MDL-9399 auth/ldap: Tighten NTLM AD checks to the appropriate OU
From IƱaki Arenaza...
Right now, if someone logs in via NTLM magic, we don't check if that
user is inside the contexts specified in the LDAP settings. I mean,
if I want to restrict my Moodle site to those users inside a given OU
or subtree of my LDAP directory, with the current code any valid user
in my whole AD domain (and if we are using a GC as the LDAP server,
the whole forest) can log in. We should check that the user is inside
one of the configured contexts before allowing his/her to log in.
Something along the lines of the attached patch could do it.
projects / moodle.git / commit