From 74e85a7722baa45fb629bfa9cfbba7a10d4876a3 Mon Sep 17 00:00:00 2001 From: Olav Morken <olav.morken@uninett.no> Date: Tue, 17 Mar 2009 08:05:15 +0000 Subject: [PATCH] ldap:LDAPMulti: Add support for including the organization as part of the username. This commit introduces a new configuration option for LDAPMulti authentication sources (include_organization_in_username). When this option is set to TRUE, the organization will be appended to the username. git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1412 44740490-163a-0410-bde0-09ae8108e29a --- config-templates/authsources.php | 10 ++++++++++ modules/ldap/docs/ldap.txt | 10 ++++++++++ modules/ldap/lib/Auth/Source/LDAPMulti.php | 15 +++++++++++++++ 3 files changed, 35 insertions(+) diff --git a/config-templates/authsources.php b/config-templates/authsources.php index 62cf02864..1ecc707eb 100644 --- a/config-templates/authsources.php +++ b/config-templates/authsources.php @@ -133,6 +133,16 @@ $config = array( */ 'username_organization_method' => 'none', + /* + * Whether the organization should be included as part of the username + * when authenticating. If this is set to TRUE, the username will be on + * the form <username>@<organization identifier>. If this is FALSE, the + * username will be used as the user enters it. + * + * The default is FALSE. + */ + 'include_organization_in_username' => FALSE, + /* * A list of available LDAP servers. * diff --git a/modules/ldap/docs/ldap.txt b/modules/ldap/docs/ldap.txt index 3caa9cc4a..cd4bb5bca 100644 --- a/modules/ldap/docs/ldap.txt +++ b/modules/ldap/docs/ldap.txt @@ -131,6 +131,16 @@ and add an entry which uses this module: */ 'username_organization_method' => 'none', + /* + * Whether the organization should be included as part of the username + * when authenticating. If this is set to TRUE, the username will be on + * the form <username>@<organization identifier>. If this is FALSE, the + * username will be used as the user enters it. + * + * The default is FALSE. + */ + 'include_organization_in_username' => FALSE, + /* * A list of available LDAP servers. * diff --git a/modules/ldap/lib/Auth/Source/LDAPMulti.php b/modules/ldap/lib/Auth/Source/LDAPMulti.php index 4c56749f5..45356946b 100644 --- a/modules/ldap/lib/Auth/Source/LDAPMulti.php +++ b/modules/ldap/lib/Auth/Source/LDAPMulti.php @@ -23,6 +23,11 @@ class sspmod_ldap_Auth_Source_LDAPMulti extends sspmod_core_Auth_UserPassOrgBase */ private $ldapOrgs; + /** + * Whether we should include the organization as part of the username. + */ + private $includeOrgInUsername; + /** * Constructor for this authentication source. @@ -53,6 +58,12 @@ class sspmod_ldap_Auth_Source_LDAPMulti extends sspmod_core_Auth_UserPassOrgBase continue; } + if ($name === 'include_organization_in_username') { + $this->includeOrgInUsername = $cfgHelper->getBoolean( + 'include_organization_in_username', FALSE); + continue; + } + $orgCfg = $cfgHelper->getArray($name); $orgId = $name; @@ -91,6 +102,10 @@ class sspmod_ldap_Auth_Source_LDAPMulti extends sspmod_core_Auth_UserPassOrgBase throw new SimpleSAML_Error_Error('WRONGUSERPASS'); } + if ($this->includeOrgInUsername) { + $username = $username . '@' . $org; + } + return $this->ldapOrgs[$org]->login($username, $password); } -- GitLab