[Fusionforge-commits] r7259 - in trunk/gforge/plugins/ldapextauth: etc/plugins/ldapextauth include

Roland Mas lolando at libremir.placard.fr.eu.org
Fri Mar 27 10:22:05 CET 2009


Author: lolando
Date: 2009-03-27 10:22:05 +0100 (Fri, 27 Mar 2009)
New Revision: 7259

Modified:
   trunk/gforge/plugins/ldapextauth/etc/plugins/ldapextauth/config.php
   trunk/gforge/plugins/ldapextauth/etc/plugins/ldapextauth/mapping.php
   trunk/gforge/plugins/ldapextauth/include/LdapExtAuthPlugin.class.php
Log:
Fix ldapextauth plugin (patch #21 from Chris Dalzell)

Modified: trunk/gforge/plugins/ldapextauth/etc/plugins/ldapextauth/config.php
===================================================================
--- trunk/gforge/plugins/ldapextauth/etc/plugins/ldapextauth/config.php	2009-03-26 22:27:20 UTC (rev 7258)
+++ trunk/gforge/plugins/ldapextauth/etc/plugins/ldapextauth/config.php	2009-03-27 09:22:05 UTC (rev 7259)
@@ -1,28 +1,34 @@
 <?php
+/** External authentication via LDAP for FusionForge Config
+*
+* Define the location of your user acconuts and user dn prefix.
+* Example: If user full rdn is: "uid=joe,ou=users,dc=example,dc=com"
+* 	then: $base_dn = "ou=users,dc=example,dc=com"
+*	and: $user_dn = "uid="
+* For AD use: $user_dn = "sAMAccountName="
+* Note LDAP Search Call: ldap_search($this->ldap_conn, $this->base_dn, $this->user_dn . $loginname)
+*/
+$base_dn = "ou=users,dc=example,dc=com" ;
+$user_dn = "uid=" ;
+// $user_dn = "sAMAccountName=" ;
 
-$base_dn = "dc=users,dc=example,dc=com" ;
-
+// Define LDAP server hostname or IP, and port.
 $ldap_server = "ldap.example.com" ;
-//$ldap_port=389;
+//$ldap_server = "127.0.0.1" ;
+$ldap_port=389;
 
+// Define a backup LDAP server.
 //$ldap_altserver = '';
 //ldap_altport = '';
 
-$ldap_kind=''; // Std Directory server
-//$ldap_kind='AD'; // Active Directory server
-
-// For non anonymous bind, enter credentials here.
+// Define privileged user for bind before user dn search, such as a httpd search-only account.
 //$ldap_bind_dn = '';
 //$ldap_bind_pwd = '';
 
+// Use TLS security.
 //$ldap_start_tls = false;
 
 // Array of login not managed by LDAP (local accounts).
 //$ldap_skip_users = array('ffadmin');
 
-// Local Variables:
-// mode: php
-// c-file-style: "bsd"
-// End:
-
 ?>

Modified: trunk/gforge/plugins/ldapextauth/etc/plugins/ldapextauth/mapping.php
===================================================================
--- trunk/gforge/plugins/ldapextauth/etc/plugins/ldapextauth/mapping.php	2009-03-26 22:27:20 UTC (rev 7258)
+++ trunk/gforge/plugins/ldapextauth/etc/plugins/ldapextauth/mapping.php	2009-03-27 09:22:05 UTC (rev 7259)
@@ -1,38 +1,36 @@
 <?php
+/** External authentication via LDAP for FusionForge Mapping
+*
+* These are pairs of internal user variables and LDAP attributes used when
+* creating new accounts, top half are required, bottom half are optional.
+* Note you can use global config variables defined in local.inc or elsewhere.
+*/
 
 function plugin_ldapextauth_mapping ($entry) {
 	$result = array () ;
 	
 	$result['firstname'] = $entry['givenname'][0] ;
 	$result['lastname'] = $entry['sn'][0] ;
-	$result['email'] = $entry['uid'][0] . '@' . $GLOBALS['sys_default_domain'] ;
-	//$result['email'] = $entry['mail'][0] ; // AD
-	// You may also want to customise $result['language_id']
-	// You may also want to customise $result['timezone']
-	//$result['timezone']=$GLOBALS['sys_default_timezone'];
-	// You may also want to customise $result['jabber_address']
-	// You may also want to customise $result['address']
-	// You may also want to customise $result['address2']
-	// You may also want to customise $result['phone']
+
+	// Defines new user email address, from LDAP or based on forge domain.
+	$result['email'] = $entry['mail'][0] ;
+	//$result['email'] = $entry['uid'][0] . '@' . $GLOBALS['sys_default_domain'] ;
+
+	// Defines new user theme, causes error if left blank.
+	$result['themeid']=$GLOBALS['sys_default_theme_id'];
+
+
+	//$result['jabber_address'] = '' ;
+	//$result['address'] = '' ;
+	//$result['address2'] = '' ;
 	//$result['phone'] = $entry['telephonenumber'][0]; //AD
-	// You may also want to customise $result['fax']
-	// You may also want to customise $result['title']
-	// You may also want to customise $result['ccode']
+	//$result['fax'] = '' ;
+	//$result['title'] = '' ;
 	//$result['ccode']=$GLOBALS['sys_default_country_code'];
-	// You may also want to customise $result['themeid']
-	$result['themeid']=$GLOBALS['sys_default_theme_id'];
+	//$result['language_id'] = '' ;
+	//$result['timezone']=$GLOBALS['sys_default_timezone'];
 	
 	return $result ;
 }
 
-function plugin_ldapextauth_getdn ($plugin, $username) {
-	return "uid=$username," . $plugin->base_dn ;
-	//return 'DOMAIN\\' . "$username" ; // AD
-}
-
-// Local Variables:
-// mode: php
-// c-file-style: "bsd"
-// End:
-
 ?>

