
- *   $conf['auth']['ad']['base_dn']            = 'DC=my,DC=domain,DC=org';
- *   $conf['auth']['ad']['domain_controllers'] = 'srv1.domain.org,srv2.domain.org';
+ *   $conf['plugin']['authad']['account_suffix']     = '@my.domain.org';
+ *   $conf['plugin']['authad']['base_dn']            = 'DC=my,DC=domain,DC=org';
+ *   $conf['plugin']['authad']['domain_controllers'] = 'srv1.domain.org,srv2.domain.org';
  *
  *   //optional:
- *   $conf['auth']['ad']['sso']                = 1;
- *   $conf['auth']['ad']['ad_username']        = 'root';
- *   $conf['auth']['ad']['ad_password']        = 'pass';
- *   $conf['auth']['ad']['real_primarygroup']  = 1;
- *   $conf['auth']['ad']['use_ssl']            = 1;
- *   $conf['auth']['ad']['use_tls']            = 1;
- *   $conf['auth']['ad']['debug']              = 1;
+ *   $conf['plugin']['authad']['sso']                = 1;
+ *   $conf['plugin']['authad']['ad_username']        = 'root';
+ *   $conf['plugin']['authad']['ad_password']        = 'pass';
+ *   $conf['plugin']['authad']['real_primarygroup']  = 1;
+ *   $conf['plugin']['authad']['use_ssl']            = 1;
+ *   $conf['plugin']['authad']['use_tls']            = 1;
+ *   $conf['plugin']['authad']['debug']              = 1;
  *   // warn user about expiring password this many days in advance:
- *   $conf['auth']['ad']['expirywarn']         = 5;
+ *   $conf['plugin']['authad']['expirywarn']         = 5;
  *
  *   // get additional information to the userinfo array
  *   // add a list of comma separated ldap contact fields.
@@ -38,18 +40,13 @@ if(!defined('DOKU_INC')) die();
  * @author  Andreas Gohr 
  * @author  Jan Schumann 
  */
-
-require_once(DOKU_PLUGIN.'authad/adLDAP/adLDAP.php');
-
 class auth_plugin_authad extends DokuWiki_Auth_Plugin {
-    /**
-     * @var array copy of the auth backend configuration
-     */
-    protected $cnf = array();
+
     /**
      * @var array hold connection data for a specific AD domain
      */
     protected $opts = array();
+
     /**
      * @var array open connections for each AD domain, as adLDAP objects
      */
@@ -76,18 +73,18 @@ class auth_plugin_authad extends DokuWiki_Auth_Plugin {
     public function __construct() {
         parent::__construct();
 
-        global $conf;
-        $this->cnf = $conf['auth']['ad'];
+        // we load the config early to modify it a bit here
+        $this->loadConfig();
 
         // additional information fields
-        if(isset($this->cnf['additional'])) {
-            $this->cnf['additional'] = str_replace(' ', '', $this->cnf['additional']);
-            $this->cnf['additional'] = explode(',', $this->cnf['additional']);
-        } else $this->cnf['additional'] = array();
+        if(isset($this->conf['additional'])) {
+            $this->conf['additional'] = str_replace(' ', '', $this->conf['additional']);
+            $this->conf['additional'] = explode(',', $this->conf['additional']);
+        } else $this->conf['additional'] = array();
 
         // ldap extension is needed
         if(!function_exists('ldap_connect')) {
-            if($this->cnf['debug'])
+            if($this->conf['debug'])
                 msg("AD Auth: PHP LDAP extension not found.", -1);
             $this->success = false;
             return;
@@ -97,7 +94,7 @@ class auth_plugin_authad extends DokuWiki_Auth_Plugin {
         if(!utf8_check($_SERVER['REMOTE_USER'])) {
             $_SERVER['REMOTE_USER'] = utf8_encode($_SERVER['REMOTE_USER']);
         }
-        if($_SERVER['REMOTE_USER'] && $this->cnf['sso']) {
+        if($_SERVER['REMOTE_USER'] && $this->conf['sso']) {
             $_SERVER['REMOTE_USER'] = $this->cleanUser($_SERVER['REMOTE_USER']);
 
             // we need to simulate a login
@@ -127,7 +124,7 @@ class auth_plugin_authad extends DokuWiki_Auth_Plugin {
     public function checkPass($user, $pass) {
         if($_SERVER['REMOTE_USER'] &&
             $_SERVER['REMOTE_USER'] == $user &&
-            $this->cnf['sso']
+            $this->conf['sso']
         ) return true;
 
         $adldap = $this->_adldap($this->_userDomain($user));
@@ -172,11 +169,11 @@ class auth_plugin_authad extends DokuWiki_Auth_Plugin {
         $fields = array('mail', 'displayname', 'samaccountname', 'lastpwd', 'pwdlastset', 'useraccountcontrol');
 
         // add additional fields to read
-        $fields = array_merge($fields, $this->cnf['additional']);
+        $fields = array_merge($fields, $this->conf['additional']);
         $fields = array_unique($fields);
 
         //get info for given user
-        $result = $this->adldap->user()->info($this->_userName($user), $fields);
+        $result = $adldap->user()->info($this->_userName($user), $fields);
         if($result == false){
             return array();
         }
@@ -192,14 +189,14 @@ class auth_plugin_authad extends DokuWiki_Auth_Plugin {
         $info['expires'] = !($result[0]['useraccountcontrol'][0] & 0x10000); //ADS_UF_DONT_EXPIRE_PASSWD
 
         // additional information
-        foreach($this->cnf['additional'] as $field) {
+        foreach($this->conf['additional'] as $field) {
             if(isset($result[0][strtolower($field)])) {
                 $info[$field] = $result[0][strtolower($field)][0];
             }
         }
 
         // handle ActiveDirectory memberOf
-        $info['grps'] = $this->adldap->user()->groups($this->_userName($user),(bool) $this->opts['recursive_groups']);
+        $info['grps'] = $adldap->user()->groups($this->_userName($user),(bool) $this->opts['recursive_groups']);
 
         if(is_array($info['grps'])) {
             foreach($info['grps'] as $ndx => $group) {
@@ -219,14 +216,14 @@ class auth_plugin_authad extends DokuWiki_Auth_Plugin {
         }
 
         // check expiry time
-        if($info['expires'] && $this->cnf['expirywarn']){
-            $timeleft = $this->adldap->user()->passwordExpiry($user); // returns unixtime
+        if($info['expires'] && $this->conf['expirywarn']){
+            $timeleft = $adldap->user()->passwordExpiry($user); // returns unixtime
             $timeleft = round($timeleft/(24*60*60));
             $info['expiresin'] = $timeleft;
 
             // if this is the current user, warn him (once per request only)
             if(($_SERVER['REMOTE_USER'] == $user) &&
-                ($timeleft <= $this->cnf['expirywarn']) &&
+                ($timeleft <= $this->conf['expirywarn']) &&
                 !$this->msgshown
             ) {
                 $msg = sprintf($lang['authpwdexpire'], $timeleft);
@@ -283,7 +280,7 @@ class auth_plugin_authad extends DokuWiki_Auth_Plugin {
         $user   = utf8_strtolower(trim($user));
 
         // is this a known, valid domain? if not discard
-        if(!is_array($this->cnf[$domain])) {
+        if(!is_array($this->conf[$domain])) {
             $domain = '';
         }
 
@@ -316,7 +313,7 @@ class auth_plugin_authad extends DokuWiki_Auth_Plugin {
 
         if($this->users === null) {
             //get info for given user
-            $result = $this->adldap->user()->all();
+            $result = $adldap->user()->all();
             if (!$result) return array();
             $this->users = array_fill_keys($result, false);
         }
@@ -356,9 +353,9 @@ class auth_plugin_authad extends DokuWiki_Auth_Plugin {
         // password changing
         if(isset($changes['pass'])) {
             try {
-                $return = $this->adldap->user()->password($this->_userName($user),$changes['pass']);
+                $return = $adldap->user()->password($this->_userName($user),$changes['pass']);
             } catch (adLDAPException $e) {
-                if ($this->cnf['debug']) msg('AD Auth: '.$e->getMessage(), -1);
+                if ($this->conf['debug']) msg('AD Auth: '.$e->getMessage(), -1);
                 $return = false;
             }
             if(!$return) msg('AD Auth: failed to change the password. Maybe the password policy was not met?', -1);
@@ -378,9 +375,9 @@ class auth_plugin_authad extends DokuWiki_Auth_Plugin {
         }
         if(count($adchanges)) {
             try {
-                $return = $return & $this->adldap->user()->modify($this->_userName($user),$adchanges);
+                $return = $return & $adldap->user()->modify($this->_userName($user),$adchanges);
             } catch (adLDAPException $e) {
-                if ($this->cnf['debug']) msg('AD Auth: '.$e->getMessage(), -1);
+                if ($this->conf['debug']) msg('AD Auth: '.$e->getMessage(), -1);
                 $return = false;
             }
         }
@@ -411,7 +408,7 @@ class auth_plugin_authad extends DokuWiki_Auth_Plugin {
             $this->adldap[$domain] = new adLDAP($this->opts);
             return $this->adldap[$domain];
         } catch(adLDAPException $e) {
-            if($this->cnf['debug']) {
+            if($this->conf['debug']) {
                 msg('AD Auth: '.$e->getMessage(), -1);
             }
             $this->success         = false;
@@ -450,12 +447,12 @@ class auth_plugin_authad extends DokuWiki_Auth_Plugin {
      */
     protected function _loadServerConfig($domain) {
         // prepare adLDAP standard configuration
-        $opts = $this->cnf;
+        $opts = $this->conf;
 
         $opts['domain'] = $domain;
 
         // add possible domain specific configuration
-        if($domain && is_array($this->cnf[$domain])) foreach($this->cnf[$domain] as $key => $val) {
+        if($domain && is_array($this->conf[$domain])) foreach($this->conf[$domain] as $key => $val) {
             $opts[$key] = $val;
         }
 
diff --git a/lib/plugins/authad/plugin.info.txt b/lib/plugins/authad/plugin.info.txt
index 598eb848b..f02b5118c 100644
--- a/lib/plugins/authad/plugin.info.txt
+++ b/lib/plugins/authad/plugin.info.txt
@@ -1,7 +1,7 @@
 base   authad
 author Andreas Gohr
 email  andi@splitbrain.org
-date   2012-10-06
-name   active directory auth plugin
+date   2012-11-09
+name   Active Directory auth plugin
 desc   Provides authentication against a Microsoft Active Directory
 url    http://www.dokuwiki.org/plugin:authad
-- 
cgit v1.2.3


From 52c3bef90b80185350a565ba379ce81ccf5fce2a Mon Sep 17 00:00:00 2001
From: Andreas Gohr 
Date: Sat, 2 Feb 2013 13:04:37 +0100
Subject: added config metadata to authad plugin

---
 lib/plugins/authad/conf/metadata.php    | 14 ++++++++++++++
 lib/plugins/authad/lang/en/settings.php | 14 ++++++++++++++
 2 files changed, 28 insertions(+)
 create mode 100644 lib/plugins/authad/conf/metadata.php
 create mode 100644 lib/plugins/authad/lang/en/settings.php

