diff options
| author | Nils Adermann <naderman@naderman.de> | 2006-07-07 12:36:44 +0000 |
|---|---|---|
| committer | Nils Adermann <naderman@naderman.de> | 2006-07-07 12:36:44 +0000 |
| commit | a5c23243c7a0a86ccd749b7733b11d30a6c349e1 (patch) | |
| tree | f7cd509c0db4efb62f212e483ba5a83bff0d457d /phpBB/includes/auth/auth_ldap.php | |
| parent | 8c128de642207142bf599fcf9d78c2b0e705e351 (diff) | |
| download | forums-a5c23243c7a0a86ccd749b7733b11d30a6c349e1.tar forums-a5c23243c7a0a86ccd749b7733b11d30a6c349e1.tar.gz forums-a5c23243c7a0a86ccd749b7733b11d30a6c349e1.tar.bz2 forums-a5c23243c7a0a86ccd749b7733b11d30a6c349e1.tar.xz forums-a5c23243c7a0a86ccd749b7733b11d30a6c349e1.zip | |
- display age in user profile and make it available on viewtopic
- various tiny bugfixes including [Bug #2351] [Bug #2549] [Bug #2681] [Bug #3015]
- strip first, then change newlines [Bug #2403]
- added support for creating user profiles to the login function (makes use of user_add), triggered by LOGIN_SUCCESS_CREATE_PROFILE constant
- moved newest user updating from ucp_register to user_add function
- renamed the admin_ auth module function to acp_
- added initialisation code to auth_apache which checks whether it will work
- added user_add support to both auth_ldap and auth_apache
- some auth_ldap tweaks, should work with users deeper in the organisation structure too now
- adjusted global topics in mcp_report to work like mcp_queue
git-svn-id: file:///svn/phpbb/trunk@6151 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/includes/auth/auth_ldap.php')
| -rw-r--r-- | phpBB/includes/auth/auth_ldap.php | 105 |
1 files changed, 72 insertions, 33 deletions
diff --git a/phpBB/includes/auth/auth_ldap.php b/phpBB/includes/auth/auth_ldap.php index e9b87bcf44..25c90aeeeb 100644 --- a/phpBB/includes/auth/auth_ldap.php +++ b/phpBB/includes/auth/auth_ldap.php @@ -5,13 +5,6 @@ * * Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him. * -* This is for initial authentication via an LDAP server, user information is then -* obtained from the integrated user table -* -* You can do any kind of checking you like here ... the return data format is -* either the resulting row of user information, an integer zero (indicating an -* inactive user) or some error string -* * @package login * @version $Id$ * @copyright (c) 2005 phpBB Group @@ -39,9 +32,17 @@ function init_ldap() } @ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3); + @ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0); // ldap_connect only checks whether the specified server is valid, so the connection might still fail - $search = @ldap_search($ldap, $config['ldap_base_dn'], $config['ldap_uid'] . '=' . $user->data['username'], array($config['ldap_uid'])); + $search = @ldap_search( + $ldap, + $config['ldap_base_dn'], + '(' . $config['ldap_uid'] . '=' . $user->data['username'] . ')', + (empty($config['ldap_email'])) ? array($config['ldap_uid']) : array($config['ldap_uid'], $config['ldap_email']), + 0, + 1 + ); if ($search === false) { @@ -52,6 +53,11 @@ function init_ldap() @ldap_close($ldap); + if (!empty($config['ldap_email']) && !isset($result[0][$config['ldap_email']])) + { + return $user->lang['LDAP_NO_EMAIL']; + } + if (is_array($result) && sizeof($result) > 1) { return false; @@ -65,7 +71,7 @@ function init_ldap() */ function login_ldap(&$username, &$password) { - global $db, $config; + global $db, $config, $user; if (!