Skip to content
Snippets Groups Projects
Commit ab219b26 authored by Olav Morken's avatar Olav Morken
Browse files

ldap/LDAPMulti: Allow organization to be part of the username.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1408 44740490-163a-0410-bde0-09ae8108e29a
parent 9de6bfbb
No related branches found
No related tags found
No related merge requests found
...@@ -121,8 +121,27 @@ $config = array( ...@@ -121,8 +121,27 @@ $config = array(
'ldap:LDAPMulti', 'ldap:LDAPMulti',
/* /*
* A list of available LDAP servers / user groups. The value of each element is * The way the organization as part of the username should be handled.
* an array in the same format as an LDAP authentication source. * Three possible values:
* - 'none': No handling of the organization. Allows '@' to be part
* of the username.
* - 'allow': Will allow users to type 'username@organization'.
* - 'force': Force users to type 'username@organization'. The dropdown
* list will be hidden.
*
* The default is 'none'.
*/
'username_organization_method' => 'none',
/*
* A list of available LDAP servers.
*
* The index is an identifier for the organization/group. When
* 'username_organization_method' is set to something other than 'none',
* the organization-part of the username is matched against the index.
*
* The value of each element is an array in the same format as an LDAP
* authentication source.
*/ */
'employees' => array( 'employees' => array(
/* /*
......
...@@ -119,9 +119,27 @@ and add an entry which uses this module: ...@@ -119,9 +119,27 @@ and add an entry which uses this module:
'ldap:LDAPMulti', 'ldap:LDAPMulti',
/* /*
* A list of available LDAP servers. The index is only an identifier, * The way the organization as part of the username should be handled.
* and can be any string. The value of each element is an array in the * Three possible values:
* same format as an LDAP authentication source. * - 'none': No handling of the organization. Allows '@' to be part
* of the username.
* - 'allow': Will allow users to type 'username@organization'.
* - 'force': Force users to type 'username@organization'. The dropdown
* list will be hidden.
*
* The default is 'none'.
*/
'username_organization_method' => 'none',
/*
* A list of available LDAP servers.
*
* The index is an identifier for the organization/group. When
* 'username_organization_method' is set to something other than 'none',
* the organization-part of the username is matched against the index.
*
* The value of each element is an array in the same format as an LDAP
* authentication source.
*/ */
'employees' => array( 'employees' => array(
/* /*
...@@ -167,4 +185,3 @@ All options from the `ldap:LDAP` configuration can be used in each ...@@ -167,4 +185,3 @@ All options from the `ldap:LDAP` configuration can be used in each
group, and you should refer to the documentation for that module for group, and you should refer to the documentation for that module for
more information about available options. more information about available options.
...@@ -37,9 +37,25 @@ class sspmod_ldap_Auth_Source_LDAPMulti extends sspmod_core_Auth_UserPassOrgBase ...@@ -37,9 +37,25 @@ class sspmod_ldap_Auth_Source_LDAPMulti extends sspmod_core_Auth_UserPassOrgBase
/* Call the parent constructor first, as required by the interface. */ /* Call the parent constructor first, as required by the interface. */
parent::__construct($info, $config); parent::__construct($info, $config);
$cfgHelper = SimpleSAML_Configuration::loadFromArray($config,
'Authentication source ' . var_export($this->authId, TRUE));
$this->orgs = array(); $this->orgs = array();
$this->ldapOrgs = array(); $this->ldapOrgs = array();
foreach ($config as $orgId => $orgCfg) { foreach ($config as $name => $value) {
if ($name === 'username_organization_method') {
$usernameOrgMethod = $cfgHelper->getValueValidate(
'username_organization_method',
array('none', 'allow', 'force'));
$this->setUsernameOrgMethod($usernameOrgMethod);
continue;
}
$orgCfg = $cfgHelper->getArray($name);
$orgId = $name;
if (array_key_exists('description', $orgCfg)) { if (array_key_exists('description', $orgCfg)) {
$this->orgs[$orgId] = $orgCfg['description']; $this->orgs[$orgId] = $orgCfg['description'];
} else { } else {
...@@ -65,6 +81,7 @@ class sspmod_ldap_Auth_Source_LDAPMulti extends sspmod_core_Auth_UserPassOrgBase ...@@ -65,6 +81,7 @@ class sspmod_ldap_Auth_Source_LDAPMulti extends sspmod_core_Auth_UserPassOrgBase
protected function login($username, $password, $org) { protected function login($username, $password, $org) {
assert('is_string($username)'); assert('is_string($username)');
assert('is_string($password)'); assert('is_string($password)');
assert('is_string($org)');
if (!array_key_exists($org, $this->ldapOrgs)) { if (!array_key_exists($org, $this->ldapOrgs)) {
/* The user has selected an organization which doesn't exist anymore. */ /* The user has selected an organization which doesn't exist anymore. */
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment