added ldap_auth_mode, lda_userid_search_filter, ldap_userid_search_base
This commit is contained in:
parent
103e2ce6b4
commit
265bd059fc
@ -24,14 +24,27 @@ database_prefix = ""
|
|||||||
; The userid format and the password format can contain
|
; The userid format and the password format can contain
|
||||||
; ${userid} and ${password} to represent the actual user ID
|
; ${userid} and ${password} to represent the actual user ID
|
||||||
; and the password respectively.
|
; and the password respectively.
|
||||||
|
;
|
||||||
|
; If ldap_auth_mode is 1, authentication is performed by binding to
|
||||||
|
; a LDAP server specified using ldap_userid_format as a binddn and
|
||||||
|
; ldap_password_format as a password.
|
||||||
|
;
|
||||||
|
; If ldap_auth_mode is 2, it finds a binddn by searching a subtree
|
||||||
|
; under ldap_userid_search_base using ldap_userid_search_filter
|
||||||
|
; after having bound with ldap_admin_binddn and ldap_admin_password.
|
||||||
|
; The binddn found is used for subsequent binding for authentication.
|
||||||
|
; ldap_userid_format is unused in this mode.
|
||||||
;------------------------------------------------------------------------------
|
;------------------------------------------------------------------------------
|
||||||
ldap_server_uri = "ldap://127.0.0.1:389"
|
ldap_server_uri = "ldap://127.0.0.1:389"
|
||||||
ldap_server_protocol_version = "3"
|
ldap_server_protocol_version = "3"
|
||||||
ldap_userid_format = "${userid}"
|
ldap_auth_mode 1
|
||||||
|
ldap_userid_format = "cn=${userid},ou=users,dc=codepot,dc=org"
|
||||||
ldap_password_format = "${password}"
|
ldap_password_format = "${password}"
|
||||||
|
ldap_admin_binddn = "cn=admin,dc=codepot,dc=org"
|
||||||
|
ldap_admin_password = "admin-password"
|
||||||
|
ldap_userid_search_filter = "(uid=${userid})"
|
||||||
|
ldap_userid_search_base = "ou=users,dc=codepot,dc=org"
|
||||||
ldap_mail_attribute_name = ""
|
ldap_mail_attribute_name = ""
|
||||||
ldap_admin_binddn = ""
|
|
||||||
ldap_admin_password = ""
|
|
||||||
|
|
||||||
;------------------------------------------------------------------------------
|
;------------------------------------------------------------------------------
|
||||||
; default langage to use. set it to 'auto' to detect it automatically.
|
; default langage to use. set it to 'auto' to detect it automatically.
|
||||||
@ -40,7 +53,6 @@ ldap_admin_password = ""
|
|||||||
;------------------------------------------------------------------------------
|
;------------------------------------------------------------------------------
|
||||||
language = "auto"
|
language = "auto"
|
||||||
|
|
||||||
|
|
||||||
;------------------------------------------------------------------------------
|
;------------------------------------------------------------------------------
|
||||||
; Name of the index page. If you want to hide the index page name from
|
; Name of the index page. If you want to hide the index page name from
|
||||||
; the URL by rewriting it (e.g. mod_rewrite), you have to change this
|
; the URL by rewriting it (e.g. mod_rewrite), you have to change this
|
||||||
|
@ -24,7 +24,57 @@ class LdapLoginModel extends LoginModel
|
|||||||
ldap_set_option ($ldap, LDAP_OPT_PROTOCOL_VERSION, CODEPOT_LDAP_SERVER_PROTOCOL_VERSION);
|
ldap_set_option ($ldap, LDAP_OPT_PROTOCOL_VERSION, CODEPOT_LDAP_SERVER_PROTOCOL_VERSION);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (CODEPOT_LDAP_AUTH_MODE == 2)
