summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCraig Andrews <candrews@integralblue.com>2009-11-18 15:40:27 -0500
committerCraig Andrews <candrews@integralblue.com>2009-11-18 15:40:27 -0500
commit297f320e6f30aa973b275efc4aed59bf8c45fc0a (patch)
tree845505f60bcf771acb4f5ba3d5ef56a7e0c1f104
parent9ed70a5b111c57923eff46da84c8f6e3167eb01e (diff)
attributes['username'] is required
-rw-r--r--plugins/LdapAuthentication/LdapAuthenticationPlugin.php1
-rw-r--r--plugins/LdapAuthorization/LdapAuthorizationPlugin.php11
-rw-r--r--plugins/LdapAuthorization/README9
3 files changed, 14 insertions, 7 deletions
diff --git a/plugins/LdapAuthentication/LdapAuthenticationPlugin.php b/plugins/LdapAuthentication/LdapAuthenticationPlugin.php
index 555dabf78..25531a811 100644
--- a/plugins/LdapAuthentication/LdapAuthenticationPlugin.php
+++ b/plugins/LdapAuthentication/LdapAuthenticationPlugin.php
@@ -189,7 +189,6 @@ class LdapAuthenticationPlugin extends AuthenticationPlugin
}
$filter = Net_LDAP2_Filter::create($this->attributes['username'], 'equals', $username);
$options = array(
- 'scope' => 'sub',
'attributes' => $attributes
);
$search = $ldap->search(null,$filter,$options);
diff --git a/plugins/LdapAuthorization/LdapAuthorizationPlugin.php b/plugins/LdapAuthorization/LdapAuthorizationPlugin.php
index 98f4034d2..91ee9b1ab 100644
--- a/plugins/LdapAuthorization/LdapAuthorizationPlugin.php
+++ b/plugins/LdapAuthorization/LdapAuthorizationPlugin.php
@@ -50,6 +50,7 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin
public $uniqueMember_attribute = null;
public $roles_to_groups = null;
public $login_group = null;
+ public $attributes = array();
function onInitializePlugin(){
parent::onInitializePlugin();
@@ -68,6 +69,9 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin
if(!isset($this->roles_to_groups)){
throw new Exception("roles_to_groups must be set.");
}
+ if(!isset($this->attributes['username'])){
+ throw new Exception("username attribute must be set.");
+ }
}
//---interface implementation---//
@@ -86,7 +90,7 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin
}
}
}else{
- if($this->isMemberOfGroup($entry->dn(),login_group)){
+ if($this->isMemberOfGroup($entry->dn(),$this->login_group)){
return true;
}
}
@@ -142,8 +146,8 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin
return false;
}
}
-
- function ldap_get_config(){
+
+ function ldap_get_config(){
$config = array();
$keys = array('host','port','version','starttls','binddn','bindpw','basedn','options','filter','scope');
foreach($keys as $key){
@@ -187,7 +191,6 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin
}
$filter = Net_LDAP2_Filter::create($this->attributes['username'], 'equals', $username);
$options = array(
- 'scope' => 'sub',
'attributes' => $attributes
);
$search = $ldap->search(null,$filter,$options);
diff --git a/plugins/LdapAuthorization/README b/plugins/LdapAuthorization/README
index 2166b2726..fcf1efa47 100644
--- a/plugins/LdapAuthorization/README
+++ b/plugins/LdapAuthorization/README
@@ -45,6 +45,9 @@ filter: Default search filter.
scope: Default search scope.
See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
+attributes: an array that relates StatusNet user attributes to LDAP ones
+ username*: LDAP attribute value entered when authenticating to StatusNet
+
* required
default values are in (parenthesis)
@@ -72,7 +75,7 @@ addPlugin('ldapAuthentication', array(
addPlugin('ldapAuthorization', array(
'provider_name'=>'Example',
'authoritative'=>false,
- 'uniqueMember_attribute'=>'uniqueMember',
+ 'uniqueMember_attribute'=>'member',
'roles_to_groups'=> array(
'moderator'=>'CN=SN-Moderators,OU=Users,OU=StatusNet,OU=US,DC=americas,DC=global,DC=loc',
'administrator'=> array('CN=System-Adminstrators,OU=Users,OU=StatusNet,OU=US,DC=americas,DC=global,DC=loc',
@@ -81,6 +84,8 @@ addPlugin('ldapAuthorization', array(
'binddn'=>'username',
'bindpw'=>'password',
'basedn'=>'OU=Users,OU=StatusNet,OU=US,DC=americas,DC=global,DC=loc',
- 'host'=>array('server1', 'server2')
+ 'host'=>array('server1', 'server2'),
+ 'attributes'=>array(
+ 'username'=>'sAMAccountName')
));