// Initialize vars
optional_variable($config->ldap_host_url, "");
optional_variable($config->ldap_contexts, "");
+ optional_variable($config->ldap_user_type, "");
optional_variable($config->ldap_user_attribute, "");
optional_variable($config->ldap_search_sub, "");
optional_variable($config->ldap_bind_dn, "");
</td>
</tr>
-
<tr valign="top" bgcolor="<?php echo $THEME->cellheading2 ?>">
<td align="right"><P>ldap_bind_dn:</td>
<td>
</td>
</tr>
-
<tr>
<td colspan="2">
<h4><?php print_string("auth_ldap_user_settings", "auth") ?> </h4>
</td>
</tr>
+<tr valign="top" bgcolor="<?php echo $THEME->cellheading2 ?>">
+ <td align="right"><P>ldap_user_type:</td>
+ <td>
+ <?php choose_from_menu(auth_ldap_suppported_usertypes(), "ldap_user_type", $config->ldap_user_type, ""); ?>
+ <?php if (isset($err["ldap_user_type"])) formerr($err["ldap_user_type"]); ?>
+ </td>
+ <td>
+ <?php print_string("auth_ldap_user_type","auth") ?>
+ </td>
+</tr>
+
+<tr valign="top" bgcolor="<?php echo $THEME->cellheading2 ?>">
+ <td align="right"><P>ldap_contexts:</td>
+ <td>
+ <input name="ldap_contexts" type="text" size="30" value="<?php echo $config->ldap_contexts?>">
+ <?php if (isset($err["ldap_contexts"])) formerr($err["ldap_contexts"]); ?>
+ </td>
+ <td>
+ <?php print_string("auth_ldap_contexts","auth") ?>
+ </td>
+</tr>
+
+<tr valign="top" bgcolor="<?php echo $THEME->cellheading2 ?>">
+ <td align="right"><P>ldap_search_sub:</td>
+ <td>
+ <input name="ldap_search_sub" type="text" size="1" value="<?php echo $config->ldap_search_sub?>">
+ <?php if (isset($err["ldap_search_sub"])) formerr($err["ldap_search_sub"]); ?>
+ </td>
+ <td>
+ <?php print_string("auth_ldap_search_sub","auth") ?>
+ </td>
+</tr>
+
<tr valign="top" bgcolor="<?php echo $THEME->cellheading2 ?>">
<td align="right"><P>ldap_user_attribute:</td>
</td>
</tr>
-
<tr valign="top" bgcolor="<?php echo $THEME->cellheading2 ?>">
<td align="right"><P>ldap_objectclass:</td>
<td>
</td>
</tr>
-<tr valign="top" bgcolor="<?php echo $THEME->cellheading2 ?>">
- <td align="right"><P>ldap_contexts:</td>
- <td>
- <input name="ldap_contexts" type="text" size="30" value="<?php echo $config->ldap_contexts?>">
- <?php if (isset($err["ldap_contexts"])) formerr($err["ldap_contexts"]); ?>
- </td>
- <td>
- <?php print_string("auth_ldap_contexts","auth") ?>
- </td>
-</tr>
-
-
-<tr valign="top" bgcolor="<?php echo $THEME->cellheading2 ?>">
- <td align="right"><P>ldap_search_sub:</td>
- <td>
- <input name="ldap_search_sub" type="text" size="1" value="<?php echo $config->ldap_search_sub?>">
- <?php if (isset($err["ldap_search_sub"])) formerr($err["ldap_search_sub"]); ?>
- </td>
- <td>
- <?php print_string("auth_ldap_search_sub","auth") ?>
- </td>
-</tr>
<tr>
<td colspan="2">
<h4><?php print_string("forcechangepassword", "auth") ?> </h4>
<?PHP // $Id$
//CHANGELOG:
+//24.09.2004 Lot of changes:
+// -Added usertype configuration, this removes need for separate obejcclass and attributename configuration
+// Overriding values is still supported
+//
//21.09.2004 Added support for multiple ldap-servers.
