* Note when using with Windows Active Directory: you may need to set TLS_CACERT in your site
* ldap.conf file to the signing cert for your LDAP server.
*
- * The configuration options for this module may be set in the .htconfig.php file
+ * The configuration options for this module may be set in the config/addon.config.php file
* e.g.:
*
- * // ldap hostname server - required
- * $a->config['ldapauth']['ldap_server'] = 'host.example.com';
- * // dn to search users - required
- * $a->config['ldapauth']['ldap_searchdn'] = 'ou=users,dc=example,dc=com';
- * // attribute to find username - required
- * $a->config['ldapauth']['ldap_userattr'] = 'uid';
+ * [ldapauth]
+ * ; ldap hostname server - required
+ * ldap_server = host.example.com
+ * ; dn to search users - required
+ * ldap_searchdn = ou=users,dc=example,dc=com
+ * ; attribute to find username - required
+ * ldap_userattr = uid
*
- * // admin dn - optional - only if ldap server dont have anonymous access
- * $a->config['ldapauth']['ldap_binddn'] = 'cn=admin,dc=example,dc=com';
- * // admin password - optional - only if ldap server dont have anonymous access
- * $a->config['ldapauth']['ldap_bindpw'] = 'password';
+ * ; admin dn - optional - only if ldap server dont have anonymous access
+ * ldap_binddn = cn=admin,dc=example,dc=com
+ * ; admin password - optional - only if ldap server dont have anonymous access
+ * ldap_bindpw = password
*
- * // for create Friendica account if user exist in ldap
- * // required an email and a simple (beautiful) nickname on user ldap object
- * // active account creation - optional - default none
- * $a->config['ldapauth']['ldap_autocreateaccount'] = 'true';
- * // attribute to get email - optional - default : 'mail'
- * $a->config['ldapauth']['ldap_autocreateaccount_emailattribute'] = 'mail';
- * // attribute to get nickname - optional - default : 'givenName'
- * $a->config['ldapauth']['ldap_autocreateaccount_nameattribute'] = 'cn';
+ * ; for create Friendica account if user exist in ldap
+ * ; required an email and a simple (beautiful) nickname on user ldap object
+ * ; active account creation - optional - default none
+ * ldap_autocreateaccount = true
+ * ; attribute to get email - optional - default : 'mail'
+ * ldap_autocreateaccount_emailattribute = mail
+ * ; attribute to get nickname - optional - default : 'givenName'
+ * ldap_autocreateaccount_nameattribute = cn
*
* ...etc.
*/
-require_once('include/user.php');
-
-use Friendica\Core\Config;
+use Friendica\Core\Hook;
+use Friendica\Core\Logger;
+use Friendica\DI;
+use Friendica\Model\User;
+use Friendica\Util\ConfigFileLoader;
function ldapauth_install()
{
- register_hook('authenticate', 'addon/ldapauth/ldapauth.php', 'ldapauth_hook_authenticate');
+ Hook::register('load_config', 'addon/ldapauth/ldapauth.php', 'ldapauth_load_config');
+ Hook::register('authenticate', 'addon/ldapauth/ldapauth.php', 'ldapauth_hook_authenticate');
}
function ldapauth_uninstall()
{
- unregister_hook('authenticate', 'addon/ldapauth/ldapauth.php', 'ldapauth_hook_authenticate');
+ Hook::unregister('load_config', 'addon/ldapauth/ldapauth.php', 'ldapauth_load_config');
+ Hook::unregister('authenticate', 'addon/ldapauth/ldapauth.php', 'ldapauth_hook_authenticate');
+}
+
+function ldapauth_load_config(\Friendica\App $a, ConfigFileLoader $loader)
+{
+ $a->getConfigCache()->load($loader->loadAddonConfig('ldapauth'));
}
function ldapauth_hook_authenticate($a, &$b)
function ldapauth_authenticate($username, $password)
{
- $ldap_server = Config::get('ldapauth', 'ldap_server');
- $ldap_binddn = Config::get('ldapauth', 'ldap_binddn');
- $ldap_bindpw = Config::get('ldapauth', 'ldap_bindpw');
- $ldap_searchdn = Config::get('ldapauth', 'ldap_searchdn');
- $ldap_userattr = Config::get('ldapauth', 'ldap_userattr');
- $ldap_group = Config::get('ldapauth', 'ldap_group');
- $ldap_autocreateaccount = Config::get('ldapauth', 'ldap_autocreateaccount');
- $ldap_autocreateaccount_emailattribute = Config::get('ldapauth', 'ldap_autocreateaccount_emailattribute');
- $ldap_autocreateaccount_nameattribute = Config::get('ldapauth', 'ldap_autocreateaccount_nameattribute');
-
- if (!((strlen($password)) && (function_exists('ldap_connect')) && (strlen($ldap_server)))) {
- logger("ldapauth: not configured or missing php-ldap module");
+ $ldap_server = DI::config()->get('ldapauth', 'ldap_server');
+ $ldap_binddn = DI::config()->get('ldapauth', 'ldap_binddn');
+ $ldap_bindpw = DI::config()->get('ldapauth', 'ldap_bindpw');
+ $ldap_searchdn = DI::config()->get('ldapauth', 'ldap_searchdn');
+ $ldap_userattr = DI::config()->get('ldapauth', 'ldap_userattr');
+ $ldap_group = DI::config()->get('ldapauth', 'ldap_group');
+ $ldap_autocreateaccount = DI::config()->get('ldapauth', 'ldap_autocreateaccount');
+ $ldap_autocreateaccount_emailattribute = DI::config()->get('ldapauth', 'ldap_autocreateaccount_emailattribute');
+ $ldap_autocreateaccount_nameattribute = DI::config()->get('ldapauth', 'ldap_autocreateaccount_nameattribute');
+
+ if (!(strlen($password) && function_exists('ldap_connect') && strlen($ldap_server))) {
+ Logger::log("ldapauth: not configured or missing php-ldap module");
return false;
}
$connect = @ldap_connect($ldap_server);
if ($connect === false) {
- logger("ldapauth: could not connect to $ldap_server");
+ Logger::log("ldapauth: could not connect to $ldap_server");
return false;
}
@ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, 3);
@ldap_set_option($connect, LDAP_OPT_REFERRALS, 0);
if ((@ldap_bind($connect, $ldap_binddn, $ldap_bindpw)) === false) {
- logger("ldapauth: could not bind $ldap_server as $ldap_binddn");
+ Logger::log("ldapauth: could not bind $ldap_server as $ldap_binddn");
return false;
}
$res = @ldap_search($connect, $ldap_searchdn, $ldap_userattr . '=' . $username);
if (!$res) {
- logger("ldapauth: $ldap_userattr=$username,$ldap_searchdn not found");
+ Logger::log("ldapauth: $ldap_userattr=$username,$ldap_searchdn not found");
return false;
}
@ldap_close($connect);
if ($eno === 32) {
- logger("ldapauth: access control group Does Not Exist");
+ Logger::log("ldapauth: access control group Does Not Exist");
return false;
} elseif ($eno === 16) {
- logger('ldapauth: membership attribute does not exist in access control group');
+ Logger::log('ldapauth: membership attribute does not exist in access control group');
return false;
} else {
- logger('ldapauth: error: ' . $err);
+ Logger::log('ldapauth: error: ' . $err);
return false;
}
} elseif ($r === false) {
$results = get_existing_account($username);
if (empty($results)) {
if (strlen($email) > 0 && strlen($name) > 0) {
- $arr = array('username' => $name, 'nickname' => $username, 'email' => $email, 'password' => $password, 'verified' => 1);
- $result = create_user($arr);
- if ($result['success']) {
- logger("ldapauth: account " . $username . " created");
- } else {
- logger("ldapauth: account " . $username . " was not created ! : " . implode($result));
+ $arr = ['username' => $name, 'nickname' => $username, 'email' => $email, 'password' => $password, 'verified' => 1];
+
+ try {
+ User::create($arr);
+ Logger::log("ldapauth: account " . $username . " created");
+ } catch (Exception $ex) {
+ Logger::log("ldapauth: account " . $username . " was not created ! : " . $ex->getMessage());
}
} else {
- logger("ldapauth: unable to create account, no email or nickname found");
+ Logger::log("ldapauth: unable to create account, no email or nickname found");
}
}
}