* @category Plugin
* @package StatusNet
* @author Craig Andrews <candrews@integralblue.com>
- * @copyright 2009 Craig Andrews http://candrews.integralblue.com
+ * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org
* @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
* @link http://status.net/
*/
exit(1);
}
-require_once INSTALLDIR.'/plugins/Authorization/AuthorizationPlugin.php';
-require_once 'Net/LDAP2.php';
-
class LdapAuthorizationPlugin extends AuthorizationPlugin
{
- public $host=null;
- public $port=null;
- public $version=null;
- public $starttls=null;
- public $binddn=null;
- public $bindpw=null;
- public $basedn=null;
- public $options=null;
- public $filter=null;
- public $scope=null;
- public $provider_name = null;
- public $uniqueMember_attribute = null;
- public $roles_to_groups = null;
+ public $roles_to_groups = array();
+ public $login_group = null;
function onInitializePlugin(){
- parent::onInitializePlugin();
- if(!isset($this->host)){
- throw new Exception("must specify a host");
- }
- if(!isset($this->basedn)){
- throw new Exception("must specify a basedn");
- }
if(!isset($this->provider_name)){
- throw new Exception("provider_name must be set. Use the provider_name from the LDAP Authentication plugin.");
+ // TRANS: Exception thrown when initialising the LDAP Auth plugin fails because of an incorrect configuration.
+ throw new Exception(_m('provider_name must be set. Use the provider_name from the LDAP Authentication plugin.'));
}
if(!isset($this->uniqueMember_attribute)){
- throw new Exception("uniqueMember_attribute must be set.");
+ // TRANS: Exception thrown when initialising the LDAP Auth plugin fails because of an incorrect configuration.
+ throw new Exception(_m('uniqueMember_attribute must be set.'));
}
- if(!isset($this->roles_to_groups)){
- throw new Exception("roles_to_groups must be set.");
+ $this->ldapCommon = new LdapCommon(get_object_vars($this));
+ }
+
+ function onAutoload($cls)
+ {
+ switch ($cls)
+ {
+ case 'LdapCommon':
+ require_once(INSTALLDIR.'/plugins/LdapCommon/LdapCommon.php');
+ return false;
}
}
$user_username->user_id=$user->id;
$user_username->provider_name=$this->provider_name;
if($user_username->find() && $user_username->fetch()){
- $entry = $this->ldap_get_user($user_username->username);
+ $entry = $this->ldapCommon->get_user($user_username->username);
if($entry){
- //if a user exists, we can assume he's allowed to login
- return true;
+ if(isset($this->login_group)){
+ if(is_array($this->login_group)){
+ foreach($this->login_group as $group){
+ if($this->ldapCommon->is_dn_member_of_group($entry->dn(),$group)){
+ return true;
+ }
+ }
+ }else{
+ if($this->ldapCommon->is_dn_member_of_group($entry->dn(),$this->login_group)){
+ return true;
+ }
+ }
+ return null;
+ }else{
+ //if a user exists, we can assume he's allowed to login
+ return true;
+ }
}else{
return null;
}
$user_username->user_id=$profile->id;
$user_username->provider_name=$this->provider_name;
if($user_username->find() && $user_username->fetch()){
- $entry = $this->ldap_get_user($user_username->username);
+ $entry = $this->ldapCommon->get_user($user_username->username);
if($entry){
if(isset($this->roles_to_groups[$name])){
if(is_array($this->roles_to_groups[$name])){
foreach($this->roles_to_groups[$name] as $group){
- if($this->isMemberOfGroup($entry->dn(),$group)){
+ if($this->ldapCommon->is_dn_member_of_group($entry->dn(),$group)){
return true;
}
}
}else{
- if($this->isMemberOfGroup($entry->dn(),$this->roles_to_groups[$name])){
+ if($this->ldapCommon->is_dn_member_of_group($entry->dn(),$this->roles_to_groups[$name])){
return true;
}
}
return false;
}
- function isMemberOfGroup($userDn, $groupDn)
+ function onPluginVersion(&$versions)
{
- $ldap = ldap_get_connection();
- $link = $ldap->getLink();
- $r = ldap_compare($link, $groupDn, $this->uniqueMember_attribute, $userDn);
- if ($r === true){
- return true;
- }else if($r === false){
- return false;
- }else{
- common_log(LOG_ERR, ldap_error($r));
- return false;
- }
+ $versions[] = array('name' => 'LDAP Authorization',
+ 'version' => STATUSNET_VERSION,
+ 'author' => 'Craig Andrews',
+ 'homepage' => 'http://status.net/wiki/Plugin:LdapAuthorization',
+ 'rawdescription' =>
+ // TRANS: Plugin description.
+ _m('The LDAP Authorization plugin allows for StatusNet to handle authorization through LDAP.'));
+ return true;
}
}
projects / quix0rs-gnu-social.git / blobdiff