@extension_loaded('ldap')) { @@ -86,13 +92,22 @@ function login_ldap(&$username, &$password) } @ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3); + @ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0); + + $search = @ldap_search( + $ldap, + $config['ldap_base_dn'], + '(' . $config['ldap_uid'] . '=' . $username . ')', + (empty($config['ldap_email'])) ? array($config['ldap_uid']) : array($config['ldap_uid'], $config['ldap_email']), + 0, + 1 + ); - $search = @ldap_search($ldap, $config['ldap_base_dn'], $config['ldap_uid'] . '=' . $username, array($config['ldap_uid'])); - $result = @ldap_get_entries($ldap, $search); + $ldap_result = @ldap_get_entries($ldap, $search); - if (is_array($result) && sizeof($result) > 1) + if (is_array($ldap_result) && sizeof($ldap_result) > 1) { - if (@ldap_bind($ldap, $result[0]['dn'], $password)) + if (@ldap_bind($ldap, $ldap_result[0]['dn'], $password)) { @ldap_close($ldap); @@ -105,6 +120,8 @@ function login_ldap(&$username, &$password) if ($row) { + unset($ldap_result); + // User inactive... if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) { @@ -122,9 +139,45 @@ function login_ldap(&$username, &$password) 'user_row' => $row, ); } + else + { + // retrieve default group id + $sql = 'SELECT group_id + FROM ' . GROUPS_TABLE . " + WHERE group_name = '" . $db->sql_escape('REGISTERED') . "' + AND group_type = " . GROUP_SPECIAL; + $result = $db->sql_query($sql); + $row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); + + if (!$row) + { + trigger_error('NO_GROUP'); + } + + // generate user account data + $ldap_user_row = array( + 'username' => $username, + 'user_password' => $password, + 'user_email' => (!empty($config['ldap_email'])) ? $ldap_result[0][$config['ldap_email']][0] : '', + 'group_id' => (int) $row['group_id'], + 'user_type' => USER_NORMAL, + 'user_ip' => $user->ip, + ); + + unset($ldap_result); + + // this is the user's first login so create an empty profile + return array( + 'status' => LOGIN_SUCCESS_CREATE_PROFILE, + 'error_msg' => false, + 'user_row' => $ldap_user_row, + ); + } } else { + unset($ldap_result); @ldap_close($ldap); // Give status about wrong password... @@ -149,14 +202,10 @@ function login_ldap(&$username, &$password) * This function is used to output any required fields in the authentication * admin panel. It also defines any required configuration table fields. */ -function admin_ldap(&$new) +function acp_ldap(&$new) { global $user; - /** - * @todo Using same approach as with cfg_build_template? - */ - $tpl = ' <dl> @@ -171,27 +220,17 @@ function admin_ldap(&$new) <dt><label for="ldap_uid">' . $user->lang['LDAP_UID'] . ':</label><br /><span>' . $user->lang['LDAP_UID_EXPLAIN'] . '</span></dt> <dd><input type="text" id="ldap_uid" size="40" name="config[ldap_uid]" value="' . $new['ldap_uid'] . '" /></dd> </dl> + <dl> + <dt><label for="ldap_uid">' . $user->lang['LDAP_EMAIL'] . ':</label><br /><span>' . $user->lang['LDAP_EMAIL_EXPLAIN'] . '</span></dt> + <dd><input type="text" id="ldap_uid" size="40" name="config[ldap_email]" value="' . $new['ldap_email'] . '" /></dd> + </dl> '; // These are fields required in the config table return array( 'tpl' => $tpl, - 'config' => array('ldap_server', 'ldap_base_dn', 'ldap_uid') + 'config' => array('ldap_server', 'ldap_base_dn', 'ldap_uid', 'ldap_email') ); } -/** -* Would be nice to allow syncing of 'appropriate' data when user updates -* their username, password, etc. ... should be up to the plugin what data -* is updated. -* -* @todo implement this functionality (probably 3.2) -* -* @param new|update|delete $mode defining the action to take on user updates -*/ -function usercp_ldap($mode) -{ - global $db, $config; -} - ?>
\ No newline at end of file |