View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0011470 | mantisbt | feature | public | 2010-02-04 15:54 | 2013-03-02 14:56 |
Reporter | rrp | Assigned To | dregad | ||
Priority | normal | Severity | feature | Reproducibility | N/A |
Status | closed | Resolution | no change required | ||
Summary | 0011470: auto-create mantis account for LDAP users | ||||
Description | When use LDAP autentication mantis don't allows login user who haven't mantis account. IMHO better solution is let to automatically create mantis account after first login into mantis. Patch attached ... | ||||
Tags | No tags attached. | ||||
Attached Files | mantis.diff (2,809 bytes)
diff -C3 core-org/authentication_api.php core/authentication_api.php *** core-org/authentication_api.php 2010-02-04 19:12:14.000000000 +0000 --- core/authentication_api.php 2010-02-04 19:31:45.000000000 +0000 *************** *** 101,106 **** --- 101,123 ---- return false; } + } else if ( LDAP == $t_login_method ) { + if (ldap_authenticate( -1, $p_password, $p_username )) { + $t_email = ldap_email_from_username($p_username); + if (user_create( $p_username, $p_password, $t_email ) ) { + $t_user_id = user_get_id_by_name( $p_username ); + if ( false === $t_user_id ) { + # @@@ trigger an error here? + return false; + } + + } else { + # @@@ trigger an error here? + return false; + } + } else { + return false; + } } else { return false; } Wspólne podkatalogi: core-org/disposable i core/disposable diff -C3 core-org/ldap_api.php core/ldap_api.php *** core-org/ldap_api.php 2010-02-04 19:12:14.000000000 +0000 --- core/ldap_api.php 2010-02-04 19:13:14.000000000 +0000 *************** *** 119,125 **** # -------------------- # Attempt to authenticate the user against the LDAP directory # return true on successful authentication, false otherwise ! function ldap_authenticate( $p_user_id, $p_password ) { # if password is empty and ldap allows anonymous login, then # the user will be able to login, hence, we need to check # for this special case. --- 119,125 ---- # -------------------- # Attempt to authenticate the user against the LDAP directory # return true on successful authentication, false otherwise ! function ldap_authenticate( $p_user_id, $p_password, $p_username='' ) { # if password is empty and ldap allows anonymous login, then # the user will be able to login, hence, we need to check # for this special case. *************** *** 130,136 **** $t_ldap_organization = config_get( 'ldap_organization' ); $t_ldap_root_dn = config_get( 'ldap_root_dn' ); ! $t_username = user_get_field( $p_user_id, 'username' ); $t_ldap_uid_field = config_get( 'ldap_uid_field', 'uid' ) ; $t_search_filter = "(&$t_ldap_organization($t_ldap_uid_field=$t_username))"; $t_search_attrs = array( $t_ldap_uid_field, 'dn' ); --- 130,140 ---- $t_ldap_organization = config_get( 'ldap_organization' ); $t_ldap_root_dn = config_get( 'ldap_root_dn' ); ! if ($p_user_id == -1) { ! $t_username = $p_username; ! } else { ! $t_username = user_get_field( $p_user_id, 'username' ); ! } $t_ldap_uid_field = config_get( 'ldap_uid_field', 'uid' ) ; $t_search_filter = "(&$t_ldap_organization($t_ldap_uid_field=$t_username))"; $t_search_attrs = array( $t_ldap_uid_field, 'dn' ); mantis.autocreate_from_ldap.for_1.2.5.diff (2,321 bytes)
*** core/authentication_api.php.orig 2010-04-23 18:28:34.000000000 +0000 --- core/authentication_api.php 2010-05-10 10:34:41.000000000 +0000 *************** *** 184,191 **** if ( false === $t_user_id ) { if ( BASIC_AUTH == $t_login_method ) { $t_auto_create = true; ! } else if ( LDAP == $t_login_method && ldap_authenticate_by_username( $p_username, $p_password ) ) { ! $t_auto_create = true; } else { $t_auto_create = false; } --- 184,206 ---- if ( false === $t_user_id ) { if ( BASIC_AUTH == $t_login_method ) { $t_auto_create = true; ! } else if ( LDAP == $t_login_method ) { ! if (ldap_authenticate( -1, $p_password, $p_username )) { ! $t_email = ldap_email_from_username($p_username); ! if (user_create( $p_username, $p_password, $t_email ) ) { ! $t_user_id = user_get_id_by_name( $p_username ); ! if ( false === $t_user_id ) { ! # @@@ trigger an error here? ! return false; ! } ! ! } else { ! # @@@ trigger an error here? ! return false; ! } ! } else { ! return false; ! } } else { $t_auto_create = false; } *** core/ldap_api.php.orig 2011-07-22 11:54:07.000000000 +0000 --- core/ldap_api.php 2011-04-05 18:24:17.000000000 +0000 *************** *** 323,329 **** * @param string $p_password * @return bool */ ! function ldap_authenticate( $p_user_id, $p_password ) { # if password is empty and ldap allows anonymous login, then # the user will be able to login, hence, we need to check # for this special case. --- 323,329 ---- * @param string $p_password * @return bool */ ! function ldap_authenticate( $p_user_id, $p_password, $p_username='' ) { # if password is empty and ldap allows anonymous login, then # the user will be able to login, hence, we need to check # for this special case. *************** *** 331,337 **** return false; } ! $t_username = user_get_field( $p_user_id, 'username' ); return ldap_authenticate_by_username( $t_username, $p_password ); } --- 331,342 ---- return false; } ! if ($p_user_id == -1) { ! $t_username = $p_username; ! } else { ! $t_username = user_get_field( $p_user_id, 'username' ); ! } ! return ldap_authenticate_by_username( $t_username, $p_password ); } | ||||