Move to the new auth plugins for dokuwiki 2013-05-10
This commit is contained in:
parent
ae96661d53
commit
18883e3f1a
|
@ -8,7 +8,7 @@ my $ldapPort = $ldap{'TCPPort'} || '389';
|
|||
if ($auth eq 'internal'){
|
||||
$OUT .=<<"EOF";
|
||||
|
||||
\$conf['authtype'] = 'plain';
|
||||
\$conf['authtype'] = 'authplain';
|
||||
|
||||
EOF
|
||||
|
||||
|
@ -16,7 +16,7 @@ EOF
|
|||
elsif ($auth eq 'ldap'){
|
||||
$OUT .=<<"EOF";
|
||||
|
||||
\$conf['authtype'] = 'ldap';
|
||||
\$conf['authtype'] = 'authldap';
|
||||
|
||||
EOF
|
||||
|
||||
|
@ -24,7 +24,7 @@ EOF
|
|||
elsif ($auth eq 'LemonLDAP'){
|
||||
$OUT .=<<"EOF";
|
||||
|
||||
\$conf['authtype'] = 'httpldap';
|
||||
\$conf['authtype'] = 'authhttpldap';
|
||||
|
||||
EOF
|
||||
|
||||
|
@ -33,12 +33,13 @@ EOF
|
|||
if ($auth eq 'LemonLDAP' or $auth eq 'ldap'){
|
||||
$OUT .=<<"EOF";
|
||||
|
||||
\$conf['auth']['ldap']['server'] = "ldap://localhost:$ldapPort";
|
||||
\$conf['auth']['ldap']['version'] = '3';
|
||||
\$conf['auth']['ldap']['usertree'] = 'ou=Users,$base';
|
||||
\$conf['auth']['ldap']['grouptree'] = 'ou=Groups,$base';
|
||||
\$conf['auth']['ldap']['userfilter'] = '(&(uid=%{user})(objectClass=inetOrgPerson))';
|
||||
\$conf['auth']['ldap']['groupfilter'] = '(&(objectClass=mailboxRelatedObject)(memberUid=%{user}))';
|
||||
\$conf['plugin'][\$conf['authtype']]['server'] = "ldap://localhost:$ldapPort";
|
||||
\$conf['plugin'][\$conf['authtype']]['version'] = '3';
|
||||
\$conf['plugin'][\$conf['authtype']]['usertree'] = 'ou=Users,$base';
|
||||
\$conf['plugin'][\$conf['authtype']]['grouptree'] = 'ou=Groups,$base';
|
||||
\$conf['plugin'][\$conf['authtype']]['userfilter'] = '(&(uid=%{user})(objectClass=inetOrgPerson))';
|
||||
\$conf['plugin'][\$conf['authtype']]['groupfilter'] = '(&(objectClass=mailboxRelatedObject)(memberUid=%{user}))';
|
||||
\$conf['plugin'][\$conf['authtype']]['groupkey'] = 'cn';
|
||||
|
||||
EOF
|
||||
|
||||
|
|
|
@ -1,82 +0,0 @@
|
|||
<?php
|
||||
/**
|
||||
* HTTP/LDAP authentication backend
|
||||
* HTTP (your web server) handle the authentication
|
||||
* LDAP handle user informations, and group membership
|
||||
* This plugin have been written to work with LemonLDAP::NG WebSSO
|
||||
* @license GPL 2 (http://www.gnu.org/licenses/gpl.html)
|
||||
* @author Daniel Berteaud <daniel@firewall-services.com>
|
||||
*/
|
||||
|
||||
require("ldap.class.php");
|
||||
class auth_httpldap extends auth_ldap {
|
||||
var $cnf = null;
|
||||
|
||||
/**
|
||||
* Posible things an auth backend module may be able to
|
||||
* do. The things a backend can do need to be set to true
|
||||
* in the constructor.
|
||||
*/
|
||||
var $cando = array (
|
||||
'addUser' => false, // can Users be created?
|
||||
'delUser' => false, // can Users be deleted?
|
||||
'modLogin' => false, // can login names be changed?
|
||||
'modPass' => false, // can passwords be changed?
|
||||
'modName' => false, // can real names be changed?
|
||||
'modMail' => false, // can emails be changed?
|
||||
'modGroups' => false, // can groups be changed?
|
||||
'getUsers' => false, // can a (filtered) list of users be retrieved?
|
||||
'getUserCount'=> false, // can the number of users be retrieved?
|
||||
'getGroups' => false, // can a list of available groups be retrieved?
|
||||
'external' => true, // does the module do external auth checking?
