<?php
/**
 * auth/lemonldap-ng.class.php
 *
 * Authenticate and retrieve user informations from a LemonLDAP::NG instance
 *
 * @author    Daniel Berteaud <dani@firewall-services.com>
 */

class auth_lemonldapng extends auth_basic {

  var $success = true;


  /**
   * Posible things an auth backend module may be able to
   * do. The things a backend can do need to be set to true
   * in the constructor.
   */
  var $cando = array (
    'addUser'     => false, // can Users be created?
    'delUser'     => false, // can Users be deleted?
    'modLogin'    => false, // can login names be changed?
    'modPass'     => false, // can passwords be changed?
    'modName'     => false, // can real names be changed?
    'modMail'     => false, // can emails be changed?
    'modGroups'   => false, // can groups be changed?
    'getUsers'    => false, // can a (filtered) list of users be retrieved?
    'getUserCount'=> false, // can the number of users be retrieved?
    'getGroups'   => false, // can a list of available groups be retrieved?
    'external'    => true, // does the module do external auth checking?
    'logout'      => true,  // can the user logout again? (eg. not possible with HTTP auth)
  );

  function auth_lemonldapng() {
    global $conf;
    $this->cnf = $conf['auth']['lemonldapng'];

    // Set default headers name
    if(empty($this->cnf['header_login'])) $this->cnf['header_login'] = 'HTTP_AUTH_USER';
    if(empty($this->cnf['header_name'])) $this->cnf['header_name']  = 'HTTP_USER_NAME';
    if(empty($this->cnf['header_mail'])) $this->cnf['header_mail'] = 'HTTP_USER_MAIL';
    if(empty($this->cnf['header_groups'])) $this->cnf['header_groups'] = 'HTTP_USER_GROUPS';
  }

  function trustExternal($user,$pass,$sticky=false){
    global $USERINFO;

    $username = $_SERVER{$this->cnf['header_login']};
    $USERINFO['name'] = $_SERVER{$this->cnf['header_name']};
    $USERINFO['mail'] = $_SERVER{$this->cnf['header_mail']};
    $USERINFO['grps'] = preg_split("/; /", $_SERVER{$this->cnf['header_groups']});

    // print info if debug is enabled
    if ($this->cnf['debug']){
      msg('LemonLDAP::NG Login Name: '.htmlspecialchars($username),0,__LINE__,__FILE__);
      msg('LemonLDAP::NG Full Name: '.htmlspecialchars($USERINFO['name']),0,__LINE__,__FILE__);
      msg('LemonLDAP::NG User Email Address: '.htmlspecialchars($USERINFO['mail']),0,__LINE__,__FILE__);
      if (is_array($USERINFO['grps'])) foreach ($USERINFO['grps'] as $group){
        msg('LemonLDAP::NG User Groups: '.htmlspecialchars($group),0,__LINE__,__FILE__);
      }
    }
    $success = $USERINFO !== false;
    if ($success) {
      $_SERVER['REMOTE_USER'] = $username;
      $_SESSION[DOKU_COOKIE]['auth']['user'] = $username;
      $_SESSION[DOKU_COOKIE]['auth']['info'] = $USERINFO;
    }
    return $success;
  }
}