Modified: trunk/gforge/plugins/ldapextauth/include/LdapExtAuthPlugin.class.php
===================================================================
--- trunk/gforge/plugins/ldapextauth/include/LdapExtAuthPlugin.class.php	2009-03-26 22:27:20 UTC (rev 7258)
+++ trunk/gforge/plugins/ldapextauth/include/LdapExtAuthPlugin.class.php	2009-03-27 09:22:05 UTC (rev 7259)
@@ -5,6 +5,7 @@
  *                The Gforge Group, LLC <http://gforgegroup.com/>
  * Copyright 2004 Christian Bayle <bayle at debian.org>
  * Copyright 2009 Alain Peyrat, Alcatel-Lucent
+ * Copyright 2009 Chris Dalzell, OpenGameForge.org
  *
  * This file is part of FusionForge
  *
@@ -35,6 +36,7 @@
 		
 		$this->ldap_conn = false ;
 		$this->base_dn = '';
+		$this->user_dn = '';
 		$this->ldap_server = $sys_ldap_server ;
 		$this->ldap_port = $sys_ldap_port ;
 		$this->ldap_altserver = '';
@@ -47,6 +49,9 @@
 		if (isset($base_dn)) {
 			$this->base_dn = $base_dn ;
 		}
+		if (isset($user_dn)) {
+			$this->user_dn = $user_dn ;
+		}
 		if (isset($ldap_server)) {
 			$this->ldap_server = $ldap_server ;
 		}
@@ -62,9 +67,6 @@
 		if (isset($ldap_start_tls)) {
 			$this->ldap_start_tls = $ldap_start_tls ;
 		}
-		if (isset($ldap_kind)) {
-			$this->ldap_kind = $ldap_kind ;
-		}
 		if (isset($ldap_bind_dn)) {
 			$this->ldap_bind_dn = $ldap_bind_dn;
 		}
@@ -125,23 +127,12 @@
 			}
 		}
 
-		$dn = plugin_ldapextauth_getdn ($this, $loginname) ;
-		if(empty($dn)) {
-			@ldap_unbind($this->ldap_conn);
-			$GLOBALS['ldap_auth_failed']=true;
-			return false;
-		}
-		debuglog("LDAP: Using dn: $dn (searching)");
+		// Search LDAP for user account.
+		debuglog("LDAP: Searching for $loginname");
+		$res = ldap_search($this->ldap_conn, $this->base_dn, $this->user_dn . $loginname) ;
+		debuglog("LDAP: ldap_search ($this->ldap_conn, $this->base_dn, $this->user_dn . $loginname)");
+		debuglog("LDAP: Search handle is: $res");
 
-		// Now get her info
-		if ($this->ldap_kind=="AD"){
-			$res = ldap_search ($this->ldap_conn, $this->base_dn, "sAMAccountName=".$loginname) ;
-		} else {
-			$res = ldap_search ($this->ldap_conn, $this->base_dn, $dn) ;
-			debuglog("LDAP: ldap_search ($this->ldap_conn, $this->base_dn, $dn)");
-			debuglog("LDAP: Search handle is: $res");
-		}
-
 		if (!$res) {
 			// User not found in LDAP => Account invalid
 			@ldap_unbind($this->ldap_conn);
@@ -170,7 +161,7 @@
 		$u = user_get_object_by_name ($loginname) ;
 
 		if ($u) {
-			debuglog("LDAP: User is present in GForge database");
+			debuglog("LDAP: User is present in database");
 
 			// User exists in DB
 			if (@ldap_bind($this->ldap_conn, $dn, $raw_passwd)) {
@@ -331,7 +322,7 @@
 		if ($this->ldap_start_tls) {
 			debuglog("LDAP: ldap_start_tls($this->ldap_conn)");
 			if (!ldap_start_tls($this->ldap_conn)) {
-				syslog(LOG_ERR, "GForge: LDAP start_tls failed: ".ldap_error($this->ldap_conn));
+				syslog(LOG_ERR, "FusionForge: LDAP start_tls failed: ".ldap_error($this->ldap_conn));
 				debuglog("LDAP: ldap_start_tls() failed: ".ldap_error($this->ldap_conn));
 				return false;
 			}
@@ -343,7 +334,7 @@
 			debuglog("LDAP: ldap_bind() (application bind)");
 			if (!@ldap_bind($this->ldap_conn, $this->ldap_bind_dn, $this->ldap_bind_pwd)) {
 				debuglog("LDAP: ldap_bind() failed (application bind): ". ldap_error($this->ldap_conn));
-				syslog(LOG_ERR, "GForge:LDAP application bind failed, using DB login/passwd instead.");
+				syslog(LOG_ERR, "FusionForge:LDAP application bind failed, using DB login/passwd instead.");
 				return false;
 			}
 		}
@@ -358,9 +349,4 @@
 	fclose($fp);
 }
 
-// Local Variables:
-// mode: php
-// c-file-style: "bsd"
-// End:
-
 ?>




More information about the Fusionforge-commits mailing list