(limited to 'lib/plugins/authad')

diff --git a/lib/plugins/authad/conf/metadata.php b/lib/plugins/authad/conf/metadata.php
new file mode 100644
index 000000000..dc251a108
--- /dev/null
+++ b/lib/plugins/authad/conf/metadata.php
@@ -0,0 +1,14 @@
+0);
+$meta['additional']         = array('string');
\ No newline at end of file
diff --git a/lib/plugins/authad/lang/en/settings.php b/lib/plugins/authad/lang/en/settings.php
new file mode 100644
index 000000000..41176847a
--- /dev/null
+++ b/lib/plugins/authad/lang/en/settings.php
@@ -0,0 +1,14 @@
+@my.domain.org';
+$lang['base_dn']            = 'Your base DN. Eg. DC=my,DC=domain,DC=org';
+$lang['domain_controllers'] = 'A comma separated list of Domain controllers. Eg. srv1.domain.org,srv2.domain.org';
+$lang['ad_username']        = 'A privileged Active Directory user with access to all other user\'s data. Optional, but needed for certain actions like sending subscription mails.';
+$lang['ad_password']        = 'The password of the above user.';
+$lang['sso']                = 'Should Single-Sign-On via Kerberos or NTLM be used?';
+$lang['real_primarygroup']  = 'Should the real primary group be resolved instead of assuming "Domain Users" (slower)';
+$lang['use_ssl']            = 'Use SSL connection? If used, do not enable TLS below.';
+$lang['use_tls']            = 'Use TLS connection? If used, do not enable SSL above.';
+$lang['debug']              = 'Display additional debugging output on errors?';
+$lang['expirywarn']         = 'Days in advance to warn user about expiring password. 0 to disable.';
+$lang['additional']         = 'A comma separated list of additional AD attributes to fetch from user data. Used by some plugins.';
\ No newline at end of file
-- 
cgit v1.2.3


From 45970804e69e3d087fe19ad9cefaff0ef44be795 Mon Sep 17 00:00:00 2001
From: Klap-in 
Date: Sat, 16 Feb 2013 22:53:38 +0100
Subject: Complete metadata and defaults of auth plugin configs

---
 lib/plugins/authad/conf/default.php | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 lib/plugins/authad/conf/default.php

(limited to 'lib/plugins/authad')

diff --git a/lib/plugins/authad/conf/default.php b/lib/plugins/authad/conf/default.php
new file mode 100644
index 000000000..05d6c328e
--- /dev/null
+++ b/lib/plugins/authad/conf/default.php
@@ -0,0 +1,14 @@
+
Date: Wed, 20 Feb 2013 20:26:05 +0100
Subject: Fix remaining missing $INPUT uses FS#2577

This adds $INPUT in all places where it was still missing and available.
$INPUT is now also used in places where using $_REQUEST/... was okay in
order to make the code consistent.
---
 lib/plugins/authad/auth.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'lib/plugins/authad')

diff --git a/lib/plugins/authad/auth.php b/lib/plugins/authad/auth.php
index f651d87a1..6c49eafbb 100644
--- a/lib/plugins/authad/auth.php
+++ b/lib/plugins/authad/auth.php
@@ -71,6 +71,7 @@ class auth_plugin_authad extends DokuWiki_Auth_Plugin {
      * Constructor
      */
     public function __construct() {
+        global $INPUT;
         parent::__construct();
 
         // we load the config early to modify it a bit here
@@ -99,8 +100,8 @@ class auth_plugin_authad extends DokuWiki_Auth_Plugin {
 
             // we need to simulate a login
             if(empty($_COOKIE[DOKU_COOKIE])) {
-                $_REQUEST['u'] = $_SERVER['REMOTE_USER'];
-                $_REQUEST['p'] = 'sso_only';
+                $INPUT->set('u', $_SERVER['REMOTE_USER']);
+                $INPUT->set('p', 'sso_only');
             }
         }
 
-- 
cgit v1.2.3


From d00152be83dd30024aa5dd89b9ad9a70eb25d80f Mon Sep 17 00:00:00 2001
From: Lorenzo Radaelli 
Date: Sun, 24 Feb 2013 10:36:18 +0100
Subject: Italian language update

---
 lib/plugins/authad/lang/it/settings.php | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 lib/plugins/authad/lang/it/settings.php

(limited to 'lib/plugins/authad')

diff --git a/lib/plugins/authad/lang/it/settings.php b/lib/plugins/authad/lang/it/settings.php
new file mode 100644
index 000000000..10ae72f87
--- /dev/null
+++ b/lib/plugins/authad/lang/it/settings.php
@@ -0,0 +1,5 @@
+
Date: Sun, 24 Feb 2013 10:37:45 +0100
Subject: Simplified Chinese language update

---
 lib/plugins/authad/lang/zh/settings.php | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 lib/plugins/authad/lang/zh/settings.php

(limited to 'lib/plugins/authad')

diff --git a/lib/plugins/authad/lang/zh/settings.php b/lib/plugins/authad/lang/zh/settings.php
new file mode 100644
index 000000000..9fd3c4e35
--- /dev/null
+++ b/lib/plugins/authad/lang/zh/settings.php
@@ -0,0 +1,18 @@
+
+ */
+$lang['account_suffix']        = '您的账户后缀。例如 @my.domain.org';
+$lang['base_dn']               = '您的基本分辨名。例如 DC=my,DC=domain,DC=org';
+$lang['domain_controllers']    = '逗号分隔的域名控制器列表。例如 srv1.domain.org,srv2.domain.org';
+$lang['ad_username']           = '一个活动目录的特权用户,可以查看其他所有用户的数据。可选,但对某些活动例如发送订阅邮件是必须的。';
+$lang['ad_password']           = '上述用户的密码。';
+$lang['sso']                   = '是否使用经由 Kerberos 和 NTLM 的 Single-Sign-On?';
+$lang['real_primarygroup']     = ' 是否解析真实的主要组,而不是假设为“域用户” (较慢)';
+$lang['use_ssl']               = '使用 SSL 连接?如果是,不要激活下面的 TLS。';
+$lang['use_tls']               = '使用 TLS 连接?如果是 ,不要激活上面的 SSL。';
+$lang['debug']                 = '有错误时显示额外的调试信息?';
+$lang['expirywarn']            = '提前多少天警告用户密码即将到期。0 则禁用。';
+$lang['additional']            = '需要从用户数据中获取的额外 AD 属性的列表,以逗号分隔。用于某些插件。';
-- 
cgit v1.2.3


From 03583750eb3b0245839ba46c1b1fb25eac66f3a0 Mon Sep 17 00:00:00 2001
From: Kiril LastName 
Date: Wed, 6 Mar 2013 23:10:47 +0200
Subject: Bulgarian language update

---
 lib/plugins/authad/lang/bg/settings.php | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 lib/plugins/authad/lang/bg/settings.php

(limited to 'lib/plugins/authad')

diff --git a/lib/plugins/authad/lang/bg/settings.php b/lib/plugins/authad/lang/bg/settings.php
new file mode 100644
index 000000000..d63331078
--- /dev/null
+++ b/lib/plugins/authad/lang/bg/settings.php
@@ -0,0 +1,18 @@
+
+ */
+$lang['account_suffix']     = 'Наставка на акаунта Ви. Например @някакъв.домейн.org';
+$lang['base_dn']            = 'Вашият основен DN. Например DC=моят,DC=домейн,DC=org';
+$lang['domain_controllers'] = 'Domain controller списък, разделете сървърите със запетая. Например сървър1.домейн.org,сървър2.домейн.org';
+$lang['ad_username']        = 'Привилегирован Active Directory потребител с достъп до данните на останалите потребители. Не е задължително, но е необходимо за някои функционалности като изпращането на имейл за абонаменти.';
+$lang['ad_password']        = 'Паролата на горния потребител.';
+$lang['sso']                = 'Да се ползва ли еднократно вписване чрез Kerberos или NTLM?';
+$lang['real_primarygroup']  = 'Да се извлича ли истинската група вместо да се предполага "Domain Users" (по-бавно)';
+$lang['use_ssl']            = 'Ползване на SSL свързаност? Не отбелязвайте TLS (по-долу) ако включите опцията.';
+$lang['use_tls']            = 'Ползване на TLS свързаност? Не отбелязвайте SSL (по-горе) ако включите опцията.';
+$lang['debug']              = 'Показване на допълнителна debug информация при грешка?';
+$lang['expirywarn']         = 'Предупреждаване на потребителите Х дни преди изтичане валидността на паролата им. Въведете 0 за изключване.';
+$lang['additional']         = 'Списък с допълнителни AD атрибути за извличане от потребителските данни (разделяйте ги със запетая). Ползва се от няколко приставки.';
\ No newline at end of file
-- 
cgit v1.2.3


From 5b84f8e9c9749b424f3813f7126245330a7deb1c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=97=A5=E5=90=91=E5=B0=8F=E9=83=8E?=
 
Date: Mon, 11 Mar 2013 15:33:07 +0100
Subject: Traditional chinese language update

---
 lib/plugins/authad/lang/zh-tw/settings.php | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 lib/plugins/authad/lang/zh-tw/settings.php

(limited to 'lib/plugins/authad')

diff --git a/lib/plugins/authad/lang/zh-tw/settings.php b/lib/plugins/authad/lang/zh-tw/settings.php
new file mode 100644
index 000000000..e38a2c007
--- /dev/null
+++ b/lib/plugins/authad/lang/zh-tw/settings.php
@@ -0,0 +1,18 @@
+@my.domain.org';
+$lang['base_dn']               = '您的基本識別名。如: DC=my,DC=domain,DC=org';
+$lang['domain_controllers']    = '以逗號分隔的域名控制器列表。如: srv1.domain.org,srv2.domain.org';
+$lang['ad_username']           = 'Active Directory 的特權使用者,可以查看所有使用者的數據。(非必要,但對發送訂閱郵件等活動來說,這是必須的。)';
+$lang['ad_password']           = '上述使用者的密碼。';
+$lang['sso']                   = '是否使用 Kerberos 或 NTLM 的單一登入系統 (Single-Sign-On)?';
+$lang['real_primarygroup']     = '是否視作真正的主要群組,而不是假設為網域使用者 (比較慢)';
+$lang['use_ssl']               = '使用 SSL 連接嗎?如果要使用,請不要啟用下方的 TLS。';
+$lang['use_tls']               = '使用 TLS 連接嗎?如果要使用,請不要啟用上方的 SSL。';
+$lang['debug']                 = '有錯誤時,顯示額外除錯資訊嗎?';
+$lang['expirywarn']            = '提前多少天警告使用者密碼即將到期。輸入0表示停用。';
+$lang['additional']            = '從使用者數據中取得額外 AD 屬性列表,以供某些附加元件使用。列表以逗號分隔。';
-- 
cgit v1.2.3


From df60eba1d79b8a3e9a5dda87cb3466f0b7b9d454 Mon Sep 17 00:00:00 2001
From: Bruno Veilleux 
Date: Mon, 11 Mar 2013 15:34:55 +0100
Subject: French language update

---
 lib/plugins/authad/lang/fr/settings.php | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 lib/plugins/authad/lang/fr/settings.php

(limited to 'lib/plugins/authad')

diff --git a/lib/plugins/authad/lang/fr/settings.php b/lib/plugins/authad/lang/fr/settings.php
new file mode 100644
index 000000000..efbca89f9
--- /dev/null
+++ b/lib/plugins/authad/lang/fr/settings.php
@@ -0,0 +1,18 @@
+
+ */
+$lang['account_suffix']        = 'Le suffixe de votre compte. Ex.: @mon.domaine.org';
+$lang['base_dn']               = 'Votre nom de domaine de base. DC=mon,DC=domaine,DC=org';
+$lang['domain_controllers']    = 'Une liste de contrôleurs de domaine séparés par des virgules. Ex.: srv1.domaine.org,srv2.domaine.org';
+$lang['ad_username']           = 'Un utilisateur Active Directory avec accès aux données de tous les autres utilisateurs. Facultatif, mais nécessaire pour certaines actions telles que l\'envoi de courriels d\'abonnement.';
+$lang['ad_password']           = 'Le mot de passe de l\'utilisateur ci-dessus.';
+$lang['sso']                   = 'Est-ce que la connexion unique (Single-Sign-On) par Kerberos ou NTLM doit être utilisée?';
+$lang['real_primarygroup']     = 'Est-ce que le véritable groupe principal doit être résolu au lieu de présumer "Domain Users" (plus lent)?';
+$lang['use_ssl']               = 'Utiliser une connexion SSL? Si utilisée, n\'activez pas TLS ci-dessous.';
+$lang['use_tls']               = 'Utiliser une connexion TLS? Si utilisée, n\'activez pas SSL ci-dessus.';
+$lang['debug']                 = 'Afficher des informations de débogage supplémentaires pour les erreurs?';
+$lang['expirywarn']            = 'Jours d\'avance pour l\'avertissement envoyé aux utilisateurs lorsque leur mot de passe va expirer. 0 pour désactiver.';
+$lang['additional']            = 'Une liste séparée par des virgules d\'attributs AD supplémentaires à récupérer dans les données utilisateur. Utilisée par certains modules.';
-- 
cgit v1.2.3


