diff options
| author | Craig Andrews <candrews@integralblue.com> | 2009-11-18 14:35:44 -0500 |
|---|---|---|
| committer | Craig Andrews <candrews@integralblue.com> | 2009-11-18 14:35:44 -0500 |
| commit | 44c7813ac1c8941f0cb7ebfc6e3ccc860f2c5c45 (patch) | |
| tree | 3ea74600b1639b89a0d1431274f133cf1aada195 | |
| parent | d07df8a7964e08d1af9e7bd762f2ac07035d9856 (diff) | |
Add login_group configuration option so only members of a certain group can login
| -rw-r--r-- | plugins/LdapAuthorization/LdapAuthorizationPlugin.php | 20 | ||||
| -rw-r--r-- | plugins/LdapAuthorization/README | 2 |
2 files changed, 20 insertions, 2 deletions
diff --git a/plugins/LdapAuthorization/LdapAuthorizationPlugin.php b/plugins/LdapAuthorization/LdapAuthorizationPlugin.php index 20bbd2562..5173781f9 100644 --- a/plugins/LdapAuthorization/LdapAuthorizationPlugin.php +++ b/plugins/LdapAuthorization/LdapAuthorizationPlugin.php @@ -49,6 +49,7 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin public $provider_name = null; public $uniqueMember_attribute = null; public $roles_to_groups = null; + public $login_group = null; function onInitializePlugin(){ parent::onInitializePlugin(); @@ -77,8 +78,23 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin if($user_username->find() && $user_username->fetch()){ $entry = $this->ldap_get_user($user_username->username); if($entry){ - //if a user exists, we can assume he's allowed to login - return true; + if(isset($this->login_group)){ + if(is_array($this->login_group)){ + foreach($this->login_group as $group){ + if($this->isMemberOfGroup($entry->dn(),$group)){ + return true; + } + } + }else{ + if($this->isMemberOfGroup($entry->dn(),login_group)){ + return true; + } + } + return null; + }else{ + //if a user exists, we can assume he's allowed to login + return true; + } }else{ return null; } diff --git a/plugins/LdapAuthorization/README b/plugins/LdapAuthorization/README index 2ca33f653..2166b2726 100644 --- a/plugins/LdapAuthorization/README +++ b/plugins/LdapAuthorization/README @@ -18,6 +18,8 @@ uniqueMember_attribute ('uniqueMember')*: the attribute of a group that lists the DNs of its members roles_to_groups*: array that maps StatusNet roles to LDAP groups some StatusNet roles are: moderator, administrator, sandboxed, silenced +login_group: if this is set to a group DN, only members of that group will be + allowed to login The below settings must be exact copies of the settings used for the corresponding LDAP Authentication plugin. |