|
||||
'logout' => true, // can the user logout again? (eg. not possible with HTTP auth)
|
||||
);
|
||||
|
||||
|
||||
/**
|
||||
* Constructor
|
||||
*/
|
||||
function auth_httpldap() {
|
||||
global $conf;
|
||||
$this->cnf = $conf['auth']['ldap'];
|
||||
|
||||
// ldap extension is needed
|
||||
if(!function_exists('ldap_connect')) {
|
||||
if ($this->cnf['debug'])
|
||||
msg("LDAP err: PHP LDAP extension not found.",-1,__LINE__,__FILE__);
|
||||
$this->success = false;
|
||||
return;
|
||||
}
|
||||
|
||||
if(empty($this->cnf['groupkey'])) $this->cnf['groupkey'] = 'cn';
|
||||
if(empty($this->cnf['userscope'])) $this->cnf['userscope'] = 'sub';
|
||||
if(empty($this->cnf['groupscope'])) $this->cnf['groupscope'] = 'sub';
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Check if REMOTE_USER is set
|
||||
*/
|
||||
function trustExternal($user,$pass,$sticky=false){
|
||||
global $USERINFO;
|
||||
$success = false;
|
||||
$username = $_SERVER['REMOTE_USER'];
|
||||
// print info if debug is enabled
|
||||
if ($this->cnf['debug']){
|
||||
msg('LemonLDAP::NG Login Name: '.htmlspecialchars($username),0,__LINE__,__FILE__);
|
||||
}
|
||||
if (!empty($username)){
|
||||
$USERINFO = $this->getUserData($user,true);
|
||||
$success = true;
|
||||
$_SESSION[DOKU_COOKIE]['auth']['user'] = $username;
|
||||
$_SESSION[DOKU_COOKIE]['auth']['info'] = $USERINFO;
|
||||
}
|
||||
// Deny access if user is not found in LDAP
|
||||
// This should never happen
|
||||
if (!empty($USERINFO['dn'])){
|
||||
$success = false;
|
||||
}
|
||||
return $success;
|
||||
}
|
||||
}
|
||||
|
|
@ -1,71 +0,0 @@
|
|||
<?php
|
||||
/**
|
||||
* auth/lemonldap-ng.class.php
|
||||
*
|
||||
* Authenticate and retrieve user informations from a LemonLDAP::NG instance
|
||||
*
|
||||
* @author Daniel Berteaud <dani@firewall-services.com>
|
||||
*/
|
||||
|
||||
class auth_lemonldapng extends auth_basic {
|
||||
|
||||
var $success = true;
|
||||
|
||||
|
||||
/**
|
||||
* Posible things an auth backend module may be able to
|
||||
* do. The things a backend can do need to be set to true
|
||||
* in the constructor.
|
||||
*/
|
||||
var $cando = array (
|
||||
'addUser' => false, // can Users be created?
|
||||
'delUser' => false, // can Users be deleted?
|
||||
'modLogin' => false, // can login names be changed?
|
||||
'modPass' => false, // can passwords be changed?
|
||||
'modName' => false, // can real names be changed?
|
||||
'modMail' => false, // can emails be changed?
|
||||
'modGroups' => false, // can groups be changed?
|
||||
'getUsers' => false, // can a (filtered) list of users be retrieved?
|
||||
'getUserCount'=> false, // can the number of users be retrieved?
|
||||
'getGroups' => false, // can a list of available groups be retrieved?
|
||||
'external' => true, // does the module do external auth checking?
