Added option to use template string for bind DN (#90)

* Language update from launchpad

* Added login option 'bind_dn_template'
This commit is contained in:
Noone404 2020-02-19 23:11:17 +01:00 committed by GitHub
parent cbdc0dacd6
commit 4eb3737d31
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 21 additions and 2 deletions

View File

@ -400,6 +400,12 @@ $servers->setValue('server','name','My LDAP Server');
setup. */ setup. */
// $servers->setValue('login','class',array()); // $servers->setValue('login','class',array());
/* If login_attr was set to 'dn', it is possible to specify a template string to
build the DN from. Use '%s' where user input should be inserted. A user may
still enter the complete DN. In this case the template will not be used. */
// $servers->setValue('login','bind_dn_template',null);
# $servers->setValue('login','bind_dn_template','cn=%s,ou=people,dc=example,dc=com');
/* If you specified something different from 'dn', for example 'uid', as the /* If you specified something different from 'dn', for example 'uid', as the
login_attr above, you can optionally specify here to fall back to login_attr above, you can optionally specify here to fall back to
authentication with dn. authentication with dn.

View File

@ -80,7 +80,7 @@ if ($app['server']->getAuthType() == 'http') {
printf('<tr><td><b>%s:</b></td></tr>', printf('<tr><td><b>%s:</b></td></tr>',
$app['server']->getValue('login','auth_text') ? $app['server']->getValue('login','auth_text') : $app['server']->getValue('login','auth_text') ? $app['server']->getValue('login','auth_text') :
($app['server']->getValue('login','attr') == 'dn' ? _('Login DN') : $_SESSION[APPCONFIG]->getFriendlyName($app['server']->getValue('login','attr')))); ($app['server']->getValue('login','attr') == 'dn' ? ($app['server']->getValue('login', 'bind_dn_template') ? _('User Name') . ' / ' . _('Login DN') : _('Login DN')) : $_SESSION[APPCONFIG]->getFriendlyName($app['server']->getValue('login','attr'))));
printf('<tr><td><input type="text" id="login" name="login" size="40" value="%s" /></td></tr>', printf('<tr><td><input type="text" id="login" name="login" size="40" value="%s" /></td></tr>',
$app['server']->getValue('login','attr',false) == 'dn' ? $app['server']->getValue('login','bind_id') : ''); $app['server']->getValue('login','attr',false) == 'dn' ? $app['server']->getValue('login','bind_id') : '');

View File

@ -574,6 +574,10 @@ class Datastore {
'desc'=>'User Login ID to bind to this DS', 'desc'=>'User Login ID to bind to this DS',
'default'=>null); 'default'=>null);
$this->default->login['bind_dn_template'] = array(
'desc'=>'Template string for user login DN to bind to this DS. Use \'%s\' where user input should be inserted.',
'default'=>null);
$this->default->login['bind_pass'] = array( $this->default->login['bind_pass'] = array(
'desc'=>'User Login Password to bind to this DS', 'desc'=>'User Login Password to bind to this DS',
'default'=>null); 'default'=>null);

View File

@ -255,7 +255,7 @@ class ldap extends DS {
if (! is_null($user)) { if (! is_null($user)) {
# If login,attr is set to DN, then user should be a DN # If login,attr is set to DN, then user should be a DN
if (($this->getValue('login','attr') == 'dn') || $method != 'user') if (($this->getValue('login','attr') == 'dn') || $method != 'user')
$userDN = $user; $userDN = $this->getValue('login', 'bind_dn_template') ? $this->fillDNTemplate($user) : $user;
else else
$userDN = $this->getLoginID($user,'login'); $userDN = $this->getLoginID($user,'login');
@ -512,6 +512,15 @@ class ldap extends DS {
return $this->getBaseDN(); return $this->getBaseDN();
} }
private function fillDNTemplate($user) {
foreach($this->getLoginBaseDN() as $base)
if(substr_compare($user, $base, -strlen($base)) === 0)
return $user; // $user already passed as DN
// fill template
return sprintf($this->getValue('login', 'bind_dn_template'), preg_replace('/([,\\\\#+<>;"=])/', '\\\\$1', $user));
}
/** /**
* Return the login classes that a user must have to login * Return the login classes that a user must have to login
*/ */

Binary file not shown.