Commit Graph

40 Commits

Author SHA1 Message Date
Scott Shambarger
00683b3ea7 Added TLS client certificate support
Adds configuration for TLS client certificates to secure TLS connection
(requires PHP 7.1+ to use).
Updates use of ldap_set_option to report errors if settings fail.
Modifies connection logic to fail if connection preparation fails
(eg. to avoid connections over insecure links if requested TLS fails).
2021-12-10 15:02:31 +11:00
Scott Shambarger
da69ebf06a Added SASL EXTERNAL authentication support
New auth_type 'sasl_external'.  Login is hard coded as 'external'
2021-12-10 14:59:02 +11:00
Deon George
0c334f0385 Fix for issue #103 - hexdec() causes an deprecation notice when invalid chars are used 2020-09-19 17:09:29 +10:00
Nic Bernstein
f4c8c3d31e SF Bug #1008 getContainerPath doesn't properly traverse to baseDN and back & #1009 - return_ldap_hash should not return container object in result set 2020-08-31 08:49:02 +10:00
sshambar
0fe1758572
Add SASL PLAIN authentication support (#92)
Adds a new sasl mech 'plain' which converts all simple authentication
methods to SASL PLAIN.  NOTE: doesn't use auth_type 'sasl' as
credentials may come from login form, stored in cookies etc...
2020-02-20 09:12:39 +11:00
Noone404
4eb3737d31
Added option to use template string for bind DN (#90)
* Language update from launchpad

* Added login option 'bind_dn_template'
2020-02-20 09:11:17 +11:00
Deon George
29d7d4b2f7 Fixes #31 - Glue entries are not browsable through phpldapadmin 2019-04-19 21:01:02 +10:00
Deon George
c494078550 Closes pull request #22 and fixes #18 - preg_replace_callback changes 2019-04-19 20:08:53 +10:00
gulikoza
0b8375fd2a Add additional check that full dn has been entered on login.
Fixes 'invalid dn syntax (34) for user' error when fallback_dn set and username was not found while trying to use it as dn.
2016-01-24 11:52:21 +01:00
Ben Chavet
5a7edc892f Use preg_replace_callback instead of /e in preg_replace to fix E_DEPRECATED warnings 2014-05-29 18:57:44 +00:00
Roland Gruber
c4b6695beb SF Bug #3448530 - Treat krbExtraData and krbPrincipalKey as binary 2012-09-04 15:09:24 +10:00
Deon George
696c266eee Additional fix for SF Feature #3387473 2011-10-27 12:55:24 +11:00
Caleb Callaway
2d018aad7b SF Feature #3387473 - Support for schema discovery using OpenLDAP's cn=config DN 2011-10-13 08:18:10 +11:00
Deon George
1e1fcabb3d SF Bug #3398344 - Import LDIF overwrites entries 2011-10-06 14:29:35 +11:00
Deon George
80d027d569 SF Bug #3373466 - Unable to define force_may attributes 2011-09-08 22:30:35 +10:00
Deon George
446faf78fb FIX SASL configuration example 2011-06-21 13:45:19 +10:00
Deon George
afa4a95b37 Fix SASL implementation - enabled GSSAPI 2011-06-20 20:34:55 +10:00
Deon George
be623ce3f5 SF Bug #3136564 - Undefined variable: result (E_NOTICE) 2011-04-26 11:40:35 +10:00
Dan Duvall
b3874bf958 Implemented better SASL/GSSAPI authentication.
Implemented a 'sasl' auth_type for better control over authentication
flow specific to SASL.

Implemented 'sasl_dn_regex' and 'sasl_dn_replacement' config variables
for mapping from a SASL authentication ID to a bind DN, a necessary step
when using GSSAPI/Kerberos where there is no explicit bind DN provided.

Fixed setting of Kerberos credentials cache location in environment
variable. The location is derived from either an already set
environement variable or the SERVER variable set by the Apache
mod_auth_kerb module.
See http://modauthkerb.sourceforge.net/configure.html
2010-11-16 22:14:24 +11:00
Deon George
4598d3ae39 SF Patch #2919169 - SASL bind 2010-01-30 14:57:10 +11:00
Deon George
f8cacb7dd0 Change default size_limit to 0, enabled setting of time_limit (default 0) 2009-11-21 10:36:23 +11:00
Ethan Moore
259179a1b3 Enable SASL (GSSAPI) 2009-08-29 12:19:10 +10:00
Deon George
c69cd68fcb SF Bug #2828378 - fallback_dn config option no longer works in 1.2.0 2009-08-29 00:11:23 +10:00
Deon George
9cb27e3a70 Miscellaneous minor updates 2009-08-29 00:11:23 +10:00
Deon George
bdb423d0d3 SF Bug #2844186 - fail to add and edit entries (delete work fine) 2009-08-28 16:31:19 +10:00
Deon George
356f319291 Fix up calls with ldap_read 2009-08-21 18:32:52 +10:00
Deon George
6e6a7a6e4e Multiple fixes, changes and enhancements
* mass edit selection,
* child search during edit,
* attr login with bind_id,
* performance fix broke ldapservers that dont have havesubordinate attrs),
* enable "login,class",
* enable "login,base".
2009-08-21 15:02:12 +10:00
Deon George
95aedef718 Remove CVS tags 2009-08-20 12:25:48 +10:00
Deon George
5669c92371 Improvements to debug_log 2009-08-19 13:39:37 +10:00
Deon George
df404d435a login,attr only applies to user sessions 2009-08-17 10:46:22 +10:00
Deon George
9eca46d0cc Fixed display of Windows AD binary attributes 2009-08-13 21:39:43 +10:00
Deon George
cc3b67b71a More login processing fixes 2009-08-12 23:54:01 +10:00
Deon George
fb48055d2d Fix for when method supplies null for login details 2009-07-27 19:17:40 +10:00
Deon George
7dd52f8219 More issues for anon login to LDAP server to get user details 2009-07-27 17:19:53 +10:00
Deon George
196aa00218 Fix for when a root_dse query doesnt return any results 2009-07-26 01:21:23 +10:00
Deon George
bbe87c6e2f SF Bug #2820854 - ldap_first_attribute error 2009-07-14 19:07:43 +10:00
Deon George
45ca83411f Fix: Setting to null after getting the error messages 2009-07-12 23:49:39 +10:00
Deon George
57d405fe3b SF Feature #2073323 - Using Single Sign On authentication 2009-07-12 12:01:59 +10:00
Deon George
4eed1d8982 Enabled HTTP auth 2009-07-11 10:18:48 +10:00
Deon George
ea17aadef4 Latest SANDPIT - MERGE from CVS (MERGE-GIT) 2009-07-01 16:09:17 +10:00