jannik/grav-plugin-login-ldap
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #4 from theo2thief/develop

Browse Source 
Added ability to search for groups with DN of bound user
This commit is contained in:
Djamil Legato
2018-06-07 10:33:58 -07:00
committed by GitHub
parent a5656aac9f 48cfc34a84
commit 24ddb591ea
4 changed files with 14 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
blueprints.yaml
View File

@@ -173,6 +173,13 @@ form:
help: PLUGIN_LOGIN_LDAP.EMAIL_MAPPING_DESC help: PLUGIN_LOGIN_LDAP.EMAIL_MAPPING_DESC
placeholder: mail placeholder: mail
map_dn:
type: text
label: PLUGIN_LOGIN_LDAP.DN_MAPPING
size: large
help: PLUGIN_LOGIN_LDAP.DN_MAPPING_DESC
placeholder: distinguishedName
tab_2: tab_2:
type: tab type: tab
title: PLUGIN_LOGIN_LDAP.ADVANCED title: PLUGIN_LOGIN_LDAP.ADVANCED

4
languages/en.yaml
View File

@@ -8,7 +8,7 @@ PLUGIN_LOGIN_LDAP:
GROUP_SEARCH_DN: 'Group Search DN' GROUP_SEARCH_DN: 'Group Search DN'
GROUP_SEARCH_DN_DESC: 'String used to retrieve user group data. If not provided, extra LDAP group data will not be stored in Grav user account file' GROUP_SEARCH_DN_DESC: 'String used to retrieve user group data. If not provided, extra LDAP group data will not be stored in Grav user account file'
GROUP_QUERY: 'Group Query' GROUP_QUERY: 'Group Query'
GROUP_QUERY_DESC: 'The query used to search Groups. Only change this if you know what you are doing' GROUP_QUERY_DESC: 'The query used to search Groups. Only change this if you know what you are doing [dn] will be replaced with the distinguished name attribute and [username] will be replaced with the username entered via login'
GROUP_IDENTIFIER: 'Group Identifier' GROUP_IDENTIFIER: 'Group Identifier'
GROUP_IDENTIFIER_DESC: 'The Group identifier that will come back in the response, this is directly related to group query.' GROUP_IDENTIFIER_DESC: 'The Group identifier that will come back in the response, this is directly related to group query.'
HOST: 'Host' HOST: 'Host'
@@ -34,6 +34,8 @@ PLUGIN_LOGIN_LDAP:
FULLNAME_MAPPING_DESC: 'LDAP Attribute(s) that contains the user''s full name' FULLNAME_MAPPING_DESC: 'LDAP Attribute(s) that contains the user''s full name'
EMAIL_MAPPING: 'User Email Mapping' EMAIL_MAPPING: 'User Email Mapping'
EMAIL_MAPPING_DESC: 'LDAP Attribute that contains the user''s email' EMAIL_MAPPING_DESC: 'LDAP Attribute that contains the user''s email'
DN_MAPPING: 'User Distinguished Name Mapping'
DN_MAPPING_DESC: 'LDAP Attribute that contains the user''s distinguished name (useful for ActiveDirectory domains)'
USER_SEARCH_DN: 'User Search DN' USER_SEARCH_DN: 'User Search DN'
USER_SEARCH_DN_DESC: 'String used to retrieve user data. If not provided, extra LDAP user data will not be stored in Grav user account file' USER_SEARCH_DN_DESC: 'String used to retrieve user data. If not provided, extra LDAP user data will not be stored in Grav user account file'
VERSION: 'Version' VERSION: 'Version'

3
login-ldap.php
View File

@@ -117,6 +117,7 @@ class LoginLDAPPlugin extends Plugin
$map_username = $this->config->get('plugins.login-ldap.map_username'); $map_username = $this->config->get('plugins.login-ldap.map_username');
$map_fullname = $this->config->get('plugins.login-ldap.map_fullname'); $map_fullname = $this->config->get('plugins.login-ldap.map_fullname');
$map_email = $this->config->get('plugins.login-ldap.map_email'); $map_email = $this->config->get('plugins.login-ldap.map_email');
$map_dn = $this->config->get('plugins.login-ldap.map_dn');
// Try to login via LDAP // Try to login via LDAP
$ldap->bind($username, $credentials['password']); $ldap->bind($username, $credentials['password']);
@@ -148,6 +149,7 @@ class LoginLDAPPlugin extends Plugin
$userdata['login'] = $this->getLDAPMappedItