diff options
-rw-r--r-- | phpBB/adm/index.php | 2 | ||||
-rw-r--r-- | phpBB/docs/CHANGELOG.html | 2 | ||||
-rw-r--r-- | phpBB/includes/acp/acp_search.php | 2 | ||||
-rw-r--r-- | phpBB/includes/auth/auth_ldap.php | 45 | ||||
-rw-r--r-- | phpBB/install/database_update.php | 1 | ||||
-rw-r--r-- | phpBB/language/en/acp/board.php | 10 | ||||
-rw-r--r-- | phpBB/search.php | 8 |
7 files changed, 49 insertions, 21 deletions
diff --git a/phpBB/adm/index.php b/phpBB/adm/index.php index f99a2f8a73..b8b83a439e 100644 --- a/phpBB/adm/index.php +++ b/phpBB/adm/index.php @@ -477,7 +477,7 @@ function validate_config_vars($config_vars, &$cfg_array, &$error) $cfg_array[$config_name] = trim($cfg_array[$config_name]); // Make sure no NUL byte is present... - if (strpos($cfg_array[$config_name], '\0') !== false || strpos($cfg_array[$config_name], '%00') !== false) + if (strpos($cfg_array[$config_name], "\0") !== false || strpos($cfg_array[$config_name], '%00') !== false) { $cfg_array[$config_name] = ''; break; diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html index ee0e2ec46e..26c54d18d4 100644 --- a/phpBB/docs/CHANGELOG.html +++ b/phpBB/docs/CHANGELOG.html @@ -226,6 +226,8 @@ p a { <li>[Fix] Header icons fixed in FF for RTL languages (Bug #14084)</li> <li>[Change] Words in topic titles and post subjects are highlighted on the search results page and viewtopic too now (Bug #13383)</li> <li>[Fix] Made sure strip_bbcode cannot get the idea that a smiley is a BBCode (Bug #14030)</li> + <li>[Change] Added a filter for user objects to LDAP configuration and improved explanations (Bug #12627)</li> + <li>[Fix] Display searchable subforums of invisible parents in advanced search forum selection (Bug #11395)</li> </ul> </div> diff --git a/phpBB/includes/acp/acp_search.php b/phpBB/includes/acp/acp_search.php index 27c3157723..f8d4f1f80d 100644 --- a/phpBB/includes/acp/acp_search.php +++ b/phpBB/includes/acp/acp_search.php @@ -92,7 +92,7 @@ class acp_search unset($search); unset($error); - $cfg_array = (isset($_REQUEST['config'])) ? request_var('config', array('' => '')) : array(); + $cfg_array = (isset($_REQUEST['config'])) ? request_var('config', array('' => ''), true) : array(); $updated = request_var('updated', false); foreach ($settings as $config_name => $var_type) diff --git a/phpBB/includes/auth/auth_ldap.php b/phpBB/includes/auth/auth_ldap.php index ff6ff3edd1..1e90aebe7e 100644 --- a/phpBB/includes/auth/auth_ldap.php +++ b/phpBB/includes/auth/auth_ldap.php @@ -46,7 +46,7 @@ function init_ldap() $search = @ldap_search( $ldap, $config['ldap_base_dn'], - '(' . $config['ldap_uid'] . '=' . ldap_escape(htmlspecialchars_decode($user->data['username'])) . ')', + ldap_user_filter($user->data['username']), (empty($config['ldap_email'])) ? array($config['ldap_uid']) : array($config['ldap_uid'], $config['ldap_email']), 0, 1 @@ -114,7 +114,7 @@ function login_ldap(&$username, &$password) $search = @ldap_search( $ldap, $config['ldap_base_dn'], - '(' . $config['ldap_uid'] . '=' . ldap_escape(htmlspecialchars_decode($username)) . ')', + ldap_user_filter($username), (empty($config['ldap_email'])) ? array($config['ldap_uid']) : array($config['ldap_uid'], $config['ldap_email']), 0, 1 @@ -216,6 +216,25 @@ function login_ldap(&$username, &$password) } /** +* Generates a filter string for ldap_search to find a user +* +* @param $username string Username identifying the searched user +* +* @return string A filter string for ldap_search +*/ +function ldap_user_filter($username) +{ + global $config; + + $filter = '(' . $config['ldap_uid'] . '=' . ldap_escape(htmlspecialchars_decode($username)) . ')'; + if ($config['ldap_user_filter']) + { + $filter = "(&$filter({$config['ldap_user_filter']}))"; + } + return $filter; +} + +/** * Escapes an LDAP AttributeValue */ function ldap_escape($string) @@ -238,14 +257,6 @@ function acp_ldap(&$new) <dd><input type="text" id="ldap_server" size="40" name="config[ldap_server]" value="' . $new['ldap_server'] . '" /></dd> </dl> <dl> - <dt><label for="ldap_user">' . $user->lang['LDAP_USER'] . ':</label><br /><span>' . $user->lang['LDAP_USER_EXPLAIN'] . '</span></dt> - <dd><input type="text" id="ldap_user" size="40" name="config[ldap_user]" value="' . $new['ldap_user'] . '" /></dd> - </dl> - <dl> - <dt><label for="ldap_password">' . $user->lang['LDAP_PASSWORD'] . ':</label><br /><span>' . $user->lang['LDAP_PASSWORD_EXPLAIN'] . '</span></dt> - <dd><input type="password" id="ldap_password" size="40" name="config[ldap_password]" value="' . $new['ldap_password'] . '" /></dd> - </dl> - <dl> <dt><label for="ldap_dn">' . $user->lang['LDAP_DN'] . ':</label><br /><span>' . $user->lang['LDAP_DN_EXPLAIN'] . '</span></dt> <dd><input type="text" id="ldap_dn" size="40" name="config[ldap_base_dn]" value="' . $new['ldap_base_dn'] . '" /></dd> </dl> @@ -254,15 +265,27 @@ function acp_ldap(&$new) <dd><input type="text" id="ldap_uid" size="40" name="config[ldap_uid]" value="' . $new['ldap_uid'] . '" /></dd> </dl> <dl> + <dt><label for="ldap_user_filter">' . $user->lang['LDAP_USER_FILTER'] . ':</label><br /><span>' . $user->lang['LDAP_USER_FILTER_EXPLAIN'] . '</span></dt> + <dd><input type="text" id="ldap_user_filter" size="40" name="config[ldap_user_filter]" value="' . $new['ldap_user_filter'] . '" /></dd> + </dl> + <dl> <dt><label for="ldap_email">' . $user->lang['LDAP_EMAIL'] . ':</label><br /><span>' . $user->lang['LDAP_EMAIL_EXPLAIN'] . '</span></dt> <dd><input type="text" id="ldap_email" size="40" name="config[ldap_email]" value="' . $new['ldap_email'] . '" /></dd> </dl> + <dl> + <dt><label for="ldap_user">' . $user->lang['LDAP_USER'] . ':</label><br /><span>' . $user->lang['LDAP_USER_EXPLAIN'] . '</span></dt> + <dd><input type="text" id="ldap_user" size="40" name="config[ldap_user]" value="' . $new['ldap_user'] . '" /></dd> + </dl> + <dl> + <dt><label for="ldap_password">' . $user->lang['LDAP_PASSWORD'] . ':</label><br /><span>' . $user->lang['LDAP_PASSWORD_EXPLAIN'] . '</span></dt> + <dd><input type="password" id="ldap_password" size="40" name="config[ldap_password]" value="' . $new['ldap_password'] . '" /></dd> + </dl> '; // These are fields required in the config table return array( 'tpl' => $tpl, - 'config' => array('ldap_server', 'ldap_user', 'ldap_password', 'ldap_base_dn', 'ldap_uid', 'ldap_email') + 'config' => array('ldap_server', 'ldap_base_dn', 'ldap_uid', 'ldap_user_filter', 'ldap_email', 'ldap_user', 'ldap_password') ); } diff --git a/phpBB/install/database_update.php b/phpBB/install/database_update.php index 5179979f5f..393d1d3082 100644 --- a/phpBB/install/database_update.php +++ b/phpBB/install/database_update.php @@ -1496,6 +1496,7 @@ if (version_compare($current_version, '3.0.RC4', '<=')) // Setting this here again because new installations may not have