From: paca70 Date: Thu, 3 Oct 2002 13:45:19 +0000 (+0000) Subject: Initial version of ldap authentication module. It have no config-interface yet. ... X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=fcad13730e308696c895e5636a91c10cfedc16b7;p=moodle.git Initial version of ldap authentication module. It have no config-interface yet. (But it's coming) It contains also experimental auth_get_userinfo() function, what is not used by moodle yet. If you like to try it, create following $CFG variables to /config.php or directly to config-table and activate ldap authentication from admin-configuration page. $CFG->ldap_bind_dn "If your like to use bind-user to search users, specify it here. Someting like 'cn=ldapuser,ou=public,o=org'" $CFG->ldap_bind_pw "Password for bind-user." $CFG->ldap_contexts "List of contexts where users are located. Separate different contexts with ';'. Something like 'ou=users,o=org; ou=other,o=org'" $CFG->ldap_host_url "Specify LDAP host in URL-form like 'ldap://ldap.myorg.com/' or 'ldaps//ldap.myorg.com/' "; $CFG->ldap_search_sub "Put value <> 0 if you like to search users from subcontexts."; $CFG->ldap_user_attribute "What attribute is used to name/search users. Usually 'cn'. "; More configuration optios are coming. This version is tested against Novell E-Directory without SSL and it works fine. --- diff --git a/auth/ldap/lib.php b/auth/ldap/lib.php new file mode 100644 index 0000000000..c8eedf28f2 --- /dev/null +++ b/auth/ldap/lib.php @@ -0,0 +1,167 @@ +ldap_host_url"); + return false ; + } +} + + +function auth_get_userinfo($username){ + global $CFG; + //reads userinformation from ldap and return it in array() + + $result = array(); + $ldap_connection=auth_ldap_connect(); + + $moodleattributes = array(); + // Commented out , does not work (why ?) + //require("$CFG->wwwroot/auth/ldap/attr_mappings.php"); + + $moodleattributes['firstname'] ='givenname'; + $moodleattributes['lastname'] ='sn'; + $moodleattributes['email'] ='mail'; + $moodleattributes['phone1'] ='telephonenumber'; + //$moodleattributes['phone2'] ='facsimiletelephonenumber'; + //$moodleattributes['institution'] ='institution'; + $moodleattributes['department'] ='ou'; + $moodleattributes['address'] ='street'; + $moodleattributes['city'] ='physicaldeliveryofficename'; + //$moodleattributes['country'] ='country'; + $moodleattributes['description'] ='description'; + + $search_attribs = array(); + foreach ($moodleattributes as $key=>$value) { + array_push($search_attribs, $value); + } + + $user_dn = auth_ldap_find_userdn($ldap_connection, $username); + $user_info_result = ldap_read($ldap_connection,$user_dn,"objectClass=*", $search_attribs); + if ($user_info_result) { + $user_entry = ldap_get_entries($ldap_connection, $user_info_result); + foreach ($moodleattributes as $key=>$value){ + if(isset($user_entry[0][$value][0])){ + $result[$key]=$user_entry[0][$value][0]; + } + } + } + @ldap_close($ldap_connection); + + //Hardcoded defaults + if(! isset($result['description'])) { + $result['description'] = "Description"; + } + $result['country']='FI'; + + return $result; +} + +function auth_ldap_connect(){ + //connects to ldap-server + global $CFG; + $result = ldap_connect($CFG->ldap_host_url); + if ($result) { + return $result; + } else { + error("LDAP-module cannot connect to server: $CFG->ldap_host_url"); + return false; + } + +} +function auth_ldap_bind($ldap_connection){ + //makes bind to ldap for searching users + //uses ldap_bind_dn or anonymous bind + global $CFG; + if ($CFG->ldap_bind_dn){ + //bind with search-user + if (!ldap_bind($ldap_connection, $CFG->ldap_bind_dn,$CFG->ldap_bind_pw)){ + error("Error: could not bind ldap with ldap_bind_dn/pw"); + return false; + } + }else{ + //bind anonymously + if ( !ldap_bind($ldap_connection)){ + error("Error: could not bind ldap anonymously"); + return false; + } + } + return true; + +} + +function auth_ldap_find_userdn ($ldap_connection, $username){ + //return dn of username + //like: cn=username,ou=suborg,o=org + //or false if username not found + global $CFG; + //default return value + $ldap_user_dn = FALSE; + + + //$ldap_connection = auth_ldap_connect(); + auth_ldap_bind($ldap_connection); + + //get all contexts and look for first matching user + $ldap_contexts = explode(";",$CFG->ldap_contexts); + + + + + foreach($ldap_contexts as $context) { + $context == trim($context); + //echo ("looking in context:".$context."
"); + //echo ("filter :"."(".$CFG->ldap_user_attribute."=".$username.")". "
"); + + if($CFG->ldap_search_sub){ + //use ldap_search to find first user from subtree + $ldap_result = ldap_search($ldap_connection, $context, "(".$CFG->ldap_user_attribute."=".$username.")"); + } else { + //search only in this context + $ldap_result = ldap_list($ldap_connection, $context, "(".$CFG->ldap_user_attribute."=".$username.")"); + } + + $entry = ldap_first_entry($ldap_connection,$ldap_result); + if ($entry){ + + $ldap_user_dn = ldap_get_dn($ldap_connection, $entry); + break ; + + } + } + return $ldap_user_dn; +} + + + + +?>