X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=plugins%2FLdapAuthorization%2FLdapAuthorizationPlugin.php;h=7f48ce5e1b0fd8b35578200fd49adb5ae4a4c24a;hb=623faf9f2d83b8fd6134e77ad6f5dd1cedc7a5c1;hp=98f4034d24872e9c42f4ccd26151019740f00114;hpb=9ed70a5b111c57923eff46da84c8f6e3167eb01e;p=quix0rs-gnu-social.git diff --git a/plugins/LdapAuthorization/LdapAuthorizationPlugin.php b/plugins/LdapAuthorization/LdapAuthorizationPlugin.php index 98f4034d24..7f48ce5e1b 100644 --- a/plugins/LdapAuthorization/LdapAuthorizationPlugin.php +++ b/plugins/LdapAuthorization/LdapAuthorizationPlugin.php @@ -31,7 +31,6 @@ if (!defined('STATUSNET') && !defined('LACONICA')) { exit(1); } -require_once INSTALLDIR.'/plugins/Authorization/AuthorizationPlugin.php'; require_once 'Net/LDAP2.php'; class LdapAuthorizationPlugin extends AuthorizationPlugin @@ -48,11 +47,11 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin public $scope=null; public $provider_name = null; public $uniqueMember_attribute = null; - public $roles_to_groups = null; + public $roles_to_groups = array(); public $login_group = null; + public $attributes = array(); function onInitializePlugin(){ - parent::onInitializePlugin(); if(!isset($this->host)){ throw new Exception("must specify a host"); } @@ -65,8 +64,8 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin if(!isset($this->uniqueMember_attribute)){ throw new Exception("uniqueMember_attribute must be set."); } - if(!isset($this->roles_to_groups)){ - throw new Exception("roles_to_groups must be set."); + if(!isset($this->attributes['username'])){ + throw new Exception("username attribute must be set."); } } @@ -81,12 +80,12 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin if(isset($this->login_group)){ if(is_array($this->login_group)){ foreach($this->login_group as $group){ - if($this->isMemberOfGroup($entry->dn(),$group)){ + if($this->ldap_is_dn_member_of_group($entry->dn(),$group)){ return true; } } }else{ - if($this->isMemberOfGroup($entry->dn(),login_group)){ + if($this->ldap_is_dn_member_of_group($entry->dn(),$this->login_group)){ return true; } } @@ -113,12 +112,12 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin if(isset($this->roles_to_groups[$name])){ if(is_array($this->roles_to_groups[$name])){ foreach($this->roles_to_groups[$name] as $group){ - if($this->isMemberOfGroup($entry->dn(),$group)){ + if($this->ldap_is_dn_member_of_group($entry->dn(),$group)){ return true; } } }else{ - if($this->isMemberOfGroup($entry->dn(),$this->roles_to_groups[$name])){ + if($this->ldap_is_dn_member_of_group($entry->dn(),$this->roles_to_groups[$name])){ return true; } } @@ -128,9 +127,9 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin return false; } - function isMemberOfGroup($userDn, $groupDn) + function ldap_is_dn_member_of_group($userDn, $groupDn) { - $ldap = ldap_get_connection(); + $ldap = $this->ldap_get_connection(); $link = $ldap->getLink(); $r = ldap_compare($link, $groupDn, $this->uniqueMember_attribute, $userDn); if ($r === true){ @@ -142,8 +141,8 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin return false; } } - - function ldap_get_config(){ + + function ldap_get_config(){ $config = array(); $keys = array('host','port','version','starttls','binddn','bindpw','basedn','options','filter','scope'); foreach($keys as $key){ @@ -157,20 +156,21 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin //-----the below function were copied from LDAPAuthenticationPlugin. They will be moved to a utility class soon.----\\ function ldap_get_connection($config = null){ - if($config == null){ - $config = $this->ldap_get_config(); + if($config == null && isset($this->default_ldap)){ + return $this->default_ldap; } //cannot use Net_LDAP2::connect() as StatusNet uses //PEAR::setErrorHandling(PEAR_ERROR_CALLBACK, 'handleError'); //PEAR handling can be overridden on instance objects, so we do that. - $ldap = new Net_LDAP2($config); + $ldap = new Net_LDAP2(isset($config)?$config:$this->ldap_get_config()); $ldap->setErrorHandling(PEAR_ERROR_RETURN); $err=$ldap->bind(); if (Net_LDAP2::isError($err)) { common_log(LOG_WARNING, 'Could not connect to LDAP server: '.$err->getMessage()); return false; } + if($config == null) $this->default_ldap=$ldap; return $ldap; } @@ -187,7 +187,6 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin } $filter = Net_LDAP2_Filter::create($this->attributes['username'], 'equals', $username); $options = array( - 'scope' => 'sub', 'attributes' => $attributes ); $search = $ldap->search(null,$filter,$options); @@ -207,4 +206,15 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin return false; } } + + function onPluginVersion(&$versions) + { + $versions[] = array('name' => 'LDAP Authorization', + 'version' => STATUSNET_VERSION, + 'author' => 'Craig Andrews', + 'homepage' => 'http://status.net/wiki/Plugin:LdapAuthorization', + 'rawdescription' => + _m('The LDAP Authorization plugin allows for StatusNet to handle authorization through LDAP.')); + return true; + } }