72 lines
2.8 KiB
PHP
72 lines
2.8 KiB
PHP
<?php
|
|
/**
|
|
* auth/lemonldap-ng.class.php
|
|
*
|
|
* Authenticate and retrieve user informations from a LemonLDAP::NG instance
|
|
*
|
|
* @author Daniel Berteaud <dani@firewall-services.com>
|
|
*/
|
|
|
|
class auth_lemonldapng extends auth_basic {
|
|
|
|
var $success = true;
|
|
|
|
|
|
/**
|
|
* Posible things an auth backend module may be able to
|
|
* do. The things a backend can do need to be set to true
|
|
* in the constructor.
|
|
*/
|
|
var $cando = array (
|
|
'addUser' => false, // can Users be created?
|
|
'delUser' => false, // can Users be deleted?
|
|
'modLogin' => false, // can login names be changed?
|
|
'modPass' => false, // can passwords be changed?
|
|
'modName' => false, // can real names be changed?
|
|
'modMail' => false, // can emails be changed?
|
|
'modGroups' => false, // can groups be changed?
|
|
'getUsers' => false, // can a (filtered) list of users be retrieved?
|
|
'getUserCount'=> false, // can the number of users be retrieved?
|
|
'getGroups' => false, // can a list of available groups be retrieved?
|
|
'external' => true, // does the module do external auth checking?
|
|
'logout' => true, // can the user logout again? (eg. not possible with HTTP auth)
|
|
);
|
|
|
|
function auth_lemonldapng() {
|
|
global $conf;
|
|
$this->cnf = $conf['auth']['lemonldapng'];
|
|
|
|
// Set default headers name
|
|
if(empty($this->cnf['header_login'])) $this->cnf['header_login'] = 'HTTP_AUTH_USER';
|
|
if(empty($this->cnf['header_name'])) $this->cnf['header_name'] = 'HTTP_USER_NAME';
|
|
if(empty($this->cnf['header_mail'])) $this->cnf['header_mail'] = 'HTTP_USER_MAIL';
|
|
if(empty($this->cnf['header_groups'])) $this->cnf['header_groups'] = 'HTTP_USER_GROUPS';
|
|
}
|
|
|
|
function trustExternal($user,$pass,$sticky=false){
|
|
global $USERINFO;
|
|
|
|
$username = $_SERVER{$this->cnf['header_login']};
|
|
$USERINFO['name'] = $_SERVER{$this->cnf['header_name']};
|
|
$USERINFO['mail'] = $_SERVER{$this->cnf['header_mail']};
|
|
$USERINFO['grps'] = preg_split("/; /", $_SERVER{$this->cnf['header_groups']});
|
|
|
|
// print info if debug is enabled
|
|
if ($this->cnf['debug']){
|
|
msg('LemonLDAP::NG Login Name: '.htmlspecialchars($username),0,__LINE__,__FILE__);
|
|
msg('LemonLDAP::NG Full Name: '.htmlspecialchars($USERINFO['name']),0,__LINE__,__FILE__);
|
|
msg('LemonLDAP::NG User Email Address: '.htmlspecialchars($USERINFO['mail']),0,__LINE__,__FILE__);
|
|
if (is_array($USERINFO['grps'])) foreach ($USERINFO['grps'] as $group){
|
|
msg('LemonLDAP::NG User Groups: '.htmlspecialchars($group),0,__LINE__,__FILE__);
|
|
}
|
|
}
|
|
$success = $USERINFO !== false;
|
|
if ($success) {
|
|
$_SERVER['REMOTE_USER'] = $username;
|
|
$_SESSION[DOKU_COOKIE]['auth']['user'] = $username;
|
|
$_SESSION[DOKU_COOKIE]['auth']['info'] = $USERINFO;
|
|
}
|
|
return $success;
|
|
}
|
|
}
|