diff options
| author | Craig Andrews <candrews@integralblue.com> | 2009-11-18 15:40:27 -0500 |
|---|---|---|
| committer | Craig Andrews <candrews@integralblue.com> | 2009-11-18 15:40:27 -0500 |
| commit | 297f320e6f30aa973b275efc4aed59bf8c45fc0a (patch) | |
| tree | 845505f60bcf771acb4f5ba3d5ef56a7e0c1f104 /plugins/LdapAuthorization | |
| parent | 9ed70a5b111c57923eff46da84c8f6e3167eb01e (diff) | |
attributes['username'] is required
Diffstat (limited to 'plugins/LdapAuthorization')
| -rw-r--r-- | plugins/LdapAuthorization/LdapAuthorizationPlugin.php | 11 | ||||
| -rw-r--r-- | plugins/LdapAuthorization/README | 9 |
2 files changed, 14 insertions, 6 deletions
diff --git a/plugins/LdapAuthorization/LdapAuthorizationPlugin.php b/plugins/LdapAuthorization/LdapAuthorizationPlugin.php index 98f4034d2..91ee9b1ab 100644 --- a/plugins/LdapAuthorization/LdapAuthorizationPlugin.php +++ b/plugins/LdapAuthorization/LdapAuthorizationPlugin.php @@ -50,6 +50,7 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin public $uniqueMember_attribute = null; public $roles_to_groups = null; public $login_group = null; + public $attributes = array(); function onInitializePlugin(){ parent::onInitializePlugin(); @@ -68,6 +69,9 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin if(!isset($this->roles_to_groups)){ throw new Exception("roles_to_groups must be set."); } + if(!isset($this->attributes['username'])){ + throw new Exception("username attribute must be set."); + } } //---interface implementation---// @@ -86,7 +90,7 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin } } }else{ - if($this->isMemberOfGroup($entry->dn(),login_group)){ + if($this->isMemberOfGroup($entry->dn(),$this->login_group)){ return true; } } @@ -142,8 +146,8 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin return false; } } - - function ldap_get_config(){ + + function ldap_get_config(){ $config = array(); $keys = array('host','port','version','starttls','binddn','bindpw','basedn','options','filter','scope'); foreach($keys as $key){ @@ -187,7 +191,6 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin } $filter = Net_LDAP2_Filter::create($this->attributes['username'], 'equals', $username); $options = array( - 'scope' => 'sub', 'attributes' => $attributes ); $search = $ldap->search(null,$filter,$options); diff --git a/plugins/LdapAuthorization/README b/plugins/LdapAuthorization/README index 2166b2726..fcf1efa47 100644 --- a/plugins/LdapAuthorization/README +++ b/plugins/LdapAuthorization/README @@ -45,6 +45,9 @@ filter: Default search filter. scope: Default search scope. See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php +attributes: an array that relates StatusNet user attributes to LDAP ones + username*: LDAP attribute value entered when authenticating to StatusNet + * required default values are in (parenthesis) @@ -72,7 +75,7 @@ addPlugin('ldapAuthentication', array( addPlugin('ldapAuthorization', array( 'provider_name'=>'Example', 'authoritative'=>false, - 'uniqueMember_attribute'=>'uniqueMember', + 'uniqueMember_attribute'=>'member', 'roles_to_groups'=> array( 'moderator'=>'CN=SN-Moderators,OU=Users,OU=StatusNet,OU=US,DC=americas,DC=global,DC=loc', 'administrator'=> array('CN=System-Adminstrators,OU=Users,OU=StatusNet,OU=US,DC=americas,DC=global,DC=loc', @@ -81,6 +84,8 @@ addPlugin('ldapAuthorization', array( 'binddn'=>'username', 'bindpw'=>'password', 'basedn'=>'OU=Users,OU=StatusNet,OU=US,DC=americas,DC=global,DC=loc', - 'host'=>array('server1', 'server2') + 'host'=>array('server1', 'server2'), + 'attributes'=>array( + 'username'=>'sAMAccountName') )); |