[MediaWiki-commits] [Gerrit] Prevent searching for AD groups for no AD LDAP - change (mediawiki...LdapAuthentication)

Tue, 28 May 2013 18:59:56 -0700 

Peterbruin has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/65865


Change subject: Prevent searching for AD groups for no AD LDAP
......................................................................

Prevent searching for AD groups for no AD LDAP

Searching non AD LDAP domains for AD groups will result in many entries
in the error.log. A new setting has been added to make it easier to
differentiate between AD and posix LDAP. Default is AD to make sure
currently functionality is not changed and ensure save upgrade.

Example usage:
$wgLDAPActiveDirectory = array(
    'testADLDAPDomain' => true, 'testPosixLDAPDomain' => false
);

Change-Id: Id7eb016a3c105fa9e08592f876bd5a8726416b68
---
M LdapAuthentication.php
1 file changed, 6 insertions(+), 3 deletions(-)


  git pull 
ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/LdapAuthentication 
refs/changes/65/65865/1

diff --git a/LdapAuthentication.php b/LdapAuthentication.php
index 084fe2d..39e7c2c 100644
--- a/LdapAuthentication.php
+++ b/LdapAuthentication.php
@@ -73,8 +73,9 @@
 $wgLDAPAutoAuthUsername = "";
 $wgLDAPAutoAuthDomain = "";
 $wgPasswordResetRoutes['domain'] = true;
+$wgLDAPActiveDirectory = array();
 
-define( "LDAPAUTHVERSION", "2.0d" );
+define( "LDAPAUTHVERSION", "2.0e" );
 
 /**
  * Add extension information to Special:Version
@@ -466,6 +467,9 @@
                case 'AutoAuthDomain':
                        global $wgLDAPAutoAuthDomain;
                        return $wgLDAPAutoAuthDomain;
+               case 'ActiveDirectory':
+                       global $wgLDAPActiveDirectory;
+                       return self::setOrDefault( $wgLDAPActiveDirectory, 
$domain, true );
                }
                return '';
        }
@@ -1694,8 +1698,7 @@
                $groups = array( "short" => array(), "dn" => array() );
 
                // AD does not include the primary group in the list of groups, 
we have to find it ourselves.
-               // TODO: find a way to only do this search for AD domains.
-               if ( $dn != "*" ) {
+               if ( $dn != "*" && $this->getConf('ActiveDirectory')) {
                        $PGfilter = 
"(&(distinguishedName=$value)(objectclass=user))";
                        $this->printDebug( "User Filter: $PGfilter", SENSITIVE 
);
                        $PGinfo = LdapAuthenticationPlugin::ldap_search( 
$this->ldapconn, $base, $PGfilter );

-- 
To view, visit https://gerrit.wikimedia.org/r/65865
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Id7eb016a3c105fa9e08592f876bd5a8726416b68
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/LdapAuthentication
Gerrit-Branch: master
Gerrit-Owner: Peterbruin <pe...@bruin.sg>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to