From 421bfa826519712385983d37cb67a4f69b918674 Mon Sep 17 00:00:00 2001
From: Robert Bogenschneider 
Date: Mon, 11 Mar 2013 15:37:25 +0100
Subject: Esperanto language update

---
 lib/plugins/authad/lang/eo/settings.php | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 lib/plugins/authad/lang/eo/settings.php

(limited to 'lib/plugins/authad')

diff --git a/lib/plugins/authad/lang/eo/settings.php b/lib/plugins/authad/lang/eo/settings.php
new file mode 100644
index 000000000..85a6abd98
--- /dev/null
+++ b/lib/plugins/authad/lang/eo/settings.php
@@ -0,0 +1,17 @@
+@mia.domajno.lando';
+$lang['base_dn']               = 'Via baza DN, ekz. DC=mia,DC=domajno,DC=lando';
+$lang['domain_controllers']    = 'Komodisigita listo de domajno-serviloj, ekz. srv1.domajno.lando,srv2.domajno.lando';
+$lang['ad_username']           = 'Privilegiita Aktiv-Dosieruja uzanto kun aliro al ĉiuj uzantaj datumoj. Libervole, sed necesa por iuj agadoj kiel sendi abonan retpoŝton.';
+$lang['ad_password']           = 'La pasvorto de tiu uzanto.';
+$lang['sso']                   = 'Ĉu uzi Sola Aliro tra Kerberos aŭ NTLM?';
+$lang['real_primarygroup']     = 'Ĉu trovi la veran ĉefan grupon anstataŭ supozi "Domajnuzantoj" (pli malrapida)?';
+$lang['use_ssl']               = 'Ĉu uzi SSL-konekton? Se jes, ne aktivigu TLS sube.';
+$lang['use_tls']               = 'Ĉu uzi TLS-konekton? Se jes, ne aktivigu SSL supre.';
+$lang['debug']                 = 'Ĉu montri aldonajn informojn dum eraroj?';
+$lang['expirywarn']            = 'Tagoj da antaŭaverto pri malvalidiĝonta pasvorto. 0 por malebligi.';
+$lang['additional']            = 'Komodisigita listo de aldonaj AD-atributoj por preni el uzantaj datumoj. Uzita de iuj kromaĵoj.';
-- 
cgit v1.2.3


From e20faad8330af3e6f2edbd6e8dc3f70c05305492 Mon Sep 17 00:00:00 2001
From: Victor Westmann 
Date: Sun, 24 Mar 2013 10:28:51 +0100
Subject: Brazilian Portuguese language update

---
 lib/plugins/authad/lang/pt-br/settings.php | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 lib/plugins/authad/lang/pt-br/settings.php

(limited to 'lib/plugins/authad')

diff --git a/lib/plugins/authad/lang/pt-br/settings.php b/lib/plugins/authad/lang/pt-br/settings.php
new file mode 100644
index 000000000..b8b1efd42
--- /dev/null
+++ b/lib/plugins/authad/lang/pt-br/settings.php
@@ -0,0 +1,16 @@
+
+ */
+$lang['account_suffix']        = 'Sufixo de sua conta. Eg. @meu.domínio.org';
+$lang['base_dn']               = 'Sua base DN. Eg. DC=meu,DC=domínio,DC=org';
+$lang['domain_controllers']    = 'Uma lista de controles de domínios separada por vírgulas. Eg. srv1.domínio.org,srv2.domínio.org';
+$lang['ad_password']           = 'A senha do usuário acima.';
+$lang['sso']                   = 'Usar Single-Sign-On através do Kerberos ou NTLM?';
+$lang['use_ssl']               = 'Usar conexão SSL? Se usar, não habilitar TLS abaixo.';
+$lang['use_tls']               = 'Usar conexão TLS? se usar, não habilitar SSL acima.';
+$lang['debug']                 = 'Mostrar saída adicional de depuração em mensagens de erros?';
+$lang['expirywarn']            = 'Dias com antecedência para avisar o usuário de uma senha que vai expirar. 0 para desabilitar.';
+$lang['additional']            = 'Uma lista separada de vírgulas de atributos adicionais AD para pegar dados de usuários. Usados por alguns plugins.';
-- 
cgit v1.2.3


From 14bc69e3e1db81c4d329a140cb0e095f0dcf9b5e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=EC=9D=B4=EB=AA=85=EC=A7=84?= 
Date: Sun, 24 Mar 2013 10:30:58 +0100
Subject: Korean language update

---
 lib/plugins/authad/lang/ko/settings.php | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 lib/plugins/authad/lang/ko/settings.php

(limited to 'lib/plugins/authad')

diff --git a/lib/plugins/authad/lang/ko/settings.php b/lib/plugins/authad/lang/ko/settings.php
new file mode 100644
index 000000000..31071e9a3
--- /dev/null
+++ b/lib/plugins/authad/lang/ko/settings.php
@@ -0,0 +1,14 @@
+
+ */
+$lang['account_suffix']        = '계정 접미어. 예를 들어 @my.domain.org';
+$lang['base_dn']               = '기본 DN. 예를 들어 DC=my,DC=domain,DC=org';
+$lang['domain_controllers']    = '도메인 컨트롤러의 쉼표로 구분한 목록입니다. 예를 들어 srv1.domain.org,srv2.domain.org';
+$lang['ad_password']           = '위 사용자의 비밀번호입니다.';
+$lang['sso']                   = 'Kerberos나 NTLM을 통해 Single-Sign-On을 사용해야 합니까?';
+$lang['use_ssl']               = 'SSL 연결을 사용합니까? 사용한다면 아래 TLS을 활성화하지 마세요.';
+$lang['use_tls']               = 'TLS 연결을 사용합니까? 사용한다면 위 SSL을 활성화하지 마세요.';
+$lang['debug']                 = '오류에 대한 추가적인 디버그 정보를 보이겠습니까?';
-- 
cgit v1.2.3


From f2b500f5e7be771601ea1b1bc110337883d7caf2 Mon Sep 17 00:00:00 2001
From: Frank Loizzi 
Date: Sun, 24 Mar 2013 10:32:26 +0100
Subject: German (informal) language update

---
 lib/plugins/authad/lang/de-informal/settings.php | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 lib/plugins/authad/lang/de-informal/settings.php

(limited to 'lib/plugins/authad')

diff --git a/lib/plugins/authad/lang/de-informal/settings.php b/lib/plugins/authad/lang/de-informal/settings.php
new file mode 100644
index 000000000..da33a2e98
--- /dev/null
+++ b/lib/plugins/authad/lang/de-informal/settings.php
@@ -0,0 +1,18 @@
+
+ */
+$lang['account_suffix']        = 'Ihre Kontoendung. Z.B. @my.domain.org';
+$lang['base_dn']               = 'Ihre base DN. Z.B. DC=my,DC=domain,DC=org';
+$lang['domain_controllers']    = 'Eine kommaseparierte Liste von Domänenkontrollern. Z.B. srv1.domain.org,srv2.domain.org';
+$lang['ad_username']           = 'Ein priviligierter Active Directory Benutzer mit Zugriff zu allen anderen Benutzerdaten. Optional aber benötigt für einige Aktionen wie das Senden von Mitglieder E-Mails.';
+$lang['ad_password']           = 'Das Passwort des obigen Benutzers.';
+$lang['sso']                   = 'Soll Single-Sign-On via Kerberos oder NTLM benutzt werden?';
+$lang['real_primarygroup']     = 'Soll die echte primäre Gruppe aufgelöst werden anstelle der Annahme "Domain Users" (langsamer)';
+$lang['use_ssl']               = 'SSL-Verbindung benutzen? Falls ja, TLS unterhalb nicht aktivieren.';
+$lang['use_tls']               = 'TLS-Verbindung benutzen? Falls ja, SSL oberhalb nicht aktivieren.';
+$lang['debug']                 = 'Zusätzliche Debug-Informationen bei Fehlern anzeigen?';
+$lang['expirywarn']            = 'Tage im Voraus um Benutzer über ablaufende Passwörter zu informieren. 0 zum Ausschalten.';
+$lang['additional']            = 'Eine kommaseparierte Liste von zusätzlichen AD Attributen von den Benutzdedaten abrufen. Wird von einigen Plugins benutzt.';
-- 
cgit v1.2.3


From 939baf40725d16e0cd929a9dadbf12ae6b0412c6 Mon Sep 17 00:00:00 2001
From: senorandy 
Date: Tue, 26 Mar 2013 10:14:44 +0100
Subject: Update default.php

Wihtout this, unable to fetch any AD info.. also allows SSO.
---
 lib/plugins/authad/conf/default.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'lib/plugins/authad')

diff --git a/lib/plugins/authad/conf/default.php b/lib/plugins/authad/conf/default.php
index 05d6c328e..9274db209 100644
--- a/lib/plugins/authad/conf/default.php
+++ b/lib/plugins/authad/conf/default.php
@@ -4,11 +4,11 @@ $conf['account_suffix']     = '';
 $conf['base_dn']            = '';
 $conf['domain_controllers'] = '';
 $conf['sso']                = 0;
-$conf['ad_username']        = '';
-$conf['ad_password']        = '';
+$conf['admin_username']        = '';
+$conf['admin_password']        = '';
 $conf['real_primarygroup']  = 0;
 $conf['use_ssl']            = 0;
 $conf['use_tls']            = 0;
 $conf['debug']              = 0;
 $conf['expirywarn']         = 0;
-$conf['additional']         = '';
\ No newline at end of file
+$conf['additional']         = '';
-- 
cgit v1.2.3


From 0bb7340a11736568d7b537dfca36e52d5032c193 Mon Sep 17 00:00:00 2001
From: senorandy 
Date: Tue, 26 Mar 2013 10:15:31 +0100
Subject: Update metadata.php

Without this unable to access AD info. Also allows SSO.
---
 lib/plugins/authad/conf/metadata.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'lib/plugins/authad')

diff --git a/lib/plugins/authad/conf/metadata.php b/lib/plugins/authad/conf/metadata.php
index dc251a108..fbc3f163c 100644
--- a/lib/plugins/authad/conf/metadata.php
+++ b/lib/plugins/authad/conf/metadata.php
@@ -4,11 +4,11 @@ $meta['account_suffix']     = array('string');
 $meta['base_dn']            = array('string');
 $meta['domain_controllers'] = array('string');
 $meta['sso']                = array('onoff');
-$meta['ad_username']        = array('string');
-$meta['ad_password']        = array('password');
+$meta['admin_username']        = array('string');
+$meta['admin_password']        = array('password');
 $meta['real_primarygroup']  = array('onoff');
 $meta['use_ssl']            = array('onoff');
 $meta['use_tls']            = array('onoff');
 $meta['debug']              = array('onoff');
 $meta['expirywarn']         = array('numeric', '_min'=>0);
-$meta['additional']         = array('string');
\ No newline at end of file
+$meta['additional']         = array('string');
-- 
cgit v1.2.3


From 3bca6c65969446444ec4e8945d670c815b6ba066 Mon Sep 17 00:00:00 2001
From: senorandy 
Date: Tue, 26 Mar 2013 10:16:05 +0100
Subject: Update settings.php

