public $provider_name = null;
public $uniqueMember_attribute = null;
public $roles_to_groups = null;
+ public $login_group = null;
function onInitializePlugin(){
parent::onInitializePlugin();
if($user_username->find() && $user_username->fetch()){
$entry = $this->ldap_get_user($user_username->username);
if($entry){
- //if a user exists, we can assume he's allowed to login
- return true;
+ if(isset($this->login_group)){
+ if(is_array($this->login_group)){
+ foreach($this->login_group as $group){
+ if($this->isMemberOfGroup($entry->dn(),$group)){
+ return true;
+ }
+ }
+ }else{
+ if($this->isMemberOfGroup($entry->dn(),login_group)){
+ return true;
+ }
+ }
+ return null;
+ }else{
+ //if a user exists, we can assume he's allowed to login
+ return true;
+ }
}else{
return null;
}
that lists the DNs of its members
roles_to_groups*: array that maps StatusNet roles to LDAP groups
some StatusNet roles are: moderator, administrator, sandboxed, silenced
+login_group: if this is set to a group DN, only members of that group will be
+ allowed to login
The below settings must be exact copies of the settings used for the
corresponding LDAP Authentication plugin.
projects / quix0rs-gnu-social.git / commitdiff