Duck has uploaded a new change for review. (
https://gerrit.wikimedia.org/r/365690 )
Change subject: Added option to also search for POSIX primary group
......................................................................
Added option to also search for POSIX primary group
Change-Id: Icedf9774d458fc786a5bdd387ec9c0989e393050
---
M LdapAuthentication.php
M LdapAuthenticationPlugin.php
2 files changed, 26 insertions(+), 0 deletions(-)
git pull
ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/LdapAuthentication
refs/changes/90/365690/1
diff --git a/LdapAuthentication.php b/LdapAuthentication.php
index 562eb2a..54fcfc6 100644
--- a/LdapAuthentication.php
+++ b/LdapAuthentication.php
@@ -77,6 +77,7 @@
$wgLDAPAutoAuthDomain = "";
$wgPasswordResetRoutes['domain'] = true;
$wgLDAPActiveDirectory = [];
+$wgLDAPGroupSearchPosixPrimaryGroup = false;
define( "LDAPAUTHVERSION", "2.1.0" );
diff --git a/LdapAuthenticationPlugin.php b/LdapAuthenticationPlugin.php
index b92f2b4..f93acdf 100644
--- a/LdapAuthenticationPlugin.php
+++ b/LdapAuthenticationPlugin.php
@@ -443,6 +443,9 @@
case 'ActiveDirectory':
global $wgLDAPActiveDirectory;
return self::setOrDefault( $wgLDAPActiveDirectory,
$domain, false );
+ case 'GroupSearchPosixPrimaryGroup':
+ global $wgLDAPGroupSearchPosixPrimaryGroup;
+ return self::setOrDefault(
$wgLDAPGroupSearchPosixPrimaryGroup, $domain, false );
}
return '';
}
@@ -1685,6 +1688,28 @@
);
}
}
+
+ if ( $this->getConf( 'GroupSearchPosixPrimaryGroup' ) )
{
+ if ( !$this->getUserInfo() ) {
+ $this->printDebug( "Couldn't get the
user's entry.", NONSENSITIVE );
+ } else if ( isset(
$this->userInfo[0]["gidnumber"] ) ) {
+ $base = $this->getBaseDN( GROUPDN );
+ $objectclass = $this->getConf(
'GroupObjectclass' );
+ $filter = "(&(objectClass=" .
$objectclass . ")(gidNumber=" . $this->userInfo[0]["gidnumber"][0] . "))";
+ $info =
LdapAuthenticationPlugin::ldap_search( $this->ldapconn, $base, $filter );
+ $entries =
LdapAuthenticationPlugin::ldap_get_entries( $this->ldapconn, $info );
+ if ( empty( $entries[0] ) ) {
+ $this->printDebug( "Couldn't
get the user's primary group.", NONSENSITIVE );
+ } else {
+ $primary_group_dn = strtolower(
$entries[0]["dn"] );
+ $this->printDebug( "Got the
user's primary group:", SENSITIVE, $primary_group_dn );
+ $this->userLDAPGroups["dn"][] =
$primary_group_dn;
+ $nameattribute = strtolower(
$this->getConf( 'GroupNameAttribute' ) );
+
$this->userLDAPGroups["short"][] = $entries[0][$nameattribute][0];
+ }
+ }
+ }
+
// Only find all groups if the user has any groups;
otherwise, we are
// just wasting a search.
if ( $this->getConf( 'GroupsPrevail' ) && count(
$this->userLDAPGroups ) != 0 ) {
--
To view, visit https://gerrit.wikimedia.org/r/365690
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Icedf9774d458fc786a5bdd387ec9c0989e393050
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/LdapAuthentication
Gerrit-Branch: master
Gerrit-Owner: Duck <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