---
 lib/plugins/authad/lang/en/settings.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'lib/plugins/authad')

diff --git a/lib/plugins/authad/lang/en/settings.php b/lib/plugins/authad/lang/en/settings.php
index 41176847a..7728d5ac4 100644
--- a/lib/plugins/authad/lang/en/settings.php
+++ b/lib/plugins/authad/lang/en/settings.php
@@ -3,12 +3,12 @@
 $lang['account_suffix']     = 'Your account suffix. Eg. @my.domain.org';
 $lang['base_dn']            = 'Your base DN. Eg. DC=my,DC=domain,DC=org';
 $lang['domain_controllers'] = 'A comma separated list of Domain controllers. Eg. srv1.domain.org,srv2.domain.org';
-$lang['ad_username']        = 'A privileged Active Directory user with access to all other user\'s data. Optional, but needed for certain actions like sending subscription mails.';
-$lang['ad_password']        = 'The password of the above user.';
+$lang['admin_username']        = 'A privileged Active Directory user with access to all other user\'s data. Optional, but needed for certain actions like sending subscription mails.';
+$lang['admin_password']        = 'The password of the above user.';
 $lang['sso']                = 'Should Single-Sign-On via Kerberos or NTLM be used?';
 $lang['real_primarygroup']  = 'Should the real primary group be resolved instead of assuming "Domain Users" (slower)';
 $lang['use_ssl']            = 'Use SSL connection? If used, do not enable TLS below.';
 $lang['use_tls']            = 'Use TLS connection? If used, do not enable SSL above.';
 $lang['debug']              = 'Display additional debugging output on errors?';
 $lang['expirywarn']         = 'Days in advance to warn user about expiring password. 0 to disable.';
-$lang['additional']         = 'A comma separated list of additional AD attributes to fetch from user data. Used by some plugins.';
\ No newline at end of file
+$lang['additional']         = 'A comma separated list of additional AD attributes to fetch from user data. Used by some plugins.';
-- 
cgit v1.2.3


From f6af1fe63a13b2734d1b69817ec800c51e6def9c Mon Sep 17 00:00:00 2001
From: lupo49 
Date: Sun, 31 Mar 2013 20:40:03 +0200
Subject: de/de-informal: language updates for the core, authldap, authmysql,
 authpgsql

---
 lib/plugins/authad/lang/de-informal/settings.php | 11 ++++++-----
 lib/plugins/authad/lang/de/settings.php          | 19 +++++++++++++++++++
 2 files changed, 25 insertions(+), 5 deletions(-)
 create mode 100644 lib/plugins/authad/lang/de/settings.php

(limited to 'lib/plugins/authad')

diff --git a/lib/plugins/authad/lang/de-informal/settings.php b/lib/plugins/authad/lang/de-informal/settings.php
index da33a2e98..f6ba679ff 100644
--- a/lib/plugins/authad/lang/de-informal/settings.php
+++ b/lib/plugins/authad/lang/de-informal/settings.php
@@ -3,11 +3,12 @@
  * German (informal) language file
  *
  * @author Frank Loizzi 
+ * @author Matthias Schulte 
  */
-$lang['account_suffix']        = 'Ihre Kontoendung. Z.B. @my.domain.org';
-$lang['base_dn']               = 'Ihre base DN. Z.B. DC=my,DC=domain,DC=org';
-$lang['domain_controllers']    = 'Eine kommaseparierte Liste von Domänenkontrollern. Z.B. srv1.domain.org,srv2.domain.org';
-$lang['ad_username']           = 'Ein priviligierter Active Directory Benutzer mit Zugriff zu allen anderen Benutzerdaten. Optional aber benötigt für einige Aktionen wie das Senden von Mitglieder E-Mails.';
+$lang['account_suffix']        = 'Dein Account-Suffix. Z.B. @my.domain.org';
+$lang['base_dn']               = 'Dein Base-DN. Z.B. DC=my,DC=domain,DC=org';
+$lang['domain_controllers']    = 'Eine Komma-separierte Liste von Domänen-Controllern. Z.B. srv1.domain.org,srv2.domain.org';
+$lang['ad_username']           = 'Ein privilegierter Active Directory-Benutzer mit Zugriff zu allen anderen Benutzerdaten. Optional, aber wird benötigt für Aktionen wie z. B. dass Senden von Benachrichtigungs-Mails.';
 $lang['ad_password']           = 'Das Passwort des obigen Benutzers.';
 $lang['sso']                   = 'Soll Single-Sign-On via Kerberos oder NTLM benutzt werden?';
 $lang['real_primarygroup']     = 'Soll die echte primäre Gruppe aufgelöst werden anstelle der Annahme "Domain Users" (langsamer)';
@@ -15,4 +16,4 @@ $lang['use_ssl']               = 'SSL-Verbindung benutzen? Falls ja, TLS unterha
 $lang['use_tls']               = 'TLS-Verbindung benutzen? Falls ja, SSL oberhalb nicht aktivieren.';
 $lang['debug']                 = 'Zusätzliche Debug-Informationen bei Fehlern anzeigen?';
 $lang['expirywarn']            = 'Tage im Voraus um Benutzer über ablaufende Passwörter zu informieren. 0 zum Ausschalten.';
-$lang['additional']            = 'Eine kommaseparierte Liste von zusätzlichen AD Attributen von den Benutzdedaten abrufen. Wird von einigen Plugins benutzt.';
+$lang['additional']            = 'Eine Komma-separierte Liste von zusätzlichen AD-Attributen, die von den Benutzerobjekten abgefragt werden. Wird von einigen Plugins benutzt.';
diff --git a/lib/plugins/authad/lang/de/settings.php b/lib/plugins/authad/lang/de/settings.php
new file mode 100644
index 000000000..38bccbf24
--- /dev/null
+++ b/lib/plugins/authad/lang/de/settings.php
@@ -0,0 +1,19 @@
+
+ * @author Matthias Schulte 
+ */
+$lang['account_suffix']        = 'Ihr Account-Suffix. Z.B. @my.domain.org';
+$lang['base_dn']               = 'Ihre Base-DN. Z.B. DC=my,DC=domain,DC=org';
+$lang['domain_controllers']    = 'Eine Komma-separierte Liste von Domänen-Controllern. Z.B. srv1.domain.org,srv2.domain.org';
+$lang['ad_username']           = 'Ein priviligierter Active Directory-Benutzer mit Zugriff zu allen anderen Benutzerdaten. Optional, aber wird benötigt für Aktionen wie z. B. dass Senden von Benachrichtigungs-Mails.';
+$lang['ad_password']           = 'Das Passwort des obigen Benutzers.';
+$lang['sso']                   = 'Soll Single-Sign-On via Kerberos oder NTLM benutzt werden?';
+$lang['real_primarygroup']     = 'Soll die echte primäre Gruppe aufgelöst werden anstelle der Annahme "Domain Users" (langsamer)';
+$lang['use_ssl']               = 'SSL-Verbindung benutzen? Falls ja, TLS unterhalb nicht aktivieren.';
+$lang['use_tls']               = 'TLS-Verbindung benutzen? Falls ja, SSL oberhalb nicht aktivieren.';
+$lang['debug']                 = 'Zusätzliche Debug-Informationen bei Fehlern anzeigen?';
+$lang['expirywarn']            = 'Tage im Voraus um Benutzer über ablaufende Passwörter zu informieren. 0 zum Ausschalten.';
+$lang['additional']            = 'Eine Komma-separierte Liste von zusätzlichen AD-Attributen, die von den Benutzerobjekten abgefragt werden. Wird von einigen Plugins benutzt.';
-- 
cgit v1.2.3


From 8ee0487708ea528ade7e43e3688cfd14cf6a7582 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=EC=9D=B4=EB=AA=85=EC=A7=84?= 
Date: Thu, 4 Apr 2013 20:43:19 +0200
Subject: Korean language update

---
 lib/plugins/authad/lang/ko/settings.php | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'lib/plugins/authad')

diff --git a/lib/plugins/authad/lang/ko/settings.php b/lib/plugins/authad/lang/ko/settings.php
index 31071e9a3..6134bd657 100644
--- a/lib/plugins/authad/lang/ko/settings.php
+++ b/lib/plugins/authad/lang/ko/settings.php
@@ -6,9 +6,13 @@
  */
 $lang['account_suffix']        = '계정 접미어. 예를 들어 @my.domain.org';
 $lang['base_dn']               = '기본 DN. 예를 들어 DC=my,DC=domain,DC=org';
-$lang['domain_controllers']    = '도메인 컨트롤러의 쉼표로 구분한 목록입니다. 예를 들어 srv1.domain.org,srv2.domain.org';
-$lang['ad_password']           = '위 사용자의 비밀번호입니다.';
+$lang['domain_controllers']    = '도메인 컨트롤러의 쉼표로 구분한 목록. 예를 들어 srv1.domain.org,srv2.domain.org';
+$lang['ad_username']           = '다른 모든 사용자의 데이터에 접근할 수 있는 권한이 있는 Active Directory 사용자. 선택적이지만 구독 메일을 보내는 등의 특정 작업에 필요합니다.';
+$lang['ad_password']           = '위 사용자의 비밀번호.';
 $lang['sso']                   = 'Kerberos나 NTLM을 통해 Single-Sign-On을 사용해야 합니까?';
+$lang['real_primarygroup']     = '실제 기본 그룹은 "도메인 사용자"를 가정하는 대신 해결될 것입니다 (느림)';
 $lang['use_ssl']               = 'SSL 연결을 사용합니까? 사용한다면 아래 TLS을 활성화하지 마세요.';
 $lang['use_tls']               = 'TLS 연결을 사용합니까? 사용한다면 위 SSL을 활성화하지 마세요.';
 $lang['debug']                 = '오류에 대한 추가적인 디버그 정보를 보이겠습니까?';
+$lang['expirywarn']            = '미리 비밀번호 만료를 사용자에게 경고할 날짜. 0일 경우 비활성화합니다.';
+$lang['additional']            = '사용자 데이터에서 가져올 추가적인 AD 속성의 쉼표로 구분한 목록. 일부 플러그인이 사용합니다.';
-- 
cgit v1.2.3


From ba04585eb6f5ff34f7bd452c14dad1e536693038 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Aivars=20Mi=C5=A1ka?= 
Date: Thu, 4 Apr 2013 20:46:28 +0200
Subject: Latvian language update

---
 lib/plugins/authad/lang/lv/settings.php | 6 ++++++
 1 file changed, 6 insertions(+)
 create mode 100644 lib/plugins/authad/lang/lv/settings.php

(limited to 'lib/plugins/authad')

diff --git a/lib/plugins/authad/lang/lv/settings.php b/lib/plugins/authad/lang/lv/settings.php
new file mode 100644
index 000000000..ced5dabf8
--- /dev/null
+++ b/lib/plugins/authad/lang/lv/settings.php
@@ -0,0 +1,6 @@
+
+ */
-- 
cgit v1.2.3


From 02ea0357f6a255b0f65c967112e6a6d9ec1fa116 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Koot?= 
Date: Thu, 4 Apr 2013 20:48:39 +0200
Subject: Dutch language update

---
 lib/plugins/authad/lang/nl/settings.php | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 lib/plugins/authad/lang/nl/settings.php

(limited to 'lib/plugins/authad')

diff --git a/lib/plugins/authad/lang/nl/settings.php b/lib/plugins/authad/lang/nl/settings.php
new file mode 100644
index 000000000..e73cac75d
--- /dev/null
+++ b/lib/plugins/authad/lang/nl/settings.php
@@ -0,0 +1,17 @@
+@mijn.domein.org';
+$lang['base_dn']               = 'Je basis DN. Bijv. DC=mijn,DC=domein,DC=org';
+$lang['domain_controllers']    = 'Eeen commagesepareerde lijst van domeinservers. Bijv. srv1.domein.org,srv2.domein.org';
+$lang['ad_username']           = 'Een geprivilegeerde Active Directory gebruiker die bij alle gebruikersgegevens kan komen. Optioneel, maar kan nodig zijn voor bepaalde acties, zoals het versturen van abonnementsmailtjes.';
+$lang['ad_password']           = 'Het wachtwoord van bovernvermelde gebruiker.';
+$lang['sso']                   = 'Wordt voor Single-Sign-on Kerberos of NTLM gebruikt?';
+$lang['real_primarygroup']     = 'Moet de echte primaire groep worden opgezocht in plaats van het aannemen van "Domeingebruikers" (langzamer)';
+$lang['use_ssl']               = 'SSL verbinding gebruiken? Zo ja, gebruik dan TLS hieronder niet.';
+$lang['use_tls']               = 'TLS verbinding gebruiken? Zo ja, activeer dan niet de SSL verbinding hierboven.';
+$lang['debug']                 = 'Aanvullende debug informatie tonen bij fouten?';
+$lang['expirywarn']            = 'Waarschuwingstermijn voor vervallen wachtwoord. 0 om te deactiveren.';
+$lang['additional']            = 'Commagesepareerde lijst van aanvullend uit AD op te halen attributen. Gebruikt door sommige plugins.';
-- 
cgit v1.2.3


