From 44c7813ac1c8941f0cb7ebfc6e3ccc860f2c5c45 Mon Sep 17 00:00:00 2001 From: Craig Andrews Date: Wed, 18 Nov 2009 14:35:44 -0500 Subject: Add login_group configuration option so only members of a certain group can login --- .../LdapAuthorization/LdapAuthorizationPlugin.php | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) (limited to 'plugins/LdapAuthorization/LdapAuthorizationPlugin.php') diff --git a/plugins/LdapAuthorization/LdapAuthorizationPlugin.php b/plugins/LdapAuthorization/LdapAuthorizationPlugin.php index 20bbd2562..5173781f9 100644 --- a/plugins/LdapAuthorization/LdapAuthorizationPlugin.php +++ b/plugins/LdapAuthorization/LdapAuthorizationPlugin.php @@ -49,6 +49,7 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin public $provider_name = null; public $uniqueMember_attribute = null; public $roles_to_groups = null; + public $login_group = null; function onInitializePlugin(){ parent::onInitializePlugin(); @@ -77,8 +78,23 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin if($user_username->find() && $user_username->fetch()){ $entry = $this->ldap_get_user($user_username->username); if($entry){ - //if a user exists, we can assume he's allowed to login - return true; + if(isset($this->login_group)){ + if(is_array($this->login_group)){ + foreach($this->login_group as $group){ + if($this->isMemberOfGroup($entry->dn(),$group)){ + return true; + } + } + }else{ + if($this->isMemberOfGroup($entry->dn(),login_group)){ + return true; + } + } + return null; + }else{ + //if a user exists, we can assume he's allowed to login + return true; + } }else{ return null; } -- cgit v1.2.3-54-g00ecf