it... set_config('cron_lock', '0', true); + set_config('ldap_user_filter', ''); $no_updates = false; } diff --git a/phpBB/language/en/acp/board.php b/phpBB/language/en/acp/board.php index af88b47db5..8c1f502b09 100644 --- a/phpBB/language/en/acp/board.php +++ b/phpBB/language/en/acp/board.php @@ -304,13 +304,15 @@ $lang = array_merge($lang, array( 'LDAP_NO_EMAIL' => 'The specified e-mail attribute does not exist.', 'LDAP_NO_IDENTITY' => 'Could not find a login identity for %s.', 'LDAP_PASSWORD' => 'LDAP password', - 'LDAP_PASSWORD_EXPLAIN' => 'Leave blank to use anonymous access. Else fill in the password for the above user. <strong>WARNING:</strong> This password will be stored as plain text in the database visible to everybody who can access your database.', + 'LDAP_PASSWORD_EXPLAIN' => 'Leave blank to use anonymous binding. Else fill in the password for the above user. Required for Active Directory Servers. <strong>WARNING:</strong> This password will be stored as plain text in the database visible to everybody who can access your database or who can view this configuration page.', 'LDAP_SERVER' => 'LDAP server name', - 'LDAP_SERVER_EXPLAIN' => 'If using LDAP this is the name or IP address of the server.', + 'LDAP_SERVER_EXPLAIN' => 'If using LDAP this is the hostname or IP address of the LDAP server. Alternatively you can specify an URL like ldap://hostname:port/', 'LDAP_UID' => 'LDAP <var>uid</var>', 'LDAP_UID_EXPLAIN' => 'This is the key under which to search for a given login identity, e.g. <var>uid</var>, <var>sn</var>, etc.', - 'LDAP_USER' => 'LDAP user', - 'LDAP_USER_EXPLAIN' => 'Leave blank to use anonymous access. If filled in phpBB will connect to the LDAP server as the specified user.', + 'LDAP_USER' => 'LDAP user <var>dn</var>', + 'LDAP_USER_EXPLAIN' => 'Leave blank to use anonymous binding. If filled in phpBB uses the specified distinguished name on login attempts to find the correct user, e.g. <samp>uid=Username,ou=MyUnit,o=MyCompany,c=US</samp>. Required for Active Directory Servers.', + 'LDAP_USER_FILTER' => 'LDAP user filter', + 'LDAP_USER_FILTER_EXPLAIN' => 'Optionally you can further limit the searched objects with additional filters. For example <samp>objectClass=posixGroup</samp> would result in the use of <samp>(&(uid=$username)(objectClass=posixGroup))</samp>', )); // Server Settings diff --git a/phpBB/search.php b/phpBB/search.php index 9a50ce2fcb..d9010b73a8 100644 --- a/phpBB/search.php +++ b/phpBB/search.php @@ -939,9 +939,9 @@ while ($row = $db->sql_fetchrow($result)) continue; } - if (!$auth->acl_get('f_list', $row['forum_id']) || $row['forum_type'] == FORUM_LINK || ($row['forum_password'] && !$row['user_id'])) + if ($row['forum_type'] == FORUM_LINK || ($row['forum_password'] && !$row['user_id'])) { - // if the user does not have permissions to list this forum skip to the next branch + // if this forum is a link or password protected (user has not entered the password yet) then skip to the next branch continue; } @@ -964,9 +964,9 @@ while ($row = $db->sql_fetchrow($result)) $right = $row['right_id']; - if (!$auth->acl_get('f_search', $row['forum_id'])) + if ($auth->acl_gets('!f_search', '!f_list', $row['forum_id'])) { - // if the user does not have permissions to search this forum skip only this forum/category + // if the user does not have permissions to search or see this forum skip only this forum/category continue; } |