From ba09710ad34bb383ae3526e84490a3d545f78866 Mon Sep 17 00:00:00 2001
From: Martin Terber 
Date: Mon, 15 Apr 2013 21:55:41 +0200
Subject: German language update

---
 lib/plugins/authad/lang/de/settings.php | 17 ++---------------
 1 file changed, 2 insertions(+), 15 deletions(-)

(limited to 'lib/plugins/authad')

diff --git a/lib/plugins/authad/lang/de/settings.php b/lib/plugins/authad/lang/de/settings.php
index 38bccbf24..a1a99b6d6 100644
--- a/lib/plugins/authad/lang/de/settings.php
+++ b/lib/plugins/authad/lang/de/settings.php
@@ -1,19 +1,6 @@
 
- * @author Matthias Schulte 
+ * @author Mateng Schimmerlos )
  */
-$lang['account_suffix']        = 'Ihr Account-Suffix. Z.B. @my.domain.org';
-$lang['base_dn']               = 'Ihre Base-DN. Z.B. DC=my,DC=domain,DC=org';
-$lang['domain_controllers']    = 'Eine Komma-separierte Liste von Domänen-Controllern. Z.B. srv1.domain.org,srv2.domain.org';
-$lang['ad_username']           = 'Ein priviligierter Active Directory-Benutzer mit Zugriff zu allen anderen Benutzerdaten. Optional, aber wird benötigt für Aktionen wie z. B. dass Senden von Benachrichtigungs-Mails.';
-$lang['ad_password']           = 'Das Passwort des obigen Benutzers.';
-$lang['sso']                   = 'Soll Single-Sign-On via Kerberos oder NTLM benutzt werden?';
-$lang['real_primarygroup']     = 'Soll die echte primäre Gruppe aufgelöst werden anstelle der Annahme "Domain Users" (langsamer)';
-$lang['use_ssl']               = 'SSL-Verbindung benutzen? Falls ja, TLS unterhalb nicht aktivieren.';
-$lang['use_tls']               = 'TLS-Verbindung benutzen? Falls ja, SSL oberhalb nicht aktivieren.';
-$lang['debug']                 = 'Zusätzliche Debug-Informationen bei Fehlern anzeigen?';
-$lang['expirywarn']            = 'Tage im Voraus um Benutzer über ablaufende Passwörter zu informieren. 0 zum Ausschalten.';
-$lang['additional']            = 'Eine Komma-separierte Liste von zusätzlichen AD-Attributen, die von den Benutzerobjekten abgefragt werden. Wird von einigen Plugins benutzt.';
-- 
cgit v1.2.3


From 4931ae526572ef290d7337eca9a37786c7108f59 Mon Sep 17 00:00:00 2001
From: Otto Vainio 
Date: Mon, 15 Apr 2013 21:56:46 +0200
Subject: Finnish language update

---
 lib/plugins/authad/lang/fi/settings.php | 6 ++++++
 1 file changed, 6 insertions(+)
 create mode 100644 lib/plugins/authad/lang/fi/settings.php

(limited to 'lib/plugins/authad')

diff --git a/lib/plugins/authad/lang/fi/settings.php b/lib/plugins/authad/lang/fi/settings.php
new file mode 100644
index 000000000..d3aa13e07
--- /dev/null
+++ b/lib/plugins/authad/lang/fi/settings.php
@@ -0,0 +1,6 @@
+
+ */
-- 
cgit v1.2.3


From 3002d731a466d09ce747cfbbe930444ee584f118 Mon Sep 17 00:00:00 2001
From: Andreas Gohr 
Date: Fri, 19 Apr 2013 10:25:36 +0200
Subject: adjusted authad language files for config option change

---
 lib/plugins/authad/auth.php                      |  4 ++--
 lib/plugins/authad/lang/bg/settings.php          |  4 ++--
 lib/plugins/authad/lang/de-informal/settings.php |  4 ++--
 lib/plugins/authad/lang/de/settings.php          | 17 +++++++++++++++--
 lib/plugins/authad/lang/en/settings.php          |  4 ++--
 lib/plugins/authad/lang/eo/settings.php          |  4 ++--
 lib/plugins/authad/lang/fr/settings.php          |  4 ++--
 lib/plugins/authad/lang/ko/settings.php          |  4 ++--
 lib/plugins/authad/lang/nl/settings.php          |  4 ++--
 lib/plugins/authad/lang/pt-br/settings.php       |  2 +-
 lib/plugins/authad/lang/zh-tw/settings.php       |  4 ++--
 lib/plugins/authad/lang/zh/settings.php          |  4 ++--
 12 files changed, 36 insertions(+), 23 deletions(-)

(limited to 'lib/plugins/authad')

