add search feature to ldapmulti login

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@826 44740490-163a-0410-bde0-09ae8108e29a

add search feature to ldapmulti login
c6931ae5 · Hans Zandbelt · 8154e0d0 · c6931ae5 · c6931ae5
Commit c6931ae5 authored 16 years ago by Hans Zandbelt
--- a/config-templates/ldapmulti.php
+++ b/config-templates/ldapmulti.php
 <?php
+
 /* 
- * The configuration of simpleSAMLphp
- * 
+ * Configuration for the multi-DN LDAP authentication module.
 * 
+ * $Id$
 */

 $ldapmulti = array (

 	'feide.no' => array(
-		'description'	=> 'Feide',
-		'dnpattern'		=> 'uid=%username%,dc=feide,dc=no,ou=feide,dc=uninett,dc=no',
-		'hostname'		=> 'ldap.uninett.no',
-		'attributes'	=> 'objectclass=*',
+		'description'		=> 'Feide',
+		/* for a description of options see equivalent options in ldap.php starting with auth.ldap. */
+		'dnpattern'			=> 'uid=%username%,dc=feide,dc=no,ou=feide,dc=uninett,dc=no',
+		'hostname'			=> 'ldap.uninett.no',
+		'attributes'		=> NULL,
+		'enable_tls'		=> FALSE,
+		'search.enable'		=> FALSE,
+		'search.base'		=> NULL,
+		'search.attributes'	=> NULL,
+		'search.username'	=> NULL,
+		'search.password'	=> NULL,
 	),
+
 	'uninett.no' => array(
-		'description'	=> 'UNINETT',
-		'dnpattern'		=> 'uid=%username%,ou=people,dc=uninett,dc=no',
-		'hostname'		=> 'ldap.uninett.no',
-		'attributes'	=> 'objectclass=*',
+		'description'		=> 'UNINETT',
+		'dnpattern'			=> 'uid=%username%,ou=people,dc=uninett,dc=no',
+		'hostname'			=> 'ldap.uninett.no',
+		'attributes'		=> NULL,
 	)
 	
 );

-
-
-?>
\ No newline at end of file
+?>
--- a/www/auth/login-ldapmulti.php
+++ b/www/auth/login-ldapmulti.php
@@ -31,10 +31,16 @@ if (isset($_POST['username'])) {
 	try {
 	
 		$ldapconfig = $ldapmulti[$_POST['org']];
+
+		if ($ldapconfig['search.enable'] === TRUE) {
+			if(!$ldap->bind($ldapconfig['search.username'], $ldapconfig['search.password'])) {
+				throw new Exception('Error authenticating using search username & password.');
+			}
+			$dn = $ldap->searchfordn($ldapconfig['search.base'], $ldapconfig['search.attributes'], $_POST['username']);
+		} else {
+			$dn = str_replace('%username%', $_POST['username'], $ldapconfig['dnpattern'] );
+		}
 		
-		
-	
-		$dn = str_replace('%username%', $_POST['username'], $ldapconfig['dnpattern'] );
 		$pwd = $_POST['password'];
 	
 		$ldap = new SimpleSAML_Auth_LDAP($ldapconfig['hostname'], $ldapconfig['enable_tls']);