|
||||||
|
{
|
||||||
|
$f_rootdn = $this->formatString (CODEPOT_LDAP_ADMIN_BINDDN, $userid, $password);
|
||||||
|
$f_rootpw = $this->formatString (CODEPOT_LDAP_ADMIN_PASSWORD, $userid, $password);
|
||||||
|
$f_basedn = $this->formatString (CODEPOT_LDAP_USERID_SEARCH_BASE, $userid, $password);
|
||||||
|
$f_filter = $this->formatString (CODEPOT_LDAP_USERID_SEARCH_FILTER, $userid, $password);
|
||||||
|
|
||||||
|
$bind = @ldap_bind ($ldap, $f_userid, $f_password);
|
||||||
|
if ($bind === FALSE)
|
||||||
|
{
|
||||||
|
$this->setErrorMessage (ldap_error ($ldap));
|
||||||
|
ldap_close ($ldap);
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
|
|
||||||
|
$sr = @ldap_search ($ldap, $f_basedn, $f_filter, array("dn"));
|
||||||
|
if ($sr === FALSE)
|
||||||
|
{
|
||||||
|
$this->setErrorMessage (ldap_error ($ldap));
|
||||||
|
ldap_close ($ldap);
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
|
|
||||||
|
$ec = @ldap_count_entries ($ldap, $sr);
|
||||||
|
if ($ec === FALSE)
|
||||||
|
{
|
||||||
|
$this->setErrorMessage (ldap_error ($ldap));
|
||||||
|
ldap_close ($ldap);
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($ec <= 0)
|
||||||
|
{
|
||||||
|
$this->setErrorMessage ('No such user');
|
||||||
|
ldap_close ($ldap);
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (($fe = @ldap_first_entry ($ldap, $sr)) === FALSE ||
|
||||||
|
($f_userid = ldap_get_dn ($ldap, $fe)) === FALSE)
|
||||||
|
{
|
||||||
|
$this->setErrorMessage (ldap_error ($ldap));
|
||||||
|
ldap_close ($ldap);
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
$f_userid = $this->formatString (CODEPOT_LDAP_USERID_FORMAT, $userid, $password);
|
$f_userid = $this->formatString (CODEPOT_LDAP_USERID_FORMAT, $userid, $password);
|
||||||
|
}
|
||||||
|
|
||||||
$f_password = $this->formatString (CODEPOT_LDAP_PASSWORD_FORMAT, $userid, $password);
|
$f_password = $this->formatString (CODEPOT_LDAP_PASSWORD_FORMAT, $userid, $password);
|
||||||
|
|
||||||
$bind = @ldap_bind ($ldap, $f_userid, $f_password);
|
$bind = @ldap_bind ($ldap, $f_userid, $f_password);
|
||||||
|
@ -58,11 +58,14 @@ function load_ini ($file)
|
|||||||
|
|
||||||
array ('ldap_server_uri', 'string', 'ldap://127.0.0.1:389'),
|
array ('ldap_server_uri', 'string', 'ldap://127.0.0.1:389'),
|
||||||
array ('ldap_server_protocol_version', 'integer', 3),
|
array ('ldap_server_protocol_version', 'integer', 3),
|
||||||
|
array ('ldap_auth_mode', 'integer', 1),
|
||||||
array ('ldap_userid_format', 'string', '${userid}'),
|
array ('ldap_userid_format', 'string', '${userid}'),
|
||||||
array ('ldap_password_format', 'string', '${password}'),
|
array ('ldap_password_format', 'string', '${password}'),
|
||||||
array ('ldap_mail_attribute_name', 'string', ''),
|
|
||||||
array ('ldap_admin_binddn', 'string', ''),
|
array ('ldap_admin_binddn', 'string', ''),
|
||||||
array ('ldap_admin_password', 'string', ''),
|
array ('ldap_admin_password', 'string', ''),
|
||||||
|
array ('ldap_userid_search_filter', 'string', '(uid=${userid})'),
|
||||||
|
array ('ldap_userid_search_base', 'string', ''),
|
||||||
|
array ('ldap_mail_attribute_name', 'string', ''),
|
||||||
|
|
||||||
array ('svnrepo_dir', 'string', CODEPOT_DEPOT_DIR.'/svnrepo'),
|
array ('svnrepo_dir', 'string', CODEPOT_DEPOT_DIR.'/svnrepo'),
|
||||||
array ('file_dir', 'string', CODEPOT_DEPOT_DIR.'/files'),
|
array ('file_dir', 'string', CODEPOT_DEPOT_DIR.'/files'),
|
||||||
|
Loading…
Reference in New Issue
Block a user