From c6931ae5cb334b2e56bab13608daf56a914f9cea Mon Sep 17 00:00:00 2001 From: Hans Zandbelt <hans.zandbelt@surfnet.nl> Date: Wed, 20 Aug 2008 14:14:08 +0000 Subject: [PATCH] add search feature to ldapmulti login git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@826 44740490-163a-0410-bde0-09ae8108e29a --- config-templates/ldapmulti.php | 33 ++++++++++++++++++++------------- www/auth/login-ldapmulti.php | 12 +++++++++--- 2 files changed, 29 insertions(+), 16 deletions(-) diff --git a/config-templates/ldapmulti.php b/config-templates/ldapmulti.php index df80ef030..f8210b49f 100644 --- a/config-templates/ldapmulti.php +++ b/config-templates/ldapmulti.php @@ -1,27 +1,34 @@ <?php + /* - * The configuration of simpleSAMLphp - * + * Configuration for the multi-DN LDAP authentication module. * + * $Id$ */ $ldapmulti = array ( 'feide.no' => array( - 'description' => 'Feide', - 'dnpattern' => 'uid=%username%,dc=feide,dc=no,ou=feide,dc=uninett,dc=no', - 'hostname' => 'ldap.uninett.no', - 'attributes' => 'objectclass=*', + 'description' => 'Feide', + /* for a description of options see equivalent options in ldap.php starting with auth.ldap. */ + 'dnpattern' => 'uid=%username%,dc=feide,dc=no,ou=feide,dc=uninett,dc=no', + 'hostname' => 'ldap.uninett.no', + 'attributes' => NULL, + 'enable_tls' => FALSE, + 'search.enable' => FALSE, + 'search.base' => NULL, + 'search.attributes' => NULL, + 'search.username' => NULL, + 'search.password' => NULL, ), + 'uninett.no' => array( - 'description' => 'UNINETT', - 'dnpattern' => 'uid=%username%,ou=people,dc=uninett,dc=no', - 'hostname' => 'ldap.uninett.no', - 'attributes' => 'objectclass=*', + 'description' => 'UNINETT', + 'dnpattern' => 'uid=%username%,ou=people,dc=uninett,dc=no', + 'hostname' => 'ldap.uninett.no', + 'attributes' => NULL, ) ); - - -?> \ No newline at end of file +?> diff --git a/www/auth/login-ldapmulti.php b/www/auth/login-ldapmulti.php index 5f2461fb4..147152d2f 100644 --- a/www/auth/login-ldapmulti.php +++ b/www/auth/login-ldapmulti.php @@ -31,10 +31,16 @@ if (isset($_POST['username'])) { try { $ldapconfig = $ldapmulti[$_POST['org']]; + + if ($ldapconfig['search.enable'] === TRUE) { + if(!$ldap->bind($ldapconfig['search.username'], $ldapconfig['search.password'])) { + throw new Exception('Error authenticating using search username & password.'); + } + $dn = $ldap->searchfordn($ldapconfig['search.base'], $ldapconfig['search.attributes'], $_POST['username']); + } else { + $dn = str_replace('%username%', $_POST['username'], $ldapconfig['dnpattern'] ); + } - - - $dn = str_replace('%username%', $_POST['username'], $ldapconfig['dnpattern'] ); $pwd = $_POST['password']; $ldap = new SimpleSAML_Auth_LDAP($ldapconfig['hostname'], $ldapconfig['enable_tls']); -- GitLab