added ldap_auth_mode, lda_userid_search_filter, ldap_userid_search_base
This commit is contained in:
parent
103e2ce6b4
commit
265bd059fc
@ -24,14 +24,27 @@ database_prefix = ""
|
||||
; The userid format and the password format can contain
|
||||
; ${userid} and ${password} to represent the actual user ID
|
||||
; and the password respectively.
|
||||
;
|
||||
; If ldap_auth_mode is 1, authentication is performed by binding to
|
||||
; a LDAP server specified using ldap_userid_format as a binddn and
|
||||
; ldap_password_format as a password.
|
||||
;
|
||||
; If ldap_auth_mode is 2, it finds a binddn by searching a subtree
|
||||
; under ldap_userid_search_base using ldap_userid_search_filter
|
||||
; after having bound with ldap_admin_binddn and ldap_admin_password.
|
||||
; The binddn found is used for subsequent binding for authentication.
|
||||
; ldap_userid_format is unused in this mode.
|
||||
;------------------------------------------------------------------------------
|
||||
ldap_server_uri = "ldap://127.0.0.1:389"
|
||||
ldap_server_protocol_version = "3"
|
||||
ldap_userid_format = "${userid}"
|
||||
ldap_auth_mode 1
|
||||
ldap_userid_format = "cn=${userid},ou=users,dc=codepot,dc=org"
|
||||
ldap_password_format = "${password}"
|
||||
ldap_admin_binddn = "cn=admin,dc=codepot,dc=org"
|
||||
ldap_admin_password = "admin-password"
|
||||
ldap_userid_search_filter = "(uid=${userid})"
|
||||
ldap_userid_search_base = "ou=users,dc=codepot,dc=org"
|
||||
ldap_mail_attribute_name = ""
|
||||
ldap_admin_binddn = ""
|
||||
ldap_admin_password = ""
|
||||
|
||||
;------------------------------------------------------------------------------
|
||||
; default langage to use. set it to 'auto' to detect it automatically.
|
||||
@ -40,7 +53,6 @@ ldap_admin_password = ""
|
||||
;------------------------------------------------------------------------------
|
||||
language = "auto"
|
||||
|
||||
|
||||
;------------------------------------------------------------------------------
|
||||
; Name of the index page. If you want to hide the index page name from
|
||||
; the URL by rewriting it (e.g. mod_rewrite), you have to change this
|
||||
|
@ -24,7 +24,57 @@ class LdapLoginModel extends LoginModel
|
||||
ldap_set_option ($ldap, LDAP_OPT_PROTOCOL_VERSION, CODEPOT_LDAP_SERVER_PROTOCOL_VERSION);
|
||||
}
|
||||
|
||||
if (CODEPOT_LDAP_AUTH_MODE == 2)
|
||||
{
|
||||
$f_rootdn = $this->formatString (CODEPOT_LDAP_ADMIN_BINDDN, $userid, $password);
|
||||
$f_rootpw = $this->formatString (CODEPOT_LDAP_ADMIN_PASSWORD, $userid, $password);
|
||||
$f_basedn = $this->formatString (CODEPOT_LDAP_USERID_SEARCH_BASE, $userid, $password);
|
||||
$f_filter = $this->formatString (CODEPOT_LDAP_USERID_SEARCH_FILTER, $userid, $password);
|
||||
|
||||
$bind = @ldap_bind ($ldap, $f_userid, $f_password);
|
||||
if ($bind === FALSE)
|
||||
{
|
||||
$this->setErrorMessage (ldap_error ($ldap));
|
||||
ldap_close ($ldap);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
$sr = @ldap_search ($ldap, $f_basedn, $f_filter, array("dn"));
|
||||
if ($sr === FALSE)
|
||||
{
|
||||
$this->setErrorMessage (ldap_error ($ldap));
|
||||
ldap_close ($ldap);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
$ec = @ldap_count_entries ($ldap, $sr);
|
||||
if ($ec === FALSE)
|
||||
{
|
||||
$this->setErrorMessage (ldap_error ($ldap));
|
||||
ldap_close ($ldap);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
if ($ec <= 0)
|
||||
{
|
||||
$this->setErrorMessage ('No such user');
|
||||
ldap_close ($ldap);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
if (($fe = @ldap_first_entry ($ldap, $sr)) === FALSE ||
|
||||
($f_userid = ldap_get_dn ($ldap, $fe)) === FALSE)
|
||||
{
|
||||
$this->setErrorMessage (ldap_error ($ldap));
|
||||
ldap_close ($ldap);
|
||||
return FALSE;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
$f_userid = $this->formatString (CODEPOT_LDAP_USERID_FORMAT, $userid, $password);
|
||||
}
|
||||
|
||||
$f_password = $this->formatString (CODEPOT_LDAP_PASSWORD_FORMAT, $userid, $password);
|
||||
|
||||
$bind = @ldap_bind ($ldap, $f_userid, $f_password);
|
||||
|
@ -58,11 +58,14 @@ function load_ini ($file)
|
||||
|
||||
array ('ldap_server_uri', 'string', 'ldap://127.0.0.1:389'),
|
||||
array ('ldap_server_protocol_version', 'integer', 3),
|
||||
array ('ldap_auth_mode', 'integer', 1),
|
||||
array ('ldap_userid_format', 'string', '${userid}'),
|
||||
array ('ldap_password_format', 'string', '${password}'),
|
||||
array ('ldap_mail_attribute_name', 'string', ''),
|
||||
array ('ldap_admin_binddn', 'string', ''),
|
||||
array ('ldap_admin_password', 'string', ''),
|
||||
array ('ldap_userid_search_filter', 'string', '(uid=${userid})'),
|
||||
array ('ldap_userid_search_base', 'string', ''),
|
||||
array ('ldap_mail_attribute_name', 'string', ''),
|
||||
|
||||
array ('svnrepo_dir', 'string', CODEPOT_DEPOT_DIR.'/svnrepo'),
|
||||
array ('file_dir', 'string', CODEPOT_DEPOT_DIR.'/files'),
|
||||
|
Loading…
Reference in New Issue
Block a user