summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--plugins/LdapAuthorization/LdapAuthorizationPlugin.php20
-rw-r--r--plugins/LdapAuthorization/README2
2 files changed, 20 insertions, 2 deletions
diff --git a/plugins/LdapAuthorization/LdapAuthorizationPlugin.php b/plugins/LdapAuthorization/LdapAuthorizationPlugin.php
index 20bbd2562..5173781f9 100644
--- a/plugins/LdapAuthorization/LdapAuthorizationPlugin.php
+++ b/plugins/LdapAuthorization/LdapAuthorizationPlugin.php
@@ -49,6 +49,7 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin
public $provider_name = null;
public $uniqueMember_attribute = null;
public $roles_to_groups = null;
+ public $login_group = null;
function onInitializePlugin(){
parent::onInitializePlugin();
@@ -77,8 +78,23 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin
if($user_username->find() && $user_username->fetch()){
$entry = $this->ldap_get_user($user_username->username);
if($entry){
- //if a user exists, we can assume he's allowed to login
- return true;
+ if(isset($this->login_group)){
+ if(is_array($this->login_group)){
+ foreach($this->login_group as $group){
+ if($this->isMemberOfGroup($entry->dn(),$group)){
+ return true;
+ }
+ }
+ }else{
+ if($this->isMemberOfGroup($entry->dn(),login_group)){
+ return true;
+ }
+ }
+ return null;
+ }else{
+ //if a user exists, we can assume he's allowed to login
+ return true;
+ }
}else{
return null;
}
diff --git a/plugins/LdapAuthorization/README b/plugins/LdapAuthorization/README
index 2ca33f653..2166b2726 100644
--- a/plugins/LdapAuthorization/README
+++ b/plugins/LdapAuthorization/README
@@ -18,6 +18,8 @@ uniqueMember_attribute ('uniqueMember')*: the attribute of a group
that lists the DNs of its members
roles_to_groups*: array that maps StatusNet roles to LDAP groups
some StatusNet roles are: moderator, administrator, sandboxed, silenced
+login_group: if this is set to a group DN, only members of that group will be
+ allowed to login
The below settings must be exact copies of the settings used for the
corresponding LDAP Authentication plugin.