// Theres no nedd to use auth_ldap_bind,
// Anymore auth_ldap_connect does this for you
function auth_get_userinfo($username){
/// reads userinformation from ldap and return it in array()
global $CFG;
-
+ $ldapconnection=auth_ldap_connect();
$config = (array)$CFG;
$attrmap = auth_ldap_attributes();
-
- $ldapconnection=auth_ldap_connect();
-
+
$result = array();
$search_attribs = array();
$user_dn = auth_ldap_find_userdn($ldapconnection, $username);
- if (empty($CFG->ldap_objectclass)) { // Can't send empty filter
- $CFG->ldap_objectclass="objectClass=*";
- }
-
$user_info_result = ldap_read($ldapconnection,$user_dn,$CFG->ldap_objectclass, $search_attribs);
if ($user_info_result) {
function auth_get_userlist () {
global $CFG;
+ auth_ldap_init();
return auth_ldap_get_userlist("($CFG->ldap_user_attribute=*)");
}
+
function auth_user_exists ($username) {
global $CFG;
+ auth_ldap_init();
//returns true if given usernname exist on ldap
$users = auth_ldap_get_userlist("($CFG->ldap_user_attribute=$username)");
return count($users);
//use auth_user_exists to prevent dublicate usernames
//return true if user is created, false on error
global $CFG;
- $attrmap = auth_ldap_attributes();
$ldapconnection = auth_ldap_connect();
+ $attrmap = auth_ldap_attributes();
$newuser = array();
//returns all userobjects from external database
global $CFG;
- $fresult = array();
$ldapconnection = auth_ldap_connect();
-
- if (empty($CFG->ldap_objectclass)) {
- $CFG->ldap_objectclass="objectClass=*";
- }
+ $fresult = array();
if ($filter=="*") {
$filter = "(&(".$CFG->ldap_user_attribute."=*)(".$CFG->ldap_objectclass."))";
/// max_allowed_packet limit.
global $CFG ;
+ auth_ldap_init();
$ldapusers = auth_get_users();
$usedidnumbers = Array();
//activate new ldap-user after email-address is confirmed
global $CFG;
- $ldapconnect = auth_ldap_connect();
+ $ldapconnection = auth_ldap_connect();
$userdn = auth_ldap_find_userdn($ldapconnection, $username);
$newinfo['loginDisabled']="TRUE";
function auth_iscreator($username=0) {
///if user is member of creator group return true
global $USER , $CFG;
+ auth_ldap_init();
+
if (! $username) {
$username=$USER->username;
}
$user_dn = auth_ldap_find_userdn($ldapconnection, $olduser->username);
- if (empty($CFG->ldap_objectclass)) {
- $CFG->ldap_objectclass="objectClass=*";
- }
-
$user_info_result = ldap_read($ldapconnection,$user_dn,$CFG->ldap_objectclass, $search_attribs);
if ($user_info_result){
//PRIVATE FUNCTIONS starts
//private functions are named as auth_ldap*
+function auth_ldap_suppported_usertypes (){
+// returns array of supported usertypes (schemas)
+// If you like to add our own please name and describe it here
+// And then add case clauses in relevant places in functions
+// iauth_ldap_init, auth_user_create, auth_check_expire, auth_check_grace
+ $types['edir']='Novell Edirectory';
+ $types['posix']='posixAccount (rfc2307)';
+ $types['samba']='sambaSamAccount (v.3.0.7)';
+ $types['ad']='ActiveDirectory';
+ return $types;
+}
+
+function auth_ldap_init () {
+// initializes needed variables
+
+ global $CFG;
+ $default['ldap_objectclass'] = array(
+ 'edir' => 'inetOrgPerson',
+ 'posix' => 'posixAccount',
+ 'samba' => 'sambaSamAccount',
+ 'ad' => 'user',
+ 'default' => '*'
+ );
+ $default['ldap_user_attribute'] = array(
+ 'edir' => 'cn',
+ 'posix' => 'uid',
+ 'samba' => 'uid',
+ 'ad' => 'cn',
+ 'default' => 'cn'
+ );
+ $default['ldap_memberattribute'] = array(
+ 'edir' => 'groupMembership',
+ 'posix' => 'member',
+ 'samba' => 'member',
+ 'ad' => 'member', //is this right?
+ 'default' => 'member'
+ );
+
+ foreach ($default as $key => $value) {
+ //set defaults if overriding fields not set
+ if(empty($CFG->{$key})) {
+ if (!empty($CFG->ldap_user_type) && !empty($default[$key][$CFG->ldap_user_type])) {
+ $CFG->{$key} = $default[$key][$CFG->ldap_user_type];
+ }else {
+ //use defaut value if user_type not set
+ if(!empty($default[$key]['default'])){
+ $CFG->$key = $default[$key][$value]['default'];
+ }else {
+ unset($CFG->$key);
+ }
+ }
+ }
+ }
+ //hack prefix to objectclass
+ if ('objectClass=' != substr($CFG->ldap_objectclass, 0, 12)) {
+ $CFG->ldap_objectclass = 'objectClass='.$CFG->ldap_objectclass;
+ }
+
+ //all chages go in $CFG , no need to return value
+}
+
function auth_ldap_isgroupmember ($username='', $groupdns='') {
// Takes username and groupdn(s) , separated by ;
// Returns true if user is member of any given groups
/// Returns connection result
global $CFG;
+ auth_ldap_init();
$urls = explode(";",$CFG->ldap_host_url);
foreach ($urls as $server){
$ldapconnection = auth_ldap_connect();
- if (empty($CFG->ldap_objectclass)) {
- $CFG->ldap_objectclass="objectClass=*";
- }
-
if ($filter=="*") {
$filter = "(&(".$CFG->ldap_user_attribute."=*)(".$CFG->ldap_objectclass."))";
}
projects / moodle.git / commitdiff