View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0004193 | mantisbt | bugtracker | public | 2004-07-26 07:21 | 2004-08-29 02:02 |
Reporter | alf | Assigned To | jlatour | ||
Priority | normal | Severity | feature | Reproducibility | N/A |
Status | closed | Resolution | fixed | ||
Product Version | 0.18.3 | ||||
Fixed in Version | 0.19.0rc1 | ||||
Summary | 0004193: Broaden the ldap features to work with (A.D.) - patch included | ||||
Description | I have made a small patch on the ldap subsystem to allow the "uid" field to be personalized. This allows searching for something else than "uid" to work with other ldap structures. It specifically now allows working with Active Directory's LDAP setting the "uid" field to "sAMAccountName". I just had to add an "ldap_uid_field" config variable (and the appropriate code). Could this be included in some next release ? Thanks. | ||||
Tags | No tags attached. | ||||
Attached Files | mantis.diff (3,828 bytes)
*** core/ldap_api.php 2004-01-11 10:16:10.000000000 +0300 --- core/ldap_api.php 2004-07-24 16:13:49.000000000 +0300 *************** *** 57,64 **** $t_ldap_organization = config_get( 'ldap_organization' ); $t_ldap_root_dn = config_get( 'ldap_root_dn' ); ! $t_search_filter = "(&$t_ldap_organization(uid=$p_username))"; ! $t_search_attrs = array( 'uid', 'mail', 'dn' ); $t_ds = ldap_connect_bind(); $t_sr = ldap_search( $t_ds, $t_ldap_root_dn, $t_search_filter, $t_search_attrs ); --- 57,68 ---- $t_ldap_organization = config_get( 'ldap_organization' ); $t_ldap_root_dn = config_get( 'ldap_root_dn' ); ! $t_ldap_uid_field = config_get( 'ldap_uid_field' ) ; ! if ($t_ldap_uid_field == '') { ! $t_ldap_uid_field = 'uid' ; ! } ! $t_search_filter = "(&$t_ldap_organization($t_ldap_uid_field=$p_username))"; ! $t_search_attrs = array( $t_ldap_uid_field, 'mail', 'dn' ); $t_ds = ldap_connect_bind(); $t_sr = ldap_search( $t_ds, $t_ldap_root_dn, $t_search_filter, $t_search_attrs ); *************** *** 76,83 **** $t_ldap_root_dn = config_get( 'ldap_root_dn' ); $t_username = user_get_field( $p_user_id, 'username' ); ! $t_search_filter = "(&$t_ldap_organization(uid=$t_username)(assignedgroup=$p_group))"; ! $t_search_attrs = array( 'uid', 'dn', 'assignedgroup' ); $t_ds = ldap_connect_bind(); $t_sr = ldap_search( $t_ds, $t_ldap_root_dn, $t_search_filter, $t_search_attrs ); --- 80,91 ---- $t_ldap_root_dn = config_get( 'ldap_root_dn' ); $t_username = user_get_field( $p_user_id, 'username' ); ! $t_ldap_uid_field = config_get( 'ldap_uid_field' ) ; ! if ($t_ldap_uid_field == '') { ! $t_ldap_uid_field = 'uid' ; ! } ! $t_search_filter = "(&$t_ldap_organization($t_ldap_uid_field=$t_username)(assignedgroup=$p_group))"; ! $t_search_attrs = array( $t_ldap_uid_field, 'dn', 'assignedgroup' ); $t_ds = ldap_connect_bind(); $t_sr = ldap_search( $t_ds, $t_ldap_root_dn, $t_search_filter, $t_search_attrs ); *************** *** 100,107 **** $t_ldap_root_dn = config_get( 'ldap_root_dn' ); $t_username = user_get_field( $p_user_id, 'username' ); ! $t_search_filter = "(&$t_ldap_organization(uid=$t_username))"; ! $t_search_attrs = array( 'uid', 'dn' ); $t_ds = ldap_connect_bind(); # Search for the user id --- 108,119 ---- $t_ldap_root_dn = config_get( 'ldap_root_dn' ); $t_username = user_get_field( $p_user_id, 'username' ); ! $t_ldap_uid_field = config_get( 'ldap_uid_field' ) ; ! if ($t_ldap_uid_field == '') { ! $t_ldap_uid_field = 'uid' ; ! } ! $t_search_filter = "(&$t_ldap_organization($t_ldap_uid_field=$t_username))"; ! $t_search_attrs = array( $t_ldap_uid_field, 'dn' ); $t_ds = ldap_connect_bind(); # Search for the user id *** config_defaults_inc.php 2004-05-12 14:36:14.000000000 +0300 --- config_defaults_inc.php 2004-07-25 14:49:18.000000000 +0300 *************** *** 564,570 **** $g_ldap_server = 'ldaps://ldap.example.com.au/'; $g_ldap_port = '636'; $g_ldap_root_dn = 'dc=example,dc=com,dc=au'; ! #$g_ldap_organization = '(organizationname=*Traffic)'; # optional $g_ldap_bind_dn = ''; $g_ldap_bind_passwd = ''; $g_use_ldap_email = OFF; # Should we send to the LDAP email address or what MySql tells us --- 564,571 ---- $g_ldap_server = 'ldaps://ldap.example.com.au/'; $g_ldap_port = '636'; $g_ldap_root_dn = 'dc=example,dc=com,dc=au'; ! $g_ldap_organization = ''; // e.g. '(organizationname=*Traffic)' ! $g_ldap_uid_field = 'uid'; // Use 'sAMAccountName' for A.D. $g_ldap_bind_dn = ''; $g_ldap_bind_passwd = ''; $g_use_ldap_email = OFF; # Should we send to the LDAP email address or what MySql tells us | ||||
Given the seemless modification to the code, you might be interested in including it. Thanks a lot for your feedback. |
|
Applied to CVS, with some changes - thanks. For next time:
Thanks again! |
|