|
||||
'logout' => true, // can the user logout again? (eg. not possible with HTTP auth)
|
||||
);
|
||||
|
||||
function auth_lemonldapng() {
|
||||
global $conf;
|
||||
$this->cnf = $conf['auth']['lemonldapng'];
|
||||
|
||||
// Set default headers name
|
||||
if(empty($this->cnf['header_login'])) $this->cnf['header_login'] = 'HTTP_AUTH_USER';
|
||||
if(empty($this->cnf['header_name'])) $this->cnf['header_name'] = 'HTTP_USER_NAME';
|
||||
if(empty($this->cnf['header_mail'])) $this->cnf['header_mail'] = 'HTTP_USER_MAIL';
|
||||
if(empty($this->cnf['header_groups'])) $this->cnf['header_groups'] = 'HTTP_USER_GROUPS';
|
||||
}
|
||||
|
||||
function trustExternal($user,$pass,$sticky=false){
|
||||
global $USERINFO;
|
||||
|
||||
$username = $_SERVER{$this->cnf['header_login']};
|
||||
$USERINFO['name'] = $_SERVER{$this->cnf['header_name']};
|
||||
$USERINFO['mail'] = $_SERVER{$this->cnf['header_mail']};
|
||||
$USERINFO['grps'] = preg_split("/; /", $_SERVER{$this->cnf['header_groups']});
|
||||
|
||||
// print info if debug is enabled
|
||||
if ($this->cnf['debug']){
|
||||
msg('LemonLDAP::NG Login Name: '.htmlspecialchars($username),0,__LINE__,__FILE__);
|
||||
msg('LemonLDAP::NG Full Name: '.htmlspecialchars($USERINFO['name']),0,__LINE__,__FILE__);
|
||||
msg('LemonLDAP::NG User Email Address: '.htmlspecialchars($USERINFO['mail']),0,__LINE__,__FILE__);
|
||||
if (is_array($USERINFO['grps'])) foreach ($USERINFO['grps'] as $group){
|
||||
msg('LemonLDAP::NG User Groups: '.htmlspecialchars($group),0,__LINE__,__FILE__);
|
||||
}
|
||||
}
|
||||
$success = $USERINFO !== false;
|
||||
if ($success) {
|
||||
$_SERVER['REMOTE_USER'] = $username;
|
||||
$_SESSION[DOKU_COOKIE]['auth']['user'] = $username;
|
||||
$_SESSION[DOKU_COOKIE]['auth']['info'] = $USERINFO;
|
||||
}
|
||||
return $success;
|
||||
}
|
||||
}
|
|
@ -0,0 +1,66 @@
|
|||
<?php
|
||||
|
||||
if(!defined('DOKU_INC')) die();
|
||||
|
||||
/**
|
||||
* HTTP/LDAP authentication backend
|
||||
* HTTP (your web server) handle the authentication
|
||||
* LDAP handle user informations, and group membership
|
||||
* This plugin have been written to work with LemonLDAP::NG WebSSO
|
||||
* @license GPL 2 (http://www.gnu.org/licenses/gpl.html)
|
||||
* @author Daniel Berteaud <daniel@firewall-services.com>
|
||||
*/
|
||||
|
||||
require(DOKU_PLUGIN."authldap/auth.php");
|
||||
class auth_plugin_authhttpldap extends auth_plugin_authldap {
|
||||
/**
|
||||
* Constructor
|
||||
*/
|
||||
public function __construct() {
|
||||
parent::__construct();
|
||||
|
||||
// ldap extension is needed
|
||||
if(!function_exists('ldap_connect')) {
|
||||
$this->_debug("LDAP err: PHP LDAP extension not found.", -1, __LINE__, __FILE__);
|
||||
$this->success = false;
|
||||
return;
|
||||
}
|
||||
$this->cando = array (
|
||||
'addUser' => false, // can Users be created?
|
||||
'delUser' => false, // can Users be deleted?
|
||||
'modLogin' => false, // can login names be changed?
|
||||
'modPass' => false, // can passwords be changed?
|
||||
'modName' => false, // can real names be changed?
|
||||
'modMail' => false, // can emails be changed?
|
||||
'modGroups' => false, // can groups be changed?
|
||||
'getUsers' => false, // can a (filtered) list of users be retrieved?
|
||||
'getUserCount'=> false, // can the number of users be retrieved?
|
||||
'getGroups' => false, // can a list of available groups be retrieved?
|
||||
'external' => true, // does the module do external auth checking?
|
||||
'logout' => true, // can the user logout again? (eg. not possible with HTTP auth)
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if REMOTE_USER is set
|
||||
*/
|
||||
function trustExternal($user,$pass,$sticky=false){
|
||||
global $USERINFO;
|
||||
$success = false;
|
||||
if (!isset($_SERVER['REMOTE_USER'])) return false;
|
||||
$username = $_SERVER['REMOTE_USER'];
|
||||
$this->_debug('LemonLDAP::NG Login Name: '.htmlspecialchars($username),0,__LINE__,__FILE__);
|
||||
if (!empty($username)){
|
||||
$USERINFO = $this->getUserData($username,true);
|
||||
$success = true;
|
||||
$_SESSION[DOKU_COOKIE]['auth']['user'] = $username;
|
||||
$_SESSION[DOKU_COOKIE]['auth']['info'] = $USERINFO;
|
||||
}
|
||||
// Deny access if user is not found in LDAP
|
||||
// This should never happen
|
||||
if (!empty($USERINFO['dn'])){
|
||||
$success = false;
|
||||
}
|
||||
return $success;
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue