diff --git a/plugins/LdapAuthentication/LdapAuthenticationPlugin.php b/plugins/LdapAuthentication/LdapAuthenticationPlugin.php index 555dabf78d..25531a8116 100644 --- a/plugins/LdapAuthentication/LdapAuthenticationPlugin.php +++ b/plugins/LdapAuthentication/LdapAuthenticationPlugin.php @@ -189,7 +189,6 @@ class LdapAuthenticationPlugin extends AuthenticationPlugin } $filter = Net_LDAP2_Filter::create($this->attributes['username'], 'equals', $username); $options = array( - 'scope' => 'sub', 'attributes' => $attributes ); $search = $ldap->search(null,$filter,$options); diff --git a/plugins/LdapAuthorization/LdapAuthorizationPlugin.php b/plugins/LdapAuthorization/LdapAuthorizationPlugin.php index 98f4034d24..91ee9b1abc 100644 --- a/plugins/LdapAuthorization/LdapAuthorizationPlugin.php +++ b/plugins/LdapAuthorization/LdapAuthorizationPlugin.php @@ -50,6 +50,7 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin public $uniqueMember_attribute = null; public $roles_to_groups = null; public $login_group = null; + public $attributes = array(); function onInitializePlugin(){ parent::onInitializePlugin(); @@ -68,6 +69,9 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin if(!isset($this->roles_to_groups)){ throw new Exception("roles_to_groups must be set."); } + if(!isset($this->attributes['username'])){ + throw new Exception("username attribute must be set."); + } } //---interface implementation---// @@ -86,7 +90,7 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin } } }else{ - if($this->isMemberOfGroup($entry->dn(),login_group)){ + if($this->isMemberOfGroup($entry->dn(),$this->login_group)){ return true; } } @@ -142,8 +146,8 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin return false; } } - - function ldap_get_config(){ + + function ldap_get_config(){ $config = array(); $keys = array('host','port','version','starttls','binddn','bindpw','basedn','options','filter','scope'); foreach($keys as $key){ @@ -187,7 +191,6 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin } $filter = Net_LDAP2_Filter::create($this->attributes['username'], 'equals', $username); $options = array( - 'scope' => 'sub', 'attributes' => $attributes ); $search = $ldap->search(null,$filter,$options); diff --git a/plugins/LdapAuthorization/README b/plugins/LdapAuthorization/README index 2166b27266..fcf1efa47e 100644 --- a/plugins/LdapAuthorization/README +++ b/plugins/LdapAuthorization/README @@ -45,6 +45,9 @@ filter: Default search filter. scope: Default search scope. See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php +attributes: an array that relates StatusNet user attributes to LDAP ones + username*: LDAP attribute value entered when authenticating to StatusNet + * required default values are in (parenthesis) @@ -72,7 +75,7 @@ addPlugin('ldapAuthentication', array( addPlugin('ldapAuthorization', array( 'provider_name'=>'Example', 'authoritative'=>false, - 'uniqueMember_attribute'=>'uniqueMember', + 'uniqueMember_attribute'=>'member', 'roles_to_groups'=> array( 'moderator'=>'CN=SN-Moderators,OU=Users,OU=StatusNet,OU=US,DC=americas,DC=global,DC=loc', 'administrator'=> array('CN=System-Adminstrators,OU=Users,OU=StatusNet,OU=US,DC=americas,DC=global,DC=loc', @@ -81,6 +84,8 @@ addPlugin('ldapAuthorization', array( 'binddn'=>'username', 'bindpw'=>'password', 'basedn'=>'OU=Users,OU=StatusNet,OU=US,DC=americas,DC=global,DC=loc', - 'host'=>array('server1', 'server2') + 'host'=>array('server1', 'server2'), + 'attributes'=>array( + 'username'=>'sAMAccountName') ));