X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=plugins%2FLdapAuthentication%2FLdapAuthenticationPlugin.php;h=df28c5a09f5566113c775354af6302f3269295a9;hb=746e658f3e398948fe8c3f047e2b35ef6aa7ebd5;hp=865154730f788c2d460824af56aff9726820c2dc;hpb=bac2d80c919a78d5cafd57f712872a90cda04847;p=quix0rs-gnu-social.git diff --git a/plugins/LdapAuthentication/LdapAuthenticationPlugin.php b/plugins/LdapAuthentication/LdapAuthenticationPlugin.php index 865154730f..df28c5a09f 100644 --- a/plugins/LdapAuthentication/LdapAuthenticationPlugin.php +++ b/plugins/LdapAuthentication/LdapAuthenticationPlugin.php @@ -2,7 +2,7 @@ /** * StatusNet, the distributed open-source microblogging tool * - * Plugin to enable LDAP Authentication and Authorization + * Plugin to enable LDAP Authentication * * PHP version 5 * @@ -22,7 +22,7 @@ * @category Plugin * @package StatusNet * @author Craig Andrews - * @copyright 2009 Craig Andrews http://candrews.integralblue.com + * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 * @link http://status.net/ */ @@ -31,75 +31,90 @@ if (!defined('STATUSNET') && !defined('LACONICA')) { exit(1); } -require_once INSTALLDIR.'/plugins/Authentication/AuthenticationPlugin.php'; -require_once 'Net/LDAP2.php'; - class LdapAuthenticationPlugin extends AuthenticationPlugin { - public $host=null; - public $port=null; - public $version=null; - public $starttls=null; - public $binddn=null; - public $bindpw=null; - public $basedn=null; - public $options=null; - public $filter=null; - public $scope=null; - public $attributes=array(); - function onInitializePlugin(){ parent::onInitializePlugin(); - if(!isset($this->host)){ - throw new Exception("must specify a host"); - } - if(!isset($this->basedn)){ - throw new Exception("must specify a basedn"); - } if(!isset($this->attributes['nickname'])){ - throw new Exception("must specify a nickname attribute"); + // TRANS: Exception thrown when initialising the LDAP Auth plugin fails because of an incorrect configuration. + throw new Exception(_m('You must specify a nickname attribute.')); } - if(!isset($this->attributes['username'])){ - throw new Exception("must specify a username attribute"); + if($this->password_changeable && (! isset($this->attributes['password']) || !isset($this->password_encoding))){ + // TRANS: Exception thrown when initialising the LDAP Auth plugin fails because of an incorrect configuration. + throw new Exception(_m('If password_changeable is set, the password attribute and password_encoding must also be specified.')); } + $this->ldapCommon = new LdapCommon(get_object_vars($this)); } - - //---interface implementation---// - function checkPassword($username, $password) + function onAutoload($cls) { - $ldap = $this->ldap_get_connection(); - if(!$ldap){ + switch ($cls) + { + case 'LdapCommon': + require_once(INSTALLDIR.'/plugins/LdapCommon/LdapCommon.php'); return false; } - $entry = $this->ldap_get_user($username); - if(!$entry){ - return false; - }else{ - $config = $this->ldap_get_config(); - $config['binddn']=$entry->dn(); - $config['bindpw']=$password; - if($this->ldap_get_connection($config)){ - return true; - }else{ - return false; + + return parent::onAutoload($cls); + } + + function onEndShowPageNotice($action) + { + $name = $action->trimmed('action'); + $instr = false; + + switch ($name) + { + case 'register': + if($this->autoregistration) { + // TRANS: Instructions for LDAP authentication. + $instr = _m('Do you have an LDAP account? Use your standard username and password.'); } + break; + case 'login': + // TRANS: Instructions for LDAP authentication. + $instr = _m('Do you have an LDAP account? Use your standard username and password.'); + break; + default: + return true; + } + + if($instr) { + $output = common_markup_to_html($instr); + $action->raw($output); } + return true; } - function autoRegister($username) + //---interface implementation---// + + function checkPassword($username, $password) { - $entry = $this->ldap_get_user($username,$this->attributes); + return $this->ldapCommon->checkPassword($username,$password); + } + + function autoRegister($username, $nickname) + { + if(is_null($nickname)){ + $nickname = $username; + } + $entry = $this->ldapCommon->get_user($username,$this->attributes); if($entry){ $registration_data = array(); foreach($this->attributes as $sn_attribute=>$ldap_attribute){ - $registration_data[$sn_attribute]=$entry->getValue($ldap_attribute,'single'); + //ldap won't let us read a user's password, + //and we're going to set the password to a random string later anyways, + //so don't bother trying to read it. + if($sn_attribute != 'password'){ + $registration_data[$sn_attribute]=$entry->getValue($ldap_attribute,'single'); + } } if(isset($registration_data['email']) && !empty($registration_data['email'])){ $registration_data['email_confirmed']=true; } + $registration_data['nickname'] = $nickname; //set the database saved password to a random string. - $registration_data['password']=common_good_rand(16); + $registration_data['password']=common_random_hexstr(16); return User::register($registration_data); }else{ //user isn't in ldap, so we cannot register him @@ -109,72 +124,33 @@ class LdapAuthenticationPlugin extends AuthenticationPlugin function changePassword($username,$oldpassword,$newpassword) { - //TODO implement this - throw new Exception(_('Sorry, changing LDAP passwords is not supported at this time')); - - return false; + return $this->ldapCommon->changePassword($username,$oldpassword,$newpassword); } - - //---utility functions---// - function ldap_get_config(){ - $config = array(); - $keys = array('host','port','version','starttls','binddn','bindpw','basedn','options','filter','scope'); - foreach($keys as $key){ - $value = $this->$key; - if($value!==null){ - $config[$key]=$value; + + function suggestNicknameForUsername($username) + { + $entry = $this->ldapCommon->get_user($username, $this->attributes); + if(!$entry){ + //this really shouldn't happen + $nickname = $username; + }else{ + $nickname = $entry->getValue($this->attributes['nickname'],'single'); + if(!$nickname){ + $nickname = $username; } } - return $config; + return common_nicknamize($nickname); } - - function ldap_get_connection($config = null){ - if($config == null){ - $config = $this->ldap_get_config(); - } - - //cannot use Net_LDAP2::connect() as StatusNet uses - //PEAR::setErrorHandling(PEAR_ERROR_CALLBACK, 'handleError'); - //PEAR handling can be overridden on instance objects, so we do that. - $ldap = new Net_LDAP2($config); - $ldap->setErrorHandling(PEAR_ERROR_RETURN); - $err=$ldap->bind(); - if (Net_LDAP2::isError($err)) { - common_log(LOG_WARNING, 'Could not connect to LDAP server: '.$err->getMessage()); - return false; - } - return $ldap; - } - - /** - * get an LDAP entry for a user with a given username - * - * @param string $username - * $param array $attributes LDAP attributes to retrieve - * @return string DN - */ - function ldap_get_user($username,$attributes=array()){ - $ldap = $this->ldap_get_connection(); - $filter = Net_LDAP2_Filter::create($this->attributes['username'], 'equals', $username); - $options = array( - 'scope' => 'sub', - 'attributes' => $attributes - ); - $search = $ldap->search(null,$filter,$options); - - if (PEAR::isError($search)) { - common_log(LOG_WARNING, 'Error while getting DN for user: '.$search->getMessage()); - return false; - } - if($search->count()==0){ - return false; - }else if($search->count()==1){ - $entry = $search->shiftEntry(); - return $entry; - }else{ - common_log(LOG_WARNING, 'Found ' . $search->count() . ' ldap user with the username: ' . $username); - return false; - } + function onPluginVersion(&$versions) + { + $versions[] = array('name' => 'LDAP Authentication', + 'version' => GNUSOCIAL_VERSION, + 'author' => 'Craig Andrews', + 'homepage' => 'http://status.net/wiki/Plugin:LdapAuthentication', + 'rawdescription' => + // TRANS: Plugin description. + _m('The LDAP Authentication plugin allows for StatusNet to handle authentication through LDAP.')); + return true; } }