diff --git a/lib/plugins/authad/auth.php b/lib/plugins/authad/auth.php
index 6c49eafbb..f7f350c3f 100644
--- a/lib/plugins/authad/auth.php
+++ b/lib/plugins/authad/auth.php
@@ -21,8 +21,8 @@ require_once(DOKU_PLUGIN.'authad/adLDAP/adLDAP.php');
  *
  *   //optional:
  *   $conf['plugin']['authad']['sso']                = 1;
- *   $conf['plugin']['authad']['ad_username']        = 'root';
- *   $conf['plugin']['authad']['ad_password']        = 'pass';
+ *   $conf['plugin']['authad']['admin_username']     = 'root';
+ *   $conf['plugin']['authad']['admin_password']     = 'pass';
  *   $conf['plugin']['authad']['real_primarygroup']  = 1;
  *   $conf['plugin']['authad']['use_ssl']            = 1;
  *   $conf['plugin']['authad']['use_tls']            = 1;
diff --git a/lib/plugins/authad/lang/bg/settings.php b/lib/plugins/authad/lang/bg/settings.php
index d63331078..877810c4e 100644
--- a/lib/plugins/authad/lang/bg/settings.php
+++ b/lib/plugins/authad/lang/bg/settings.php
@@ -7,8 +7,8 @@
 $lang['account_suffix']     = 'Наставка на акаунта Ви. Например @някакъв.домейн.org';
 $lang['base_dn']            = 'Вашият основен DN. Например DC=моят,DC=домейн,DC=org';
 $lang['domain_controllers'] = 'Domain controller списък, разделете сървърите със запетая. Например сървър1.домейн.org,сървър2.домейн.org';
-$lang['ad_username']        = 'Привилегирован Active Directory потребител с достъп до данните на останалите потребители. Не е задължително, но е необходимо за някои функционалности като изпращането на имейл за абонаменти.';
-$lang['ad_password']        = 'Паролата на горния потребител.';
+$lang['admin_username']     = 'Привилегирован Active Directory потребител с достъп до данните на останалите потребители. Не е задължително, но е необходимо за някои функционалности като изпращането на имейл за абонаменти.';
+$lang['admin_password']     = 'Паролата на горния потребител.';
 $lang['sso']                = 'Да се ползва ли еднократно вписване чрез Kerberos или NTLM?';
 $lang['real_primarygroup']  = 'Да се извлича ли истинската група вместо да се предполага "Domain Users" (по-бавно)';
 $lang['use_ssl']            = 'Ползване на SSL свързаност? Не отбелязвайте TLS (по-долу) ако включите опцията.';
diff --git a/lib/plugins/authad/lang/de-informal/settings.php b/lib/plugins/authad/lang/de-informal/settings.php
index f6ba679ff..4d0b93e5d 100644
--- a/lib/plugins/authad/lang/de-informal/settings.php
+++ b/lib/plugins/authad/lang/de-informal/settings.php
@@ -8,8 +8,8 @@
 $lang['account_suffix']        = 'Dein Account-Suffix. Z.B. @my.domain.org';
 $lang['base_dn']               = 'Dein Base-DN. Z.B. DC=my,DC=domain,DC=org';
 $lang['domain_controllers']    = 'Eine Komma-separierte Liste von Domänen-Controllern. Z.B. srv1.domain.org,srv2.domain.org';
-$lang['ad_username']           = 'Ein privilegierter Active Directory-Benutzer mit Zugriff zu allen anderen Benutzerdaten. Optional, aber wird benötigt für Aktionen wie z. B. dass Senden von Benachrichtigungs-Mails.';
-$lang['ad_password']           = 'Das Passwort des obigen Benutzers.';
+$lang['admin_username']        = 'Ein privilegierter Active Directory-Benutzer mit Zugriff zu allen anderen Benutzerdaten. Optional, aber wird benötigt für Aktionen wie z. B. dass Senden von Benachrichtigungs-Mails.';
+$lang['admin_password']        = 'Das Passwort des obigen Benutzers.';
 $lang['sso']                   = 'Soll Single-Sign-On via Kerberos oder NTLM benutzt werden?';
 $lang['real_primarygroup']     = 'Soll die echte primäre Gruppe aufgelöst werden anstelle der Annahme "Domain Users" (langsamer)';
 $lang['use_ssl']               = 'SSL-Verbindung benutzen? Falls ja, TLS unterhalb nicht aktivieren.';
diff --git a/lib/plugins/authad/lang/de/settings.php b/lib/plugins/authad/lang/de/settings.php
index a1a99b6d6..acfa7e574 100644
--- a/lib/plugins/authad/lang/de/settings.php
+++ b/lib/plugins/authad/lang/de/settings.php
@@ -1,6 +1,19 @@
 )
+ * @author Frank Loizzi 
+ * @author Matthias Schulte 
  */
+$lang['account_suffix']        = 'Ihr Account-Suffix. Z.B. @my.domain.org';
+$lang['base_dn']               = 'Ihr Base-DN. z.B. DC=my,DC=domain,DC=org';
+$lang['domain_controllers']    = 'Eine Komma-separierte Liste von Domänen-Controllern. Z.B. srv1.domain.org,srv2.domain.org';
+$lang['admin_username']        = 'Ein privilegierter Active Directory-Benutzer mit Zugriff zu allen anderen Benutzerdaten. Optional, aber wird benötigt für Aktionen wie z. B. dass Senden von Benachrichtigungs-Mails.';
+$lang['admin_password']        = 'Das Passwort des obigen Benutzers.';
+$lang['sso']                   = 'Soll Single-Sign-On via Kerberos oder NTLM benutzt werden?';
+$lang['real_primarygroup']     = 'Soll die echte primäre Gruppe aufgelöst werden anstelle der Annahme "Domain Users" (langsamer)';
+$lang['use_ssl']               = 'SSL-Verbindung benutzen? Falls ja, TLS unterhalb nicht aktivieren.';
+$lang['use_tls']               = 'TLS-Verbindung benutzen? Falls ja, SSL oberhalb nicht aktivieren.';
+$lang['debug']                 = 'Zusätzliche Debug-Informationen bei Fehlern anzeigen?';
+$lang['expirywarn']            = 'Tage im Voraus um Benutzer über ablaufende Passwörter zu informieren. 0 zum Ausschalten.';
+$lang['additional']            = 'Eine Komma-separierte Liste von zusätzlichen AD-Attributen, die von den Benutzerobjekten abgefragt werden. Wird von einigen Plugins benutzt.';
diff --git a/lib/plugins/authad/lang/en/settings.php b/lib/plugins/authad/lang/en/settings.php
index 7728d5ac4..aff49550b 100644
--- a/lib/plugins/authad/lang/en/settings.php
+++ b/lib/plugins/authad/lang/en/settings.php
@@ -3,8 +3,8 @@
 $lang['account_suffix']     = 'Your account suffix. Eg. @my.domain.org';
 $lang['base_dn']            = 'Your base DN. Eg. DC=my,DC=domain,DC=org';
 $lang['domain_controllers'] = 'A comma separated list of Domain controllers. Eg. srv1.domain.org,srv2.domain.org';
-$lang['admin_username']        = 'A privileged Active Directory user with access to all other user\'s data. Optional, but needed for certain actions like sending subscription mails.';
-$lang['admin_password']        = 'The password of the above user.';
+$lang['admin_username']     = 'A privileged Active Directory user with access to all other user\'s data. Optional, but needed for certain actions like sending subscription mails.';
+$lang['admin_password']     = 'The password of the above user.';
 $lang['sso']                = 'Should Single-Sign-On via Kerberos or NTLM be used?';
 $lang['real_primarygroup']  = 'Should the real primary group be resolved instead of assuming "Domain Users" (slower)';
 $lang['use_ssl']            = 'Use SSL connection? If used, do not enable TLS below.';
diff --git a/lib/plugins/authad/lang/eo/settings.php b/lib/plugins/authad/lang/eo/settings.php
index 85a6abd98..8bd34b439 100644
--- a/lib/plugins/authad/lang/eo/settings.php
+++ b/lib/plugins/authad/lang/eo/settings.php
@@ -6,8 +6,8 @@
 $lang['account_suffix']        = 'Via konto-aldonaĵo, ekz. @mia.domajno.lando';
 $lang['base_dn']               = 'Via baza DN, ekz. DC=mia,DC=domajno,DC=lando';
 $lang['domain_controllers']    = 'Komodisigita listo de domajno-serviloj, ekz. srv1.domajno.lando,srv2.domajno.lando';
-$lang['ad_username']           = 'Privilegiita Aktiv-Dosieruja uzanto kun aliro al ĉiuj uzantaj datumoj. Libervole, sed necesa por iuj agadoj kiel sendi abonan retpoŝton.';
-$lang['ad_password']           = 'La pasvorto de tiu uzanto.';
+$lang['admin_username']        = 'Privilegiita Aktiv-Dosieruja uzanto kun aliro al ĉiuj uzantaj datumoj. Libervole, sed necesa por iuj agadoj kiel sendi abonan retpoŝton.';
+$lang['admin_password']        = 'La pasvorto de tiu uzanto.';
 $lang['sso']                   = 'Ĉu uzi Sola Aliro tra Kerberos aŭ NTLM?';
 $lang['real_primarygroup']     = 'Ĉu trovi la veran ĉefan grupon anstataŭ supozi "Domajnuzantoj" (pli malrapida)?';
 $lang['use_ssl']               = 'Ĉu uzi SSL-konekton? Se jes, ne aktivigu TLS sube.';
diff --git a/lib/plugins/authad/lang/fr/settings.php b/lib/plugins/authad/lang/fr/settings.php
index efbca89f9..5480a3d44 100644
--- a/lib/plugins/authad/lang/fr/settings.php
+++ b/lib/plugins/authad/lang/fr/settings.php
@@ -7,8 +7,8 @@
 $lang['account_suffix']        = 'Le suffixe de votre compte. Ex.: @mon.domaine.org';
 $lang['base_dn']               = 'Votre nom de domaine de base. DC=mon,DC=domaine,DC=org';
 $lang['domain_controllers']    = 'Une liste de contrôleurs de domaine séparés par des virgules. Ex.: srv1.domaine.org,srv2.domaine.org';
-$lang['ad_username']           = 'Un utilisateur Active Directory avec accès aux données de tous les autres utilisateurs. Facultatif, mais nécessaire pour certaines actions telles que l\'envoi de courriels d\'abonnement.';
-$lang['ad_password']           = 'Le mot de passe de l\'utilisateur ci-dessus.';
+$lang['admin_username']        = 'Un utilisateur Active Directory avec accès aux données de tous les autres utilisateurs. Facultatif, mais nécessaire pour certaines actions telles que l\'envoi de courriels d\'abonnement.';
+$lang['admin_password']        = 'Le mot de passe de l\'utilisateur ci-dessus.';
 $lang['sso']                   = 'Est-ce que la connexion unique (Single-Sign-On) par Kerberos ou NTLM doit être utilisée?';
 $lang['real_primarygroup']     = 'Est-ce que le véritable groupe principal doit être résolu au lieu de présumer "Domain Users" (plus lent)?';
 $lang['use_ssl']               = 'Utiliser une connexion SSL? Si utilisée, n\'activez pas TLS ci-dessous.';
diff --git a/lib/plugins/authad/lang/ko/settings.php b/lib/plugins/authad/lang/ko/settings.php
index 6134bd657..f2bf52681 100644
--- a/lib/plugins/authad/lang/ko/settings.php
+++ b/lib/plugins/authad/lang/ko/settings.php
@@ -7,8 +7,8 @@
 $lang['account_suffix']        = '계정 접미어. 예를 들어 @my.domain.org';
 $lang['base_dn']               = '기본 DN. 예를 들어 DC=my,DC=domain,DC=org';
 $lang['domain_controllers']    = '도메인 컨트롤러의 쉼표로 구분한 목록. 예를 들어 srv1.domain.org,srv2.domain.org';
-$lang['ad_username']           = '다른 모든 사용자의 데이터에 접근할 수 있는 권한이 있는 Active Directory 사용자. 선택적이지만 구독 메일을 보내는 등의 특정 작업에 필요합니다.';
-$lang['ad_password']           = '위 사용자의 비밀번호.';
+$lang['admin_username']        = '다른 모든 사용자의 데이터에 접근할 수 있는 권한이 있는 Active Directory 사용자. 선택적이지만 구독 메일을 보내는 등의 특정 작업에 필요합니다.';
+$lang['admin_password']        = '위 사용자의 비밀번호.';
 $lang['sso']                   = 'Kerberos나 NTLM을 통해 Single-Sign-On을 사용해야 합니까?';
 $lang['real_primarygroup']     = '실제 기본 그룹은 "도메인 사용자"를 가정하는 대신 해결될 것입니다 (느림)';
 $lang['use_ssl']               = 'SSL 연결을 사용합니까? 사용한다면 아래 TLS을 활성화하지 마세요.';
diff --git a/lib/plugins/authad/lang/nl/settings.php b/lib/plugins/authad/lang/nl/settings.php
index e73cac75d..933566d18 100644
--- a/lib/plugins/authad/lang/nl/settings.php
+++ b/lib/plugins/authad/lang/nl/settings.php
@@ -6,8 +6,8 @@
 $lang['account_suffix']        = 'Je account domeinnaam. Bijv @mijn.domein.org';
 $lang['base_dn']               = 'Je basis DN. Bijv. DC=mijn,DC=domein,DC=org';
 $lang['domain_controllers']    = 'Eeen commagesepareerde lijst van domeinservers. Bijv. srv1.domein.org,srv2.domein.org';
-$lang['ad_username']           = 'Een geprivilegeerde Active Directory gebruiker die bij alle gebruikersgegevens kan komen. Optioneel, maar kan nodig zijn voor bepaalde acties, zoals het versturen van abonnementsmailtjes.';
-$lang['ad_password']           = 'Het wachtwoord van bovernvermelde gebruiker.';
+$lang['admin_username']        = 'Een geprivilegeerde Active Directory gebruiker die bij alle gebruikersgegevens kan komen. Optioneel, maar kan nodig zijn voor bepaalde acties, zoals het versturen van abonnementsmailtjes.';
+$lang['admin_password']        = 'Het wachtwoord van bovernvermelde gebruiker.';
 $lang['sso']                   = 'Wordt voor Single-Sign-on Kerberos of NTLM gebruikt?';
 $lang['real_primarygroup']     = 'Moet de echte primaire groep worden opgezocht in plaats van het aannemen van "Domeingebruikers" (langzamer)';
 $lang['use_ssl']               = 'SSL verbinding gebruiken? Zo ja, gebruik dan TLS hieronder niet.';
diff --git a/lib/plugins/authad/lang/pt-br/settings.php b/lib/plugins/authad/lang/pt-br/settings.php
index b8b1efd42..29f8db4ad 100644
--- a/lib/plugins/authad/lang/pt-br/settings.php
+++ b/lib/plugins/authad/lang/pt-br/settings.php
@@ -7,7 +7,7 @@
 $lang['account_suffix']        = 'Sufixo de sua conta. Eg. @meu.domínio.org';
 $lang['base_dn']               = 'Sua base DN. Eg. DC=meu,DC=domínio,DC=org';
 $lang['domain_controllers']    = 'Uma lista de controles de domínios separada por vírgulas. Eg. srv1.domínio.org,srv2.domínio.org';
-$lang['ad_password']           = 'A senha do usuário acima.';
+$lang['admin_password']        = 'A senha do usuário acima.';
 $lang['sso']                   = 'Usar Single-Sign-On através do Kerberos ou NTLM?';
 $lang['use_ssl']               = 'Usar conexão SSL? Se usar, não habilitar TLS abaixo.';
 $lang['use_tls']               = 'Usar conexão TLS? se usar, não habilitar SSL acima.';
diff --git a/lib/plugins/authad/lang/zh-tw/settings.php b/lib/plugins/authad/lang/zh-tw/settings.php
index e38a2c007..c46e5f96f 100644
--- a/lib/plugins/authad/lang/zh-tw/settings.php
+++ b/lib/plugins/authad/lang/zh-tw/settings.php
@@ -7,8 +7,8 @@
 $lang['account_suffix']        = '您的帳號後綴。如: @my.domain.org';
 $lang['base_dn']               = '您的基本識別名。如: DC=my,DC=domain,DC=org';
 $lang['domain_controllers']    = '以逗號分隔的域名控制器列表。如: srv1.domain.org,srv2.domain.org';
-$lang['ad_username']           = 'Active Directory 的特權使用者,可以查看所有使用者的數據。(非必要,但對發送訂閱郵件等活動來說,這是必須的。)';
-$lang['ad_password']           = '上述使用者的密碼。';
+$lang['admin_username']        = 'Active Directory 的特權使用者,可以查看所有使用者的數據。(非必要,但對發送訂閱郵件等活動來說,這是必須的。)';
+$lang['admin_password']        = '上述使用者的密碼。';
 $lang['sso']                   = '是否使用 Kerberos 或 NTLM 的單一登入系統 (Single-Sign-On)?';
 $lang['real_primarygroup']     = '是否視作真正的主要群組,而不是假設為網域使用者 (比較慢)';
 $lang['use_ssl']               = '使用 SSL 連接嗎?如果要使用,請不要啟用下方的 TLS。';
diff --git a/lib/plugins/authad/lang/zh/settings.php b/lib/plugins/authad/lang/zh/settings.php
index 9fd3c4e35..0ad8d4e4f 100644
--- a/lib/plugins/authad/lang/zh/settings.php
+++ b/lib/plugins/authad/lang/zh/settings.php
@@ -7,8 +7,8 @@
 $lang['account_suffix']        = '您的账户后缀。例如 @my.domain.org';
 $lang['base_dn']               = '您的基本分辨名。例如 DC=my,DC=domain,DC=org';
 $lang['domain_controllers']    = '逗号分隔的域名控制器列表。例如 srv1.domain.org,srv2.domain.org';
-$lang['ad_username']           = '一个活动目录的特权用户,可以查看其他所有用户的数据。可选,但对某些活动例如发送订阅邮件是必须的。';
-$lang['ad_password']           = '上述用户的密码。';
+$lang['admin_username']        = '一个活动目录的特权用户,可以查看其他所有用户的数据。可选,但对某些活动例如发送订阅邮件是必须的。';
+$lang['admin_password']        = '上述用户的密码。';
 $lang['sso']                   = '是否使用经由 Kerberos 和 NTLM 的 Single-Sign-On?';
 $lang['real_primarygroup']     = ' 是否解析真实的主要组,而不是假设为“域用户” (较慢)';
 $lang['use_ssl']               = '使用 SSL 连接?如果是,不要激活下面的 TLS。';
-- 
cgit v1.2.3


From bba10e63fd89accbcf180b64adbd26e32ffb1810 Mon Sep 17 00:00:00 2001
From: lupo49 
Date: Sun, 21 Apr 2013 21:24:28 +0200
Subject: Revert "German language update"

This reverts commit ba09710ad34bb383ae3526e84490a3d545f78866.

