added ldap_auth_mode, lda_userid_search_filter, ldap_userid_search_base

This commit is contained in:
hyung-hwan 2011-09-15 14:24:54 +00:00
parent 103e2ce6b4
commit 265bd059fc
3 changed files with 71 additions and 6 deletions

View File

@ -24,14 +24,27 @@ database_prefix = ""
; The userid format and the password format can contain ; The userid format and the password format can contain
; ${userid} and ${password} to represent the actual user ID ; ${userid} and ${password} to represent the actual user ID
; and the password respectively. ; and the password respectively.
;
; If ldap_auth_mode is 1, authentication is performed by binding to
; a LDAP server specified using ldap_userid_format as a binddn and
; ldap_password_format as a password.
;
; If ldap_auth_mode is 2, it finds a binddn by searching a subtree
; under ldap_userid_search_base using ldap_userid_search_filter
; after having bound with ldap_admin_binddn and ldap_admin_password.
; The binddn found is used for subsequent binding for authentication.
; ldap_userid_format is unused in this mode.
;------------------------------------------------------------------------------ ;------------------------------------------------------------------------------
ldap_server_uri = "ldap://127.0.0.1:389" ldap_server_uri = "ldap://127.0.0.1:389"
ldap_server_protocol_version = "3" ldap_server_protocol_version = "3"
ldap_userid_format = "${userid}" ldap_auth_mode 1
ldap_userid_format = "cn=${userid},ou=users,dc=codepot,dc=org"
ldap_password_format = "${password}" ldap_password_format = "${password}"
ldap_admin_binddn = "cn=admin,dc=codepot,dc=org"
ldap_admin_password = "admin-password"
ldap_userid_search_filter = "(uid=${userid})"
ldap_userid_search_base = "ou=users,dc=codepot,dc=org"
ldap_mail_attribute_name = "" ldap_mail_attribute_name = ""
ldap_admin_binddn = ""
ldap_admin_password = ""
;------------------------------------------------------------------------------ ;------------------------------------------------------------------------------
; default langage to use. set it to 'auto' to detect it automatically. ; default langage to use. set it to 'auto' to detect it automatically.
@ -40,7 +53,6 @@ ldap_admin_password = ""
;------------------------------------------------------------------------------ ;------------------------------------------------------------------------------
language = "auto" language = "auto"
;------------------------------------------------------------------------------ ;------------------------------------------------------------------------------
; Name of the index page. If you want to hide the index page name from ; Name of the index page. If you want to hide the index page name from
; the URL by rewriting it (e.g. mod_rewrite), you have to change this ; the URL by rewriting it (e.g. mod_rewrite), you have to change this

View File

@ -24,7 +24,57 @@ class LdapLoginModel extends LoginModel
ldap_set_option ($ldap, LDAP_OPT_PROTOCOL_VERSION, CODEPOT_LDAP_SERVER_PROTOCOL_VERSION); ldap_set_option ($ldap, LDAP_OPT_PROTOCOL_VERSION, CODEPOT_LDAP_SERVER_PROTOCOL_VERSION);
} }
if (CODEPOT_LDAP_AUTH_MODE == 2)
{
$f_rootdn = $this->formatString (CODEPOT_LDAP_ADMIN_BINDDN, $userid, $password);
$f_rootpw = $this->formatString (CODEPOT_LDAP_ADMIN_PASSWORD, $userid, $password);
$f_basedn = $this->formatString (CODEPOT_LDAP_USERID_SEARCH_BASE, $userid, $password);
$f_filter = $this->formatString (CODEPOT_LDAP_USERID_SEARCH_FILTER, $userid, $password);
$bind = @ldap_bind ($ldap, $f_userid, $f_password);
if ($bind === FALSE)
{
$this->setErrorMessage (ldap_error ($ldap));
ldap_close ($ldap);
return FALSE;
}
$sr = @ldap_search ($ldap, $f_basedn, $f_filter, array("dn"));
if ($sr === FALSE)
{
$this->setErrorMessage (ldap_error ($ldap));
ldap_close ($ldap);
return FALSE;
}
$ec = @ldap_count_entries ($ldap, $sr);
if ($ec === FALSE)
{
$this->setErrorMessage (ldap_error ($ldap));
ldap_close ($ldap);
return FALSE;
}
if ($ec <= 0)
{
$this->setErrorMessage ('No such user');
ldap_close ($ldap);
return FALSE;
}
if (($fe = @ldap_first_entry ($ldap, $sr)) === FALSE ||
($f_userid = ldap_get_dn ($ldap, $fe)) === FALSE)
{
$this->setErrorMessage (ldap_error ($ldap));
ldap_close ($ldap);
return FALSE;
}
}
else
{
$f_userid = $this->formatString (CODEPOT_LDAP_USERID_FORMAT, $userid, $password); $f_userid = $this->formatString (CODEPOT_LDAP_USERID_FORMAT, $userid, $password);
}
$f_password = $this->formatString (CODEPOT_LDAP_PASSWORD_FORMAT, $userid, $password); $f_password = $this->formatString (CODEPOT_LDAP_PASSWORD_FORMAT, $userid, $password);
$bind = @ldap_bind ($ldap, $f_userid, $f_password); $bind = @ldap_bind ($ldap, $f_userid, $f_password);

View File

@ -58,11 +58,14 @@ function load_ini ($file)
array ('ldap_server_uri', 'string', 'ldap://127.0.0.1:389'), array ('ldap_server_uri', 'string', 'ldap://127.0.0.1:389'),
array ('ldap_server_protocol_version', 'integer', 3), array ('ldap_server_protocol_version', 'integer', 3),
array ('ldap_auth_mode', 'integer', 1),
array ('ldap_userid_format', 'string', '${userid}'), array ('ldap_userid_format', 'string', '${userid}'),
array ('ldap_password_format', 'string', '${password}'), array ('ldap_password_format', 'string', '${password}'),
array ('ldap_mail_attribute_name', 'string', ''),
array ('ldap_admin_binddn', 'string', ''), array ('ldap_admin_binddn', 'string', ''),
array ('ldap_admin_password', 'string', ''), array ('ldap_admin_password', 'string', ''),
array ('ldap_userid_search_filter', 'string', '(uid=${userid})'),
array ('ldap_userid_search_base', 'string', ''),
array ('ldap_mail_attribute_name', 'string', ''),
array ('svnrepo_dir', 'string', CODEPOT_DEPOT_DIR.'/svnrepo'), array ('svnrepo_dir', 'string', CODEPOT_DEPOT_DIR.'/svnrepo'),
array ('file_dir', 'string', CODEPOT_DEPOT_DIR.'/files'), array ('file_dir', 'string', CODEPOT_DEPOT_DIR.'/files'),