The PEAR Net_LDAP library is required, package php-net-ldap on Ubuntu.
Searches for users in LDAP by matching nickname to the LDAP field of your
choice.
Enjoy!
Ahoy,
Jason
---
config.php.sample | 13 ++++++++++-
lib/util.php | 63 +++++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 75 insertions(+), 1 deletions(-)
diff --git a/config.php.sample b/config.php.sample
index db1a216..f429112 100644
--- a/config.php.sample
+++ b/config.php.sample
@@ -1,4 +1,4 @@
-<?php
+
/* -*- mode: php -*- */
if (!defined('LACONICA')) { exit(1); }
@@ -142,3 +142,14 @@ $config['sphinx']['port'] = 3312;
# config section for the built-in Facebook application
#$config['facebook']['apikey'] = 'APIKEY';
#$config['facebook']['secret'] = 'SECRET';
+
+# ldap authentication
+# requires PEAR Net_LDAP
+#$config['ldap']['enabled'] = true;
+#$config['ldap']['binddn'] = 'cn=Joe User,ou=Users,dc=example,dc=com';
+#$config['ldap']['bindpw'] = 'sneakret';
+#$config['ldap']['basedn'] = 'dc=example,dc=com';
+#$config['ldap']['host'] = 'ldap.example.com';
+#$config['ldap']['options'] = array('LDAP_OPT_REFERRALS' => 0); #
Windows 2003 will not work without this setting
+# this will match the nickname to the Microsoft Active Directory username,
change to whatever LDAP field you want to match to the laconica nickname
+#$config['ldap']['nickname_field'] = 'SAMAccountName';
diff --git a/lib/util.php b/lib/util.php
index 7518fbf..1537272 100644
--- a/lib/util.php
+++ b/lib/util.php
@@ -535,6 +535,13 @@ function common_check_user($nickname, $password) {
if (is_null($user)) {
return false;
} else {
+ if (common_config('ldap', 'enabled')) {
+ if (common_ldap_check_password($nickname, $password)) {
+ return $user;
+ } else {
+ return false;
+ }
+ }
if (0 == strcmp(common_munge_password($password, $user->id),
$user->password)) {
return $user;
@@ -544,6 +551,62 @@ function common_check_user($nickname, $password) {
}
}
+function common_ldap_check_password($nickname, $password) {
+
+
+ require_once 'Net/LDAP.php';
+
+ $config = array (
+ 'binddn' => common_config('ldap', 'binddn'),
+ 'bindpw' => common_config('ldap', 'bindpw'),
+ 'basedn' => common_config('ldap', 'basedn'),
+ 'host' => common_config('ldap', 'host'),
+ 'options' => common_config('ldap', 'options')
+ );
+
+ $ldap = Net_LDAP::connect($config);
+
+ if (PEAR::isError($ldap)) {
+ common_log(LOG_ERR, 'LDAP failed to connect to ' .
$config[host] . ' LDAP ERROR: ' . $ldap->getMessage());
+ return false;
+ }
+
+ $bind_result = $ldap->bind();
+
+ if (PEAR::isError($bind_result)) {
+ common_log(LOG_ERR, 'LDAP failed to bind. LDAP ERROR: ' .
$ldap->getMessage());
+ return false;
+ }
+
+ $filter =
Net_LDAP_Filter::create(common_config('ldap','nickname_field'), 'equals',
$nickname);
+ $search = $ldap->search(null, $filter, null);
+
+ if (PEAR::isError($search)) {
+ common_log(LOG_ERR, 'LDAP search failed. LDAP ERROR: ' .
$ldap->getMessage());
+ return false;
+ }
+
+ // the search should return one and only one result
+ if ($search->count() != 1) {
+ return false;
+ }
+
+ // rebind to authenticate the password now we know the user exists
+ $entries = $search->entries();
+ $bind_result = $ldap->bind( $entries[0]->dn(), $password);
+
+ if (PEAR::isError($bind_result)) {
+ if ($ldap->getCode() == LDAP_INVALID_CREDENTIALS) {
+ return false;
+ } else {
+ common_log(LOG_ERR, 'LDAP failed to bind as nickname:
' . $nickname . ' Found in ldap as dn ' . $entries[0]->dn() . ' LDAP ERROR: '
. $ldap->getMessage());
+ return false;
+ }
+ } else {
+ return true;
+ }
+}
+
# is the current user logged in?
function common_logged_in() {
return (!is_null(common_current_user()));
--
1.5.4.3
_______________________________________________
Laconica-dev mailing list
[email protected]
http://mail.laconi.ca/mailman/listinfo/laconica-dev