Conflicts:
	lib/plugins/authad/lang/de/settings.php
---
 lib/plugins/authad/lang/de/settings.php | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'lib/plugins/authad')

diff --git a/lib/plugins/authad/lang/de/settings.php b/lib/plugins/authad/lang/de/settings.php
index acfa7e574..650f9f362 100644
--- a/lib/plugins/authad/lang/de/settings.php
+++ b/lib/plugins/authad/lang/de/settings.php
@@ -5,11 +5,11 @@
  * @author Frank Loizzi 
  * @author Matthias Schulte 
  */
-$lang['account_suffix']        = 'Ihr Account-Suffix. Z.B. @my.domain.org';
-$lang['base_dn']               = 'Ihr Base-DN. z.B. DC=my,DC=domain,DC=org';
-$lang['domain_controllers']    = 'Eine Komma-separierte Liste von Domänen-Controllern. Z.B. srv1.domain.org,srv2.domain.org';
-$lang['admin_username']        = 'Ein privilegierter Active Directory-Benutzer mit Zugriff zu allen anderen Benutzerdaten. Optional, aber wird benötigt für Aktionen wie z. B. dass Senden von Benachrichtigungs-Mails.';
-$lang['admin_password']        = 'Das Passwort des obigen Benutzers.';
+$lang['account_suffix']        = 'Ihr Account-Suffix. Z. B. @my.domain.org';
+$lang['base_dn']               = 'Ihr Base-DN. Z. B. DC=my,DC=domain,DC=org';
+$lang['domain_controllers']    = 'Eine Komma-separierte Liste von Domänen-Controllern. Z. B. srv1.domain.org,srv2.domain.org';
+$lang['ad_username']           = 'Ein priviligierter Active Directory-Benutzer mit Zugriff zu allen anderen Benutzerdaten. Optional, aber wird benötigt für Aktionen wie z. B. dass Senden von Benachrichtigungs-Mails.';
+$lang['ad_password']           = 'Das Passwort des obigen Benutzers.';
 $lang['sso']                   = 'Soll Single-Sign-On via Kerberos oder NTLM benutzt werden?';
 $lang['real_primarygroup']     = 'Soll die echte primäre Gruppe aufgelöst werden anstelle der Annahme "Domain Users" (langsamer)';
 $lang['use_ssl']               = 'SSL-Verbindung benutzen? Falls ja, TLS unterhalb nicht aktivieren.';
-- 
cgit v1.2.3


From 1b228d28eda480cd189c68eadd1172c9409c6ef7 Mon Sep 17 00:00:00 2001
From: Klap-in 
Date: Sun, 21 Apr 2013 21:24:33 +0200
Subject: Rename ad_username to admin_username canDo getUsers to false when
 unavailable

---
 lib/plugins/authad/auth.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'lib/plugins/authad')

diff --git a/lib/plugins/authad/auth.php b/lib/plugins/authad/auth.php
index f7f350c3f..5985cd18f 100644
--- a/lib/plugins/authad/auth.php
+++ b/lib/plugins/authad/auth.php
@@ -469,10 +469,10 @@ class auth_plugin_authad extends DokuWiki_Auth_Plugin {
             $this->cando['modPass'] = false;
         }
 
-        if(isset($opts['ad_username']) && isset($opts['ad_password'])) {
+        if(isset($opts['admin_username']) && isset($opts['admin_password'])) {
             $this->cando['getUsers'] = true;
         } else {
-            $this->cando['getUsers'] = true;
+            $this->cando['getUsers'] = false;
         }
 
         return $opts;
-- 
cgit v1.2.3


From eb12065057595644fb1dcd333930e0653c024049 Mon Sep 17 00:00:00 2001
From: Klap-in 
Date: Mon, 22 Apr 2013 20:46:05 +0200
Subject: fix ids in de lang of authAD

---
 lib/plugins/authad/lang/de/settings.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'lib/plugins/authad')

diff --git a/lib/plugins/authad/lang/de/settings.php b/lib/plugins/authad/lang/de/settings.php
index 650f9f362..f4e86dedd 100644
--- a/lib/plugins/authad/lang/de/settings.php
+++ b/lib/plugins/authad/lang/de/settings.php
@@ -8,8 +8,8 @@
 $lang['account_suffix']        = 'Ihr Account-Suffix. Z. B. @my.domain.org';
 $lang['base_dn']               = 'Ihr Base-DN. Z. B. DC=my,DC=domain,DC=org';
 $lang['domain_controllers']    = 'Eine Komma-separierte Liste von Domänen-Controllern. Z. B. srv1.domain.org,srv2.domain.org';
-$lang['ad_username']           = 'Ein priviligierter Active Directory-Benutzer mit Zugriff zu allen anderen Benutzerdaten. Optional, aber wird benötigt für Aktionen wie z. B. dass Senden von Benachrichtigungs-Mails.';
-$lang['ad_password']           = 'Das Passwort des obigen Benutzers.';
+$lang['admin_username']        = 'Ein priviligierter Active Directory-Benutzer mit Zugriff zu allen anderen Benutzerdaten. Optional, aber wird benötigt für Aktionen wie z. B. dass Senden von Benachrichtigungs-Mails.';
+$lang['admin_password']        = 'Das Passwort des obigen Benutzers.';
 $lang['sso']                   = 'Soll Single-Sign-On via Kerberos oder NTLM benutzt werden?';
 $lang['real_primarygroup']     = 'Soll die echte primäre Gruppe aufgelöst werden anstelle der Annahme "Domain Users" (langsamer)';
 $lang['use_ssl']               = 'SSL-Verbindung benutzen? Falls ja, TLS unterhalb nicht aktivieren.';
-- 
cgit v1.2.3


From 87945c0e9622dca02b441749b7ed54cc67801475 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=EC=9D=B4=EB=AA=85=EC=A7=84?= 
Date: Mon, 22 Apr 2013 21:50:17 +0200
Subject: Japanese language update

---
 lib/plugins/authad/lang/ja/settings.php | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 lib/plugins/authad/lang/ja/settings.php

(limited to 'lib/plugins/authad')

diff --git a/lib/plugins/authad/lang/ja/settings.php b/lib/plugins/authad/lang/ja/settings.php
new file mode 100644
index 000000000..576f0eeb5
--- /dev/null
+++ b/lib/plugins/authad/lang/ja/settings.php
@@ -0,0 +1,5 @@
+
Date: Mon, 22 Apr 2013 22:03:13 +0200
Subject: fix expiry check for adLDAP version FS#2759

---
 lib/plugins/authad/auth.php | 32 +++++++++++++++++---------------
 1 file changed, 17 insertions(+), 15 deletions(-)

(limited to 'lib/plugins/authad')

diff --git a/lib/plugins/authad/auth.php b/lib/plugins/authad/auth.php
index 5985cd18f..95a25c5af 100644
--- a/lib/plugins/authad/auth.php
+++ b/lib/plugins/authad/auth.php
@@ -218,22 +218,24 @@ class auth_plugin_authad extends DokuWiki_Auth_Plugin {
 
         // check expiry time
         if($info['expires'] && $this->conf['expirywarn']){
-            $timeleft = $adldap->user()->passwordExpiry($user); // returns unixtime
-            $timeleft = round($timeleft/(24*60*60));
-            $info['expiresin'] = $timeleft;
-
-            // if this is the current user, warn him (once per request only)
-            if(($_SERVER['REMOTE_USER'] == $user) &&
-                ($timeleft <= $this->conf['expirywarn']) &&
-                !$this->msgshown
-            ) {
-                $msg = sprintf($lang['authpwdexpire'], $timeleft);
-                if($this->canDo('modPass')) {
-                    $url = wl($ID, array('do'=> 'profile'));
-                    $msg .= ' '.$lang['btn_profile'].'';
+            $expiry = $adldap->user()->passwordExpiry($user);
+            if(is_array($expiry)){
+                $info['expiresat'] = $expiry['expiryts'];
+                $info['expiresin'] = round(($info['expiresat'] - time())/(24*60*60));
+
+                // if this is the current user, warn him (once per request only)
+                if(($_SERVER['REMOTE_USER'] == $user) &&
+                    ($info['expiresin'] <= $this->conf['expirywarn']) &&
+                    !$this->msgshown
+                ) {
+                    $msg = sprintf($lang['authpwdexpire'], $info['expiresin']);
+                    if($this->canDo('modPass')) {
+                        $url = wl($ID, array('do'=> 'profile'));
+                        $msg .= ' '.$lang['btn_profile'].'';
+                    }
+                    msg($msg);
+                    $this->msgshown = true;
                 }
-                msg($msg);
-                $this->msgshown = true;
             }
         }
 
-- 
cgit v1.2.3


From 14642325892b50c3a95bead35efca7c5a6f16dc7 Mon Sep 17 00:00:00 2001
From: Andreas Gohr 
Date: Thu, 25 Apr 2013 15:57:55 +0200
Subject: authad: don't request empty fields

---
 lib/plugins/authad/auth.php | 1 +
 1 file changed, 1 insertion(+)

(limited to 'lib/plugins/authad')

diff --git a/lib/plugins/authad/auth.php b/lib/plugins/authad/auth.php
index 95a25c5af..d6455c751 100644
--- a/lib/plugins/authad/auth.php
+++ b/lib/plugins/authad/auth.php
@@ -172,6 +172,7 @@ class auth_plugin_authad extends DokuWiki_Auth_Plugin {
         // add additional fields to read
         $fields = array_merge($fields, $this->conf['additional']);
         $fields = array_unique($fields);
+        $fields = array_filter($fields);
 
         //get info for given user
         $result = $adldap->user()->info($this->_userName($user), $fields);
-- 
cgit v1.2.3


From 8257d713a47c1819c2c33ddd2b868eea62d9f6fc Mon Sep 17 00:00:00 2001
From: Andreas Gohr 
Date: Thu, 25 Apr 2013 16:05:53 +0200
Subject: authad: added compatibility for old option names

adLDAP renamed the ad_username and ad_password to admin_username
admin_password recently. this makes our backend recognize the old
settings
---
 lib/plugins/authad/auth.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'lib/plugins/authad')

diff --git a/lib/plugins/authad/auth.php b/lib/plugins/authad/auth.php
index d6455c751..5d5f532b6 100644
--- a/lib/plugins/authad/auth.php
+++ b/lib/plugins/authad/auth.php
@@ -465,6 +465,10 @@ class auth_plugin_authad extends DokuWiki_Auth_Plugin {
         $opts['domain_controllers'] = array_map('trim', $opts['domain_controllers']);
         $opts['domain_controllers'] = array_filter($opts['domain_controllers']);
 
+        // compatibility with old option name
+        if(empty($opts['admin_username']) && !empty($opts['ad_username'])) $opts['admin_username'] = $opts['ad_username'];
+        if(empty($opts['admin_password']) && !empty($opts['ad_password'])) $opts['admin_password'] = $opts['ad_password'];
+
         // we can change the password if SSL is set
         if($opts['use_ssl'] || $opts['use_tls']) {
             $this->cando['modPass'] = true;
@@ -472,7 +476,7 @@ class auth_plugin_authad extends DokuWiki_Auth_Plugin {
             $this->cando['modPass'] = false;
         }
 
-        if(isset($opts['admin_username']) && isset($opts['admin_password'])) {
+        if(!empty($opts['admin_username']) && !empty($opts['admin_password'])) {
             $this->cando['getUsers'] = true;
         } else {
             $this->cando['getUsers'] = false;
-- 
cgit v1.2.3


