diff -r -u mantisbt-1.2.1\/account_update.php mantisbt-1.2.1x/account_update.php --- mantisbt-1.2.1\/account_update.php 2010-04-23 14:28:34.000000000 +0300 +++ mantisbt-1.2.1x/account_update.php 2010-05-13 13:09:10.962955300 +0300 @@ -31,6 +31,10 @@ require_once( 'email_api.php' ); + if ( MIXED == $g_login_method) { + $g_login_method = MD5; + } + form_security_validate('account_update'); auth_ensure_user_authenticated(); diff -r -u mantisbt-1.2.1\/config_defaults_inc.php mantisbt-1.2.1x/config_defaults_inc.php --- mantisbt-1.2.1\/config_defaults_inc.php 2010-04-23 14:28:34.000000000 +0300 +++ mantisbt-1.2.1x/config_defaults_inc.php 2010-05-13 14:03:07.270004500 +0300 @@ -1720,8 +1720,65 @@ * systems this option should be set to ''. */ $g_ldap_simulation_file_path = ''; + + /** + * Whether or not to store password, realname and email from LDAP to local database. + * + * @global int $g_ldap_store_to_localdb + */ + $g_ldap_store_to_localdb = ON; /******************* + * Multi LDAP auth * + *******************/ + /** + * The same as for LDAP but you can configure defferent options for each LDAP profile. + * And additional you can use other auth schemes this way + * To enable multi LDAP scheme set $g_login_method to MIXED + */ + + $g_auth_profiles = array ( + "0" => array( + "auth_profile_name" => "LOCAL", + "login_method" => MD5 + ), + "1" => array( + "auth_profile_name" => "LDAP SERVER 1", + "login_method" => LDAP, + "ldap_server" => "ldap1.example1.com.au", + "ldap_port" => "389", + "ldap_root_dn" => "dc=example1,dc=com,dc=au", + "ldap_organization" => "", + "ldap_uid_field" => "sAMAccountName", + "ldap_realname_field" => "cn", + "ldap_bind_dn" => "", + "ldap_bind_passwd" => "", + "ldap_email" => OFF, + "ldap_realname" => OFF, + "ldap_protocol_version" => "3", + "ldap_follow_referrals" => OFF, + "ldap_simulation_file_path" => "" + ), + "2" => array( + "auth_profile_name" => "LDAP SERVER 2", + "login_method" => LDAP, + "ldap_server" => "ldap2.example2.com.au", + "ldap_port" => "389", + "ldap_root_dn" => "dc=example1,dc=com,dc=au", + "ldap_organization" => "", + "ldap_uid_field" => "sAMAccountName", + "ldap_realname_field" => "cn", + "ldap_bind_dn" => "", + "ldap_bind_passwd" => "", + "ldap_email" => OFF, + "ldap_realname" => OFF, + "ldap_protocol_version" => "3", + "ldap_follow_referrals" => OFF, + "ldap_simulation_file_path" => "" + ) + ); + + /******************* * Status Settings * *******************/ @@ -2479,6 +2536,7 @@ /** * login method * CRYPT or PLAIN or MD5 or LDAP or BASIC_AUTH + * or MIXED for multiLDAP * You can simply change this at will. MantisBT will try to figure out how the passwords were encrypted. * @global int $g_login_method */ @@ -2797,6 +2855,15 @@ * @global string $g_bug_list_cookie */ $g_bug_list_cookie = '%cookie_prefix%_BUG_LIST_COOKIE'; + + /** + * + * @global string $g_bug_list_cookie + */ + $g_logon_to_cookie = '%cookie_prefix%_LOGON_TO_COOKIE'; + + + /***************************** * MantisBT Filter Variables * diff -r -u mantisbt-1.2.1\/core/authentication_api.php mantisbt-1.2.1x/core/authentication_api.php --- mantisbt-1.2.1\/core/authentication_api.php 2010-04-23 14:28:34.000000000 +0300 +++ mantisbt-1.2.1x/core/authentication_api.php 2010-05-13 13:22:36.317013700 +0300 @@ -52,6 +52,18 @@ */ $g_cache_current_user_id = null; + + if (gpc_get_cookie( config_get('logon_to_cookie'), '')){ + $t_cookie_logon_to = gpc_get_cookie( config_get('logon_to_cookie'), ''); + + if ( MIXED == $g_login_method ){ + foreach ($g_auth_profiles[$t_cookie_logon_to] as $t_key => $t_value){ + ${'g_'.