From 74e85a7722baa45fb629bfa9cfbba7a10d4876a3 Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Tue, 17 Mar 2009 08:05:15 +0000
Subject: [PATCH] ldap:LDAPMulti: Add support for including the organization as
 part of the username.

This commit introduces a new configuration option for LDAPMulti authentication
sources (include_organization_in_username). When this option is set to TRUE,
the organization will be appended to the username.


git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1412 44740490-163a-0410-bde0-09ae8108e29a
---
 config-templates/authsources.php           | 10 ++++++++++
 modules/ldap/docs/ldap.txt                 | 10 ++++++++++
 modules/ldap/lib/Auth/Source/LDAPMulti.php | 15 +++++++++++++++
 3 files changed, 35 insertions(+)

diff --git a/config-templates/authsources.php b/config-templates/authsources.php
index 62cf02864..1ecc707eb 100644
--- a/config-templates/authsources.php
+++ b/config-templates/authsources.php
@@ -133,6 +133,16 @@ $config = array(
 		 */
 		'username_organization_method' => 'none',
 
+		/*
+		 * Whether the organization should be included as part of the username
+		 * when authenticating. If this is set to TRUE, the username will be on
+		 * the form <username>@<organization identifier>. If this is FALSE, the
+		 * username will be used as the user enters it.
+		 *
+		 * The default is FALSE.
+		 */
+		'include_organization_in_username' => FALSE,
+
 		/*
 		 * A list of available LDAP servers.
 		 *
diff --git a/modules/ldap/docs/ldap.txt b/modules/ldap/docs/ldap.txt
index 3caa9cc4a..cd4bb5bca 100644
--- a/modules/ldap/docs/ldap.txt
+++ b/modules/ldap/docs/ldap.txt
@@ -131,6 +131,16 @@ and add an entry which uses this module:
 		 */
 		'username_organization_method' => 'none',
 
+		/*
+		 * Whether the organization should be included as part of the username
+		 * when authenticating. If this is set to TRUE, the username will be on
+		 * the form <username>@<organization identifier>. If this is FALSE, the
+		 * username will be used as the user enters it.
+		 *
+		 * The default is FALSE.
+		 */
+		'include_organization_in_username' => FALSE,
+
 		/*
 		 * A list of available LDAP servers.
 		 *
diff --git a/modules/ldap/lib/Auth/Source/LDAPMulti.php b/modules/ldap/lib/Auth/Source/LDAPMulti.php
index 4c56749f5..45356946b 100644
--- a/modules/ldap/lib/Auth/Source/LDAPMulti.php
+++ b/modules/ldap/lib/Auth/Source/LDAPMulti.php
@@ -23,6 +23,11 @@ class sspmod_ldap_Auth_Source_LDAPMulti extends sspmod_core_Auth_UserPassOrgBase
 	 */
 	private $ldapOrgs;
 
+	/**
+	 * Whether we should include the organization as part of the username.
+	 */
+	private $includeOrgInUsername;
+
 
 	/**
 	 * Constructor for this authentication source.
@@ -53,6 +58,12 @@ class sspmod_ldap_Auth_Source_LDAPMulti extends sspmod_core_Auth_UserPassOrgBase
 				continue;
 			}
 
+			if ($name === 'include_organization_in_username') {
+				$this->includeOrgInUsername = $cfgHelper->getBoolean(
+					'include_organization_in_username', FALSE);
+				continue;
+			}
+
 			$orgCfg = $cfgHelper->getArray($name);
 			$orgId = $name;
 
@@ -91,6 +102,10 @@ class sspmod_ldap_Auth_Source_LDAPMulti extends sspmod_core_Auth_UserPassOrgBase
 			throw new SimpleSAML_Error_Error('WRONGUSERPASS');
 		}
 
+		if ($this->includeOrgInUsername) {
+			$username = $username . '@' . $org;
+		}
+
 		return $this->ldapOrgs[$org]->login($username, $password);
 	}
 
-- 
GitLab