From a154806fb54c04841a42641bf5d66716d89c1554 Mon Sep 17 00:00:00 2001
From: Andreas Gohr 
Date: Thu, 25 Apr 2013 16:43:54 +0200
Subject: authad: capabilities depend on userdomain specific config

---
 lib/plugins/authad/auth.php | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'lib/plugins/authad')

diff --git a/lib/plugins/authad/auth.php b/lib/plugins/authad/auth.php
index 5d5f532b6..b6b5dd268 100644
--- a/lib/plugins/authad/auth.php
+++ b/lib/plugins/authad/auth.php
@@ -110,6 +110,19 @@ class auth_plugin_authad extends DokuWiki_Auth_Plugin {
         $this->cando['modMail'] = true;
     }
 
+    /**
+     * Load domain config on capability check
+     *
+     * @param string $cap
+     * @return bool
+     */
+    public function canDo($cap) {
+        //capabilities depend on config, which may change depending on domain
+        $domain = $this->_userDomain($_SERVER['REMOTE_USER']);
+        $this->_loadServerConfig($domain);
+        return parent::canDo($cap);
+    }
+
     /**
      * Check user+password [required auth function]
      *
-- 
cgit v1.2.3


From 9199f1a464f80d9c6b8a996a508ba051e3223eac Mon Sep 17 00:00:00 2001
From: "Ivan I. Udovichenko" 
Date: Fri, 26 Apr 2013 14:32:47 +0200
Subject: Russian language update

---
 lib/plugins/authad/lang/ru/settings.php | 6 ++++++
 1 file changed, 6 insertions(+)
 create mode 100644 lib/plugins/authad/lang/ru/settings.php

(limited to 'lib/plugins/authad')

diff --git a/lib/plugins/authad/lang/ru/settings.php b/lib/plugins/authad/lang/ru/settings.php
new file mode 100644
index 000000000..4c394080e
--- /dev/null
+++ b/lib/plugins/authad/lang/ru/settings.php
@@ -0,0 +1,6 @@
+
Date: Sun, 5 May 2013 20:03:01 +0200
Subject: Czech language update

---
 lib/plugins/authad/lang/cs/settings.php | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 lib/plugins/authad/lang/cs/settings.php

(limited to 'lib/plugins/authad')

diff --git a/lib/plugins/authad/lang/cs/settings.php b/lib/plugins/authad/lang/cs/settings.php
new file mode 100644
index 000000000..71f83afda
--- /dev/null
+++ b/lib/plugins/authad/lang/cs/settings.php
@@ -0,0 +1,18 @@
+@moje.domena.org';
+$lang['base_dn']               = 'Vaše doménové jméno DN. tj. DC=moje,DC=domena,DC=org';
+$lang['domain_controllers']    = 'Čárkou oddělenových kontrol=rů, tj. srv1.domena.org,srv2.domena.org';
+$lang['admin_username']        = 'Privilegovaný uživatel Active Directory s přístupem ke všem datům. Volitelně, ale nutné pro určité akce typu zasílání mailů.';
+$lang['admin_password']        = 'Heslo uživatele výše';
+$lang['sso']                   = 'Chcete přihlašování Single-Sign-On pomocí jádra Kerberos nebo NTLM ( autentizační protokol obvyklý ve Windows)?';
+$lang['real_primarygroup']     = 'Má být zjištěna primární skupina namísto vyhodnocení hodnoty "doménoví uživatelé" (pomalejší)';
+$lang['use_ssl']               = 'Použít spojení SSL? Pokud ano, nevyužívejte TLS níže.';
+$lang['use_tls']               = 'Použít spojení TLS? Pokud ano, nevyužívejte SSL výše.';
+$lang['debug']                 = 'Zobrazit dodatečné debugovací výstupy při chybách?';
+$lang['expirywarn']            = 'Dny mezi varováním o vyprčšení hesla uživatele a jeho vypršením. 0 znaší vypnuto.';
+$lang['additional']            = 'Čárkou oddělený seznam dodatečných atributů získávaných z uživatelských dat. Využito některými pluginy.';
-- 
cgit v1.2.3


From 8fb341d2133fef951e0a7bb959440b93d5ca2e4a Mon Sep 17 00:00:00 2001
From: Satoshi Sahara 
Date: Sun, 5 May 2013 20:04:04 +0200
Subject: Japanese language update

---
 lib/plugins/authad/lang/ja/settings.php | 1 +
 1 file changed, 1 insertion(+)

(limited to 'lib/plugins/authad')

diff --git a/lib/plugins/authad/lang/ja/settings.php b/lib/plugins/authad/lang/ja/settings.php
index 576f0eeb5..fdc6fc434 100644
--- a/lib/plugins/authad/lang/ja/settings.php
+++ b/lib/plugins/authad/lang/ja/settings.php
@@ -2,4 +2,5 @@
 /**
  * Japanese language file
  *
+ * @author Satoshi Sahara 
  */
-- 
cgit v1.2.3


From 0e748a96cda77fa0131fc0b9601de54a41592ca7 Mon Sep 17 00:00:00 2001
From: Anika Henke 
Date: Mon, 6 May 2013 12:25:27 +0100
Subject: updated dates in templates' and plugins' info.txt files

---
 lib/plugins/authad/plugin.info.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lib/plugins/authad')

diff --git a/lib/plugins/authad/plugin.info.txt b/lib/plugins/authad/plugin.info.txt
index f02b5118c..996813bc5 100644
--- a/lib/plugins/authad/plugin.info.txt
+++ b/lib/plugins/authad/plugin.info.txt
@@ -1,7 +1,7 @@
 base   authad
 author Andreas Gohr
 email  andi@splitbrain.org
-date   2012-11-09
+date   2013-04-25
 name   Active Directory auth plugin
 desc   Provides authentication against a Microsoft Active Directory
 url    http://www.dokuwiki.org/plugin:authad
-- 
cgit v1.2.3


From 12d195ab7189878b41dc4d211befafc79ae402a6 Mon Sep 17 00:00:00 2001
From: Andreas Gohr 
Date: Fri, 7 Jun 2013 12:48:07 +0200
Subject: treat empty AD credentials as NULL values FS#2781

---
 lib/plugins/authad/auth.php         | 5 +++++
 lib/plugins/authad/conf/default.php | 4 ++--
 2 files changed, 7 insertions(+), 2 deletions(-)

(limited to 'lib/plugins/authad')

diff --git a/lib/plugins/authad/auth.php b/lib/plugins/authad/auth.php
index b6b5dd268..fcbd2eeef 100644
--- a/lib/plugins/authad/auth.php
+++ b/lib/plugins/authad/auth.php
@@ -489,6 +489,11 @@ class auth_plugin_authad extends DokuWiki_Auth_Plugin {
             $this->cando['modPass'] = false;
         }
 
+        // adLDAP expects empty user/pass as NULL, we're less strict FS#2781
+        if(empty($opts['admin_username'])) $opts['admin_username'] = null;
+        if(empty($opts['admin_password'])) $opts['admin_password'] = null;
+
+        // user listing needs admin priviledges
         if(!empty($opts['admin_username']) && !empty($opts['admin_password'])) {
             $this->cando['getUsers'] = true;
         } else {
diff --git a/lib/plugins/authad/conf/default.php b/lib/plugins/authad/conf/default.php
index 9274db209..f71202cfc 100644
--- a/lib/plugins/authad/conf/default.php
+++ b/lib/plugins/authad/conf/default.php
@@ -4,8 +4,8 @@ $conf['account_suffix']     = '';
 $conf['base_dn']            = '';
 $conf['domain_controllers'] = '';
 $conf['sso']                = 0;
-$conf['admin_username']        = '';
-$conf['admin_password']        = '';
+$conf['admin_username']     = '';
+$conf['admin_password']     = '';
 $conf['real_primarygroup']  = 0;
 $conf['use_ssl']            = 0;
 $conf['use_tls']            = 0;
-- 
cgit v1.2.3


From 81ee3b1c4ea669b4278fc1160162c686b82e559c Mon Sep 17 00:00:00 2001
From: Andreas Gohr 
Date: Sun, 16 Jun 2013 18:09:34 +0200
Subject: Swedish language update

---
 lib/plugins/authad/lang/sv/settings.php | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 lib/plugins/authad/lang/sv/settings.php

(limited to 'lib/plugins/authad')

diff --git a/lib/plugins/authad/lang/sv/settings.php b/lib/plugins/authad/lang/sv/settings.php
new file mode 100644
index 000000000..b1eb1cb96
--- /dev/null
+++ b/lib/plugins/authad/lang/sv/settings.php
@@ -0,0 +1,11 @@
+min.domän.org';
+$lang['admin_password']        = 'Lösenord för användare ovan.';
+$lang['sso']                   = 'Ska Single-Sign-On via Kerberos eller NTLM användas?';
+$lang['use_ssl']               = 'Använda SSL anslutning? Om använd, möjliggör inte TLS nedan.';
+$lang['use_tls']               = 'Använda TLS anslutning? Om använd, möjliggör inte SSL ovan.';
-- 
cgit v1.2.3


From b243b168571b08a674d34701cfbb7ac0a03239e0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Volker=20B=C3=B6dker?= 
Date: Fri, 12 Jul 2013 17:04:41 +0200
Subject: Informal German language update

---
 lib/plugins/authad/lang/de-informal/settings.php | 1 +
 1 file changed, 1 insertion(+)

(limited to 'lib/plugins/authad')

diff --git a/lib/plugins/authad/lang/de-informal/settings.php b/lib/plugins/authad/lang/de-informal/settings.php
index 4d0b93e5d..a458617b8 100644
--- a/lib/plugins/authad/lang/de-informal/settings.php
+++ b/lib/plugins/authad/lang/de-informal/settings.php
@@ -4,6 +4,7 @@
  *
  * @author Frank Loizzi 
  * @author Matthias Schulte 
+ * @author Volker Bödker 
  */
 $lang['account_suffix']        = 'Dein Account-Suffix. Z.B. @my.domain.org';
 $lang['base_dn']               = 'Dein Base-DN. Z.B. DC=my,DC=domain,DC=org';
-- 
cgit v1.2.3


From dbd5b4caeac5f2f45d05da38f1a54282d972b3ce Mon Sep 17 00:00:00 2001
From: Victor Westmann 
Date: Fri, 12 Jul 2013 17:06:30 +0200
Subject: Brazilian Portuguese language update

---
 lib/plugins/authad/lang/pt-br/settings.php | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'lib/plugins/authad')

diff --git a/lib/plugins/authad/lang/pt-br/settings.php b/lib/plugins/authad/lang/pt-br/settings.php
index 29f8db4ad..308d122dd 100644
--- a/lib/plugins/authad/lang/pt-br/settings.php
+++ b/lib/plugins/authad/lang/pt-br/settings.php
@@ -7,8 +7,10 @@
 $lang['account_suffix']        = 'Sufixo de sua conta. Eg. @meu.domínio.org';
 $lang['base_dn']               = 'Sua base DN. Eg. DC=meu,DC=domínio,DC=org';
 $lang['domain_controllers']    = 'Uma lista de controles de domínios separada por vírgulas. Eg. srv1.domínio.org,srv2.domínio.org';
+$lang['admin_username']        = 'Um usuário com privilégios do Active Directory com acesso a todos os dados dos outros usuários. Opcional, mas necessário para certas ações como enviar emails de inscrição.';
 $lang['admin_password']        = 'A senha do usuário acima.';
 $lang['sso']                   = 'Usar Single-Sign-On através do Kerberos ou NTLM?';
+$lang['real_primarygroup']     = 'Deverá o grupo real primário ser resolvido ao invés de assumir "Usuários de domínio" (mais lento) ';
 $lang['use_ssl']               = 'Usar conexão SSL? Se usar, não habilitar TLS abaixo.';
 $lang['use_tls']               = 'Usar conexão TLS? se usar, não habilitar SSL acima.';
 $lang['debug']                 = 'Mostrar saída adicional de depuração em mensagens de erros?';
-- 
cgit v1.2.3