$t_key} = $t_value; + } + } + } + + /** * Check that there is a user logged-in and authenticated * If the user's account is disabled they will be logged out @@ -458,12 +470,17 @@ $t_cookie_name = config_get( 'string_cookie' ); + $t_cookie_logon_to = config_get( 'logon_to_cookie' ); + global $f_logon_to; + if( $p_perm_login ) { # set permanent cookie (1 year) gpc_set_cookie( $t_cookie_name, $t_cookie_string, true ); + gpc_set_cookie( $t_cookie_logon_to, $g_ldap_server, true ); } else { # set temp cookie, cookie dies after browser closes gpc_set_cookie( $t_cookie_name, $t_cookie_string, false ); + gpc_set_cookie( $t_cookie_logon_to, $f_logon_to, false ); } } @@ -482,8 +499,10 @@ if( $g_script_login_cookie == null ) { $t_cookie_name = config_get( 'string_cookie' ); $t_cookie_path = config_get( 'cookie_path' ); + $t_cookie_logon_to = config_get( 'logon_to_cookie' ); gpc_clear_cookie( $t_cookie_name, $t_cookie_path ); + gpc_clear_cookie( $t_cookie_logon_to, $t_cookie_path ); $t_cookies_cleared = true; } else { $g_script_login_cookie = null; diff -r -u mantisbt-1.2.1\/core/constant_inc.php mantisbt-1.2.1x/core/constant_inc.php --- mantisbt-1.2.1\/core/constant_inc.php 2010-04-23 14:28:34.000000000 +0300 +++ mantisbt-1.2.1x/core/constant_inc.php 2010-05-13 10:04:00.938673700 +0300 @@ -134,6 +134,7 @@ define( 'LDAP', 4 ); define( 'BASIC_AUTH', 5 ); define( 'HTTP_AUTH', 6 ); +define( 'MIXED', 7 ); # file upload methods define( 'DISK', 1 ); diff -r -u mantisbt-1.2.1\/core/custom_function_api.php mantisbt-1.2.1x/core/custom_function_api.php --- mantisbt-1.2.1\/core/custom_function_api.php 2010-04-23 14:28:34.000000000 +0300 +++ mantisbt-1.2.1x/core/custom_function_api.php 2010-05-13 12:02:14.394077100 +0300 @@ -197,7 +197,7 @@ CRYPT_FULL_SALT, MD5, ); - if( in_array( config_get( 'login_method' ), $t_can_change ) ) { + if( ( in_array( config_get( 'login_method' ), $t_can_change ) ) || ( is_page_name( 'verify.php' ) && config_get( 'login_method' ) == MIXED )) { return true; } else { return false; diff -r -u mantisbt-1.2.1\/core/ldap_api.php mantisbt-1.2.1x/core/ldap_api.php --- mantisbt-1.2.1\/core/ldap_api.php 2010-04-23 14:28:34.000000000 +0300 +++ mantisbt-1.2.1x/core/ldap_api.php 2010-05-12 15:44:20.435179300 +0300 @@ -352,7 +352,10 @@ # If user authenticated successfully then update the local DB with information # from LDAP. This will allow us to use the local data after login without # having to go back to LDAP. This will also allow fallback to DB if LDAP is down. - if ( $t_authenticated ) { + + global $g_ldap_store_to_localdb; + + if ( $t_authenticated && $g_ldap_store_to_localdb == ON ) { $t_user_id = user_get_id_by_name( $p_username ); if ( false !== $t_user_id ) { diff -r -u mantisbt-1.2.1\/login.php mantisbt-1.2.1x/login.php --- mantisbt-1.2.1\/login.php 2010-04-23 14:28:34.000000000 +0300 +++ mantisbt-1.2.1x/login.php 2010-05-13 13:14:50.451675700 +0300 @@ -28,10 +28,17 @@ $f_username = gpc_get_string( 'username', '' ); $f_password = gpc_get_string( 'password', '' ); + $f_logon_to = gpc_get_string( 'logon_to', '' ); $f_perm_login = gpc_get_bool( 'perm_login' ); $t_return = string_url( string_sanitize_url( gpc_get_string( 'return', config_get( 'default_home_page' ) ) ) ); $f_from = gpc_get_string( 'from', '' ); $f_secure_session = gpc_get_bool( 'secure_session', false ); + + if ( MIXED == $g_login_method ){ + foreach ($g_auth_profiles[$f_logon_to] as $t_key => $t_value){ + ${'g_'.$t_key} = $t_value; + } + } $f_username = auth_prepare_username($f_username); $f_password = auth_prepare_password($f_password); @@ -48,11 +55,10 @@ '&error=1&username=' . urlencode( $f_username ) . '&perm_login=' . ( $f_perm_login ? 1 : 0 ) . '&secure_session=' . ( $f_secure_session ? 1 : 0 ); - + if ( HTTP_AUTH == config_get( 'login_method' ) ) { auth_http_prompt(); exit; } } - print_header_redirect( $t_redirect_url ); diff -r -u mantisbt-1.2.1\/login_page.php mantisbt-1.2.1x/login_page.php --- mantisbt-1.2.1\/login_page.php 2010-04-23 14:28:34.000000000 +0300 +++ mantisbt-1.2.1x/login_page.php 2010-05-13 10:37:28.636246900 +0300 @@ -132,6 +132,15 @@ +