attributes['username'] is required

author Craig Andrews <candrews@integralblue.com>

Wed, 18 Nov 2009 20:40:27 +0000 (15:40 -0500)

committer Craig Andrews <candrews@integralblue.com>

Wed, 18 Nov 2009 20:40:27 +0000 (15:40 -0500)
author Craig Andrews <candrews@integralblue.com>
Wed, 18 Nov 2009 20:40:27 +0000 (15:40 -0500)
committer Craig Andrews <candrews@integralblue.com>
Wed, 18 Nov 2009 20:40:27 +0000 (15:40 -0500)
diff --git a/plugins/LdapAuthentication/LdapAuthenticationPlugin.php b/plugins/LdapAuthentication/LdapAuthenticationPlugin.php

index 555dabf78da8b2e56cb0e34897c470f198bed96a..25531a8116e6669ae5f8664ee190683418aa331c 100644 (file)
--- a/plugins/LdapAuthentication/LdapAuthenticationPlugin.php
+++ b/plugins/LdapAuthentication/LdapAuthenticationPlugin.php
@@ -189,7 +189,6 @@ class LdapAuthenticationPlugin extends AuthenticationPlugin
          }
          $filter = Net_LDAP2_Filter::create($this->attributes['username'], 'equals',  $username);
          $options = array(
-            'scope' => 'sub',
              'attributes' => $attributes
          );
          $search = $ldap->search(null,$filter,$options);
diff --git a/plugins/LdapAuthorization/LdapAuthorizationPlugin.php b/plugins/LdapAuthorization/LdapAuthorizationPlugin.php

index 98f4034d24872e9c42f4ccd26151019740f00114..91ee9b1abc354de7a4fa016514c898fb753b4bd3 100644 (file)
--- a/plugins/LdapAuthorization/LdapAuthorizationPlugin.php
+++ b/plugins/LdapAuthorization/LdapAuthorizationPlugin.php
@@ -50,6 +50,7 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin
      public $uniqueMember_attribute = null;
      public $roles_to_groups = null;
      public $login_group = null;
+    public $attributes = array();
  
      function onInitializePlugin(){
          parent::onInitializePlugin();
@@ -68,6 +69,9 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin
          if(!isset($this->roles_to_groups)){
              throw new Exception("roles_to_groups must be set.");
          }
+        if(!isset($this->attributes['username'])){
+            throw new Exception("username attribute must be set.");
+        }
      }
  
      //---interface implementation---//
@@ -86,7 +90,7 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin
                              }
                          }
                      }else{
-                        if($this->isMemberOfGroup($entry->dn(),login_group)){
+                        if($this->isMemberOfGroup($entry->dn(),$this->login_group)){
                              return true;
                          }
                      }
@@ -142,8 +146,8 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin
              return false;
          }
      }
-    
-        function ldap_get_config(){
+
+    function ldap_get_config(){
          $config = array();
          $keys = array('host','port','version','starttls','binddn','bindpw','basedn','options','filter','scope');
          foreach($keys as $key){
@@ -187,7 +191,6 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin
          }
          $filter = Net_LDAP2_Filter::create($this->attributes['username'], 'equals',  $username);
          $options = array(
-            'scope' => 'sub',
              'attributes' => $attributes
          );
          $search = $ldap->search(null,$filter,$options);
diff --git a/plugins/LdapAuthorization/README b/plugins/LdapAuthorization/README

index 2166b272660d56816196ac7bc18e70e87bf567da..fcf1efa47eb6671ed8c695006d7b17ed83dfe912 100644 (file)
--- a/plugins/LdapAuthorization/README
+++ b/plugins/LdapAuthorization/README
@@ -45,6 +45,9 @@ filter: Default search filter.
  scope: Default search scope.
      See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
  
+attributes: an array that relates StatusNet user attributes to LDAP ones
+    username*: LDAP attribute value entered when authenticating to StatusNet
+
  * required
  default values are in (parenthesis)
  
@@ -72,7 +75,7 @@ addPlugin('ldapAuthentication', array(
  addPlugin('ldapAuthorization', array(
      'provider_name'=>'Example',
      'authoritative'=>false,
-    'uniqueMember_attribute'=>'uniqueMember',
+    'uniqueMember_attribute'=>'member',
      'roles_to_groups'=> array(
          'moderator'=>'CN=SN-Moderators,OU=Users,OU=StatusNet,OU=US,DC=americas,DC=global,DC=loc',
          'administrator'=> array('CN=System-Adminstrators,OU=Users,OU=StatusNet,OU=US,DC=americas,DC=global,DC=loc',
@@ -81,6 +84,8 @@ addPlugin('ldapAuthorization', array(
      'binddn'=>'username',
      'bindpw'=>'password',
      'basedn'=>'OU=Users,OU=StatusNet,OU=US,DC=americas,DC=global,DC=loc',
-    'host'=>array('server1', 'server2')
+    'host'=>array('server1', 'server2'),
+    'attributes'=>array(
+        'username'=>'sAMAccountName')
  ));
author	Craig Andrews <candrews@integralblue.com>
	Wed, 18 Nov 2009 20:40:27 +0000 (15:40 -0500)
committer	Craig Andrews <candrews@integralblue.com>
	Wed, 18 Nov 2009 20:40:27 +0000 (15:40 -0500)
plugins/LdapAuthentication/LdapAuthenticationPlugin.php		patch \| blob \| history
plugins/LdapAuthorization/LdapAuthorizationPlugin.php		patch \| blob \| history
plugins/LdapAuthorization/README		patch \| blob \| history