X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=ldapauth%2Fldapauth.php;h=6110799653b8fa8f029bb22067a37a2888529971;hb=b5759d24ee8db7e558fb1214e01fd26c105f4391;hp=63ccbe91598790d57f986ecfc6bdf771934456d2;hpb=cb9926c93a7fcf25028d19f47ef809ffcf002fd6;p=friendica-addons.git diff --git a/ldapauth/ldapauth.php b/ldapauth/ldapauth.php index 63ccbe91..61107996 100644 --- a/ldapauth/ldapauth.php +++ b/ldapauth/ldapauth.php @@ -26,43 +26,55 @@ * Note when using with Windows Active Directory: you may need to set TLS_CACERT in your site * ldap.conf file to the signing cert for your LDAP server. * - * The configuration options for this module may be set in the .htconfig.php file + * The configuration options for this module may be set in the config/addon.config.php file * e.g.: * - * // ldap hostname server - required - * $a->config['ldapauth']['ldap_server'] = 'host.example.com'; - * // dn to search users - required - * $a->config['ldapauth']['ldap_searchdn'] = 'ou=users,dc=example,dc=com'; - * // attribute to find username - required - * $a->config['ldapauth']['ldap_userattr'] = 'uid'; + * [ldapauth] + * ; ldap hostname server - required + * ldap_server = host.example.com + * ; dn to search users - required + * ldap_searchdn = ou=users,dc=example,dc=com + * ; attribute to find username - required + * ldap_userattr = uid * - * // admin dn - optional - only if ldap server dont have anonymous access - * $a->config['ldapauth']['ldap_binddn'] = 'cn=admin,dc=example,dc=com'; - * // admin password - optional - only if ldap server dont have anonymous access - * $a->config['ldapauth']['ldap_bindpw'] = 'password'; + * ; admin dn - optional - only if ldap server dont have anonymous access + * ldap_binddn = cn=admin,dc=example,dc=com + * ; admin password - optional - only if ldap server dont have anonymous access + * ldap_bindpw = password * - * // for create Friendica account if user exist in ldap - * // required an email and a simple (beautiful) nickname on user ldap object - * // active account creation - optional - default none - * $a->config['ldapauth']['ldap_autocreateaccount'] = 'true'; - * // attribute to get email - optional - default : 'mail' - * $a->config['ldapauth']['ldap_autocreateaccount_emailattribute'] = 'mail'; - * // attribute to get nickname - optional - default : 'givenName' - * $a->config['ldapauth']['ldap_autocreateaccount_nameattribute'] = 'cn'; + * ; for create Friendica account if user exist in ldap + * ; required an email and a simple (beautiful) nickname on user ldap object + * ; active account creation - optional - default none + * ldap_autocreateaccount = true + * ; attribute to get email - optional - default : 'mail' + * ldap_autocreateaccount_emailattribute = mail + * ; attribute to get nickname - optional - default : 'givenName' + * ldap_autocreateaccount_nameattribute = cn * * ...etc. */ -use Friendica\Core\Config; + +use Friendica\Core\Hook; +use Friendica\Core\Logger; +use Friendica\DI; use Friendica\Model\User; +use Friendica\Util\ConfigFileLoader; function ldapauth_install() { - register_hook('authenticate', 'addon/ldapauth/ldapauth.php', 'ldapauth_hook_authenticate'); + Hook::register('load_config', 'addon/ldapauth/ldapauth.php', 'ldapauth_load_config'); + Hook::register('authenticate', 'addon/ldapauth/ldapauth.php', 'ldapauth_hook_authenticate'); } function ldapauth_uninstall() { - unregister_hook('authenticate', 'addon/ldapauth/ldapauth.php', 'ldapauth_hook_authenticate'); + Hook::unregister('load_config', 'addon/ldapauth/ldapauth.php', 'ldapauth_load_config'); + Hook::unregister('authenticate', 'addon/ldapauth/ldapauth.php', 'ldapauth_hook_authenticate'); +} + +function ldapauth_load_config(\Friendica\App $a, ConfigFileLoader $loader) +{ + $a->getConfigCache()->load($loader->loadAddonConfig('ldapauth')); } function ldapauth_hook_authenticate($a, &$b) @@ -79,39 +91,39 @@ function ldapauth_hook_authenticate($a, &$b) function ldapauth_authenticate($username, $password) { - $ldap_server = Config::get('ldapauth', 'ldap_server'); - $ldap_binddn = Config::get('ldapauth', 'ldap_binddn'); - $ldap_bindpw = Config::get('ldapauth', 'ldap_bindpw'); - $ldap_searchdn = Config::get('ldapauth', 'ldap_searchdn'); - $ldap_userattr = Config::get('ldapauth', 'ldap_userattr'); - $ldap_group = Config::get('ldapauth', 'ldap_group'); - $ldap_autocreateaccount = Config::get('ldapauth', 'ldap_autocreateaccount'); - $ldap_autocreateaccount_emailattribute = Config::get('ldapauth', 'ldap_autocreateaccount_emailattribute'); - $ldap_autocreateaccount_nameattribute = Config::get('ldapauth', 'ldap_autocreateaccount_nameattribute'); + $ldap_server = DI::config()->get('ldapauth', 'ldap_server'); + $ldap_binddn = DI::config()->get('ldapauth', 'ldap_binddn'); + $ldap_bindpw = DI::config()->get('ldapauth', 'ldap_bindpw'); + $ldap_searchdn = DI::config()->get('ldapauth', 'ldap_searchdn'); + $ldap_userattr = DI::config()->get('ldapauth', 'ldap_userattr'); + $ldap_group = DI::config()->get('ldapauth', 'ldap_group'); + $ldap_autocreateaccount = DI::config()->get('ldapauth', 'ldap_autocreateaccount'); + $ldap_autocreateaccount_emailattribute = DI::config()->get('ldapauth', 'ldap_autocreateaccount_emailattribute'); + $ldap_autocreateaccount_nameattribute = DI::config()->get('ldapauth', 'ldap_autocreateaccount_nameattribute'); if (!(strlen($password) && function_exists('ldap_connect') && strlen($ldap_server))) { - logger("ldapauth: not configured or missing php-ldap module"); + Logger::log("ldapauth: not configured or missing php-ldap module"); return false; } $connect = @ldap_connect($ldap_server); if ($connect === false) { - logger("ldapauth: could not connect to $ldap_server"); + Logger::log("ldapauth: could not connect to $ldap_server"); return false; } @ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, 3); @ldap_set_option($connect, LDAP_OPT_REFERRALS, 0); if ((@ldap_bind($connect, $ldap_binddn, $ldap_bindpw)) === false) { - logger("ldapauth: could not bind $ldap_server as $ldap_binddn"); + Logger::log("ldapauth: could not bind $ldap_server as $ldap_binddn"); return false; } $res = @ldap_search($connect, $ldap_searchdn, $ldap_userattr . '=' . $username); if (!$res) { - logger("ldapauth: $ldap_userattr=$username,$ldap_searchdn not found"); + Logger::log("ldapauth: $ldap_userattr=$username,$ldap_searchdn not found"); return false; } @@ -152,13 +164,13 @@ function ldapauth_authenticate($username, $password) @ldap_close($connect); if ($eno === 32) { - logger("ldapauth: access control group Does Not Exist"); + Logger::log("ldapauth: access control group Does Not Exist"); return false; } elseif ($eno === 16) { - logger('ldapauth: membership attribute does not exist in access control group'); + Logger::log('ldapauth: membership attribute does not exist in access control group'); return false; } else { - logger('ldapauth: error: ' . $err); + Logger::log('ldapauth: error: ' . $err); return false; } } elseif ($r === false) { @@ -176,16 +188,16 @@ function ldap_autocreateaccount($ldap_autocreateaccount, $username, $password, $ $results = get_existing_account($username); if (empty($results)) { if (strlen($email) > 0 && strlen($name) > 0) { - $arr = array('username' => $name, 'nickname' => $username, 'email' => $email, 'password' => $password, 'verified' => 1); + $arr = ['username' => $name, 'nickname' => $username, 'email' => $email, 'password' => $password, 'verified' => 1]; try { User::create($arr); - logger("ldapauth: account " . $username . " created"); + Logger::log("ldapauth: account " . $username . " created"); } catch (Exception $ex) { - logger("ldapauth: account " . $username . " was not created ! : " . $ex->getMessage()); + Logger::log("ldapauth: account " . $username . " was not created ! : " . $ex->getMessage()); } } else { - logger("ldapauth: unable to create account, no email or nickname found"); + Logger::log("ldapauth: unable to create account, no email or nickname found"); } } }