[Tikiwiki-cvs/svn] SF.net SVN: tikiwiki:[19831] trunk/lib/auth/ldap.php

[<re...@us...>]

Revision: 19831
          http://tikiwiki.svn.sourceforge.net/tikiwiki/?rev=19831&view=rev
Author:   redflo
Date:     2009-06-27 21:05:45 +0000 (Sat, 27 Jun 2009)

Log Message:
-----------
Fixed group matching that did not work in every case and made ldaps
(ssl) work with non default port. Added support for uri input at host
field

Modified Paths:
--------------
    trunk/lib/auth/ldap.php

Modified: trunk/lib/auth/ldap.php
===================================================================
--- trunk/lib/auth/ldap.php	2009-06-27 10:45:36 UTC (rev 19830)
+++ trunk/lib/auth/ldap.php	2009-06-27 21:05:45 UTC (rev 19831)
@@ -18,7 +18,7 @@
 	// var for ldap configuration parameters
 	protected $options = array(
 		'host' => 'localhost',
-		'port' => 389,
+		'port' => NULL,
 		'version' => 3,
 		'starttls' => false,
 		'ssl'	=> false,
@@ -61,26 +61,35 @@
 		}
 		// Configure the connection
 		
-		// host can be a list of hostnames. If we use ssl, then we have to add ldaps:// to every hostname
+		// host can be a list of hostnames.
+		// It is easier to create URIs because if we use ssl, we have to create a URI
 		if(isset($options['host']) && !empty($options['host'])) {
-			$t=preg_split('#[\s,]#',$options['host']);
-			// print_r($options);
-			if(isset($options['ssl']) && ($options['ssl']=='y' || $options['ssl']===true)) {
-				$this->options['host']=array();
-				foreach($t as $h) {
-					$this->options['host'][]='ldaps://'.$h;
-				}
-				if(!isset($options['port']) || empty($options['port'])) {
-					$this->options['port'] = 636;
-				}
+			$h=$options['host'];
+		} else { // use default
+			$h=$this->options['host'];
+		}
+	
+		$t=preg_split('#[\s,]#',$h);
+		if(isset($options['ssl']) && ($options['ssl']=='y' || $options['ssl']===true)) {
+			$prefix='ldaps://';
+			$port=636;
+		} else {
+			$prefix='ldap://';
+			$port=389;
+		}
+		if(isset($options['port']) && !empty($options['port'])) {
+			$port=intval($options['port']);
+		}
+		$this->options['port']=NULL; // its save to set port in URI
+
+		$this->options['host']=array();
+		foreach($t as $h) {
+			if(preg_match('#^ldaps?://#',$h)) { // entry is already URI
+				$this->options['host'][]=$h;
 			} else {
-				$this->options['host']=$t;
+				$this->options['host'][]=$prefix.$h.':'.$port;
 			}
 		}
-
-		if(isset($options['port']) && !empty($options['port'])) {
-			$this->options['port']=intval($options['port']);
-		}
 		
 		if(isset($options['version']) && !empty($options['version'])) {
 			$this->options['version']=intval($options['version']);
@@ -148,7 +157,6 @@
 			case 'ad': // active directory
 				preg_match_all('/\s*,?dc=\s*([^,]+)/i',$this->options['basedn'],$t);
 				$this->options['binddn'] = $user.'@';
-				// print_r($t[1]);
 				if(isset($t[1]) && is_array($t[1])) {
 					foreach($t[1] as $domainpart) {
 						$this->options['binddn'] .= $domainpart.'.';
@@ -178,7 +186,6 @@
         if ( $countryattr = $prefs['auth_ldap_countryattr'] ) $options['attributes'][] = $countryattr;
         if ( $emailattr = $prefs['auth_ldap_emailattr'] ) $options['attributes'][] = $emailattr;
 */
-// print("<pre>");print_r($options);print("</pre>");
 
 
 		$this->add_log('ldap','Connect Host: '.implode($this->options['host']).'. Binddn: '.
@@ -224,6 +231,7 @@
 			// prepare Search Filter
 			$filter=Net_LDAP2_Filter::create($this->options['userattr'],'equals',$this->options['username']);
 			$searchoptions=array('scope' => $this->options['scope']);
+			$this->add_log('ldap','Searching for user information with filter: '.$filter->asString().' at line '.__LINE__.' in '.__FILE__);
 			$searchresult = $this->ldaplink->search($this->userbase_dn(),$filter,$searchoptions);
 			if(Net_LDAP2::isError($searchresult)) {
 				$this->add_log('ldap','Search failed: '.$searchresult->getMessage().' at line '.__LINE__.' in '.__FILE__);
@@ -269,17 +277,26 @@
 			// get membership from user information
 			
 			$ugi=&$this->user_attributes[$this->options['usergroupattr']];	
-			if(!is_array($ugi)) {
-				$ugi=array($ugi);
-			}
+			if(!empty($ugi)) {
+				
+				if(!is_array($ugi)) {
+					$ugi=array($ugi);
+				}
 
-			foreach($ugi as $g) {
-				$filter2=Net_LDAP2_Filter::create($this->options['groupgroupattr'],'equals',$g);
-				$filter3=Net_LDAP2_Filter::combine('or',array($filter1,$filter2));
+				if(count($ugi)==1) { // one gid
+					$filter3=Net_LDAP2_Filter::create($this->options['groupgroupattr'],'equals',$ugi[0]);
+				} else { // mor gids
+					$filtertmp=array();
+					foreach($ugi as $g) {
+						$filtertmp[]=Net_LDAP2_Filter::create($this->options['groupgroupattr'],'equals',$g);
+					}
+					$filter3=Net_LDAP2_Filter::combine('or',$filtertmp);
+				}
+
+				$filter=Net_LDAP2_Filter::combine('and',array($filter1,$filter3));
+			} else { // User has no group
+				$filter=NULL;
 			}
-
-			$filter=Net_LDAP2_Filter::combine('and',array($filter1,$filter3));
-			
 		} else {
 			// not possible to get groups - return empty array
 			return(array());
@@ -290,6 +307,7 @@
 			return false;
 		}
 
+		$this->add_log('ldap','Searching for group entries with filter: '.$filter->asString().' at line '.__LINE__.' in '.__FILE__);
 		$searchoptions=array('scope' => $this->options['scope']);
 		$searchresult = $this->ldaplink->search($this->groupbase_dn(),$filter,$searchoptions);
 
@@ -305,6 +323,7 @@
 			}
 			$this->groups[$entry->dn()]=$entry->getValues(); // no error checking necessary here
 		}
+		$this->add_log('ldap',count($this->groups).' groups found at line '.__LINE__.' in '.__FILE__);
 
 		return($this->groups);
 


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.