From c6931ae5cb334b2e56bab13608daf56a914f9cea Mon Sep 17 00:00:00 2001
From: Hans Zandbelt <hans.zandbelt@surfnet.nl>
Date: Wed, 20 Aug 2008 14:14:08 +0000
Subject: [PATCH] add search feature to ldapmulti login

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@826 44740490-163a-0410-bde0-09ae8108e29a
---
 config-templates/ldapmulti.php | 33 ++++++++++++++++++++-------------
 www/auth/login-ldapmulti.php   | 12 +++++++++---
 2 files changed, 29 insertions(+), 16 deletions(-)

diff --git a/config-templates/ldapmulti.php b/config-templates/ldapmulti.php
index df80ef030..f8210b49f 100644
--- a/config-templates/ldapmulti.php
+++ b/config-templates/ldapmulti.php
@@ -1,27 +1,34 @@
 <?php
+
 /* 
- * The configuration of simpleSAMLphp
- * 
+ * Configuration for the multi-DN LDAP authentication module.
  * 
+ * $Id$
  */
 
 $ldapmulti = array (
 
 	'feide.no' => array(
-		'description'	=> 'Feide',
-		'dnpattern'		=> 'uid=%username%,dc=feide,dc=no,ou=feide,dc=uninett,dc=no',
-		'hostname'		=> 'ldap.uninett.no',
-		'attributes'	=> 'objectclass=*',
+		'description'		=> 'Feide',
+		/* for a description of options see equivalent options in ldap.php starting with auth.ldap. */
+		'dnpattern'			=> 'uid=%username%,dc=feide,dc=no,ou=feide,dc=uninett,dc=no',
+		'hostname'			=> 'ldap.uninett.no',
+		'attributes'		=> NULL,
+		'enable_tls'		=> FALSE,
+		'search.enable'		=> FALSE,
+		'search.base'		=> NULL,
+		'search.attributes'	=> NULL,
+		'search.username'	=> NULL,
+		'search.password'	=> NULL,
 	),
+
 	'uninett.no' => array(
-		'description'	=> 'UNINETT',
-		'dnpattern'		=> 'uid=%username%,ou=people,dc=uninett,dc=no',
-		'hostname'		=> 'ldap.uninett.no',
-		'attributes'	=> 'objectclass=*',
+		'description'		=> 'UNINETT',
+		'dnpattern'			=> 'uid=%username%,ou=people,dc=uninett,dc=no',
+		'hostname'			=> 'ldap.uninett.no',
+		'attributes'		=> NULL,
 	)
 	
 );
 
-
-
-?>
\ No newline at end of file
+?>
diff --git a/www/auth/login-ldapmulti.php b/www/auth/login-ldapmulti.php
index 5f2461fb4..147152d2f 100644
--- a/www/auth/login-ldapmulti.php
+++ b/www/auth/login-ldapmulti.php
@@ -31,10 +31,16 @@ if (isset($_POST['username'])) {
 	try {
 	
 		$ldapconfig = $ldapmulti[$_POST['org']];
+
+		if ($ldapconfig['search.enable'] === TRUE) {
+			if(!$ldap->bind($ldapconfig['search.username'], $ldapconfig['search.password'])) {
+				throw new Exception('Error authenticating using search username & password.');
+			}
+			$dn = $ldap->searchfordn($ldapconfig['search.base'], $ldapconfig['search.attributes'], $_POST['username']);
+		} else {
+			$dn = str_replace('%username%', $_POST['username'], $ldapconfig['dnpattern'] );
+		}
 		
-		
-	
-		$dn = str_replace('%username%', $_POST['username'], $ldapconfig['dnpattern'] );
 		$pwd = $_POST['password'];
 	
 		$ldap = new SimpleSAML_Auth_LDAP($ldapconfig['hostname'], $ldapconfig['enable_tls']);
-- 
GitLab