Ticket #572 (new Feature Request)

Opened 8 years ago

Enhance the LDAP Filter mechanism

Reported by: julien.desfossez@… Owned by:
Priority: low Milestone: Not yet assigned to a Milestone
Component: Auth server, Authentication, permissions and access control Version:
Keywords: Cc:

Description

Hi,

I have created a small patch to enhance the filtering capability when using the LDAP Authenticator.

It replaces the token "%USER%" by the actual username, that way you can use that kind of expression in the authenticator_params :

(&(cn=%USER%)(groupMembership=cn=mygroup,o=mycompany))

It's simple and useful.

Here is the patch if you're interested :

--- AuthenticatorLDAP.php.orig	2009-05-11 14:49:10.000000000 -0400
+++ AuthenticatorLDAP.php	2009-05-11 14:50:37.000000000 -0400
@@ -175,7 +175,8 @@
                 }
 
                 // search for user
-                if (($res_id = ldap_search($connect, "o=$o", "$f=$username")) == false)  {
+                $auth_filter = str_replace("%USER%", $username, $f);
+                if (($res_id = ldap_search($connect, "$o", $auth_filter)) == false)  {
                     $errmsg = _("Error while obtaining your LDAP information.");
 
                     return false;
Note: See TracTickets for help on using tickets.