[Phpwiki-talk] Patch for LDAP support

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

On a comment from a Debian user of PHPWiki, I've made some improvements to
the LDAP auth support in PHPWiki.  I'd appreciate it if you could apply the
patch below and let me know that it's in so I can remove the Debian-specific
patch in future versions.

It's some better comments on the LDAP options, and an option to set the
version of the LDAP protocol to use.

---[BEGIN ldap-patch.diff]---

--- phpwiki-1.3.6.orig/lib/WikiUser.php
+++ phpwiki-1.3.6/lib/WikiUser.php
@@ -236,6 +236,7 @@
                 // else try others such as LDAP authentication:
                 if (ALLOW_LDAP_LOGIN && !empty($passwd)) {
                     if ($ldap = ldap_connect(LDAP_AUTH_HOST)) { // must be a valid LDAP server!
+			ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, LDAP_PROTOCOL_VERSION);
                         $r = @ldap_bind($ldap); // this is an anonymous bind
                         $st_search = "uid=$userid";
                         // Need to set the right root search information. see ../index.php
--- phpwiki-1.3.6.orig/index.php
+++ phpwiki-1.3.6/index.php
@@ -399,10 +399,21 @@
 // unless your browser supports cookies.)
 @ini_set('session.use_trans_sid', 0);
 
-// LDAP auth
+// Do we allow users to authenticate via an LDAP server?
 if (!defined('ALLOW_LDAP_LOGIN')) define('ALLOW_LDAP_LOGIN', true and function_exists('ldap_connect'));
+
+// Give a server name to connect to.  Can either be a hostname, or a complete
+// URL to the server (useful if you want to use ldaps or specify a different
+// port number).
 if (!defined('LDAP_AUTH_HOST'))   define('LDAP_AUTH_HOST', 'localhost');
-// Give the right LDAP root search information in the next statement. 
+
+// Which version of the LDAP protocol to use.  The default is 3, the latest,
+// however if you are authenticating against an older LDAP server you may want
+// to set this to 2 instead.
+if (!defined('LDAP_PROTOCOL_VERSION')) define('LDAP_PROTOCOL_VERSION', 3);
+
+// The search base for finding users.  Entries under this DN will be
+// considered while looking for a DN to bind to.
 if (!defined('LDAP_AUTH_SEARCH')) define('LDAP_AUTH_SEARCH', "ou=mycompany.com,o=My Company");
 
 // IMAP auth: check userid/passwords from a imap server, defaults to localhost
---[END ldap-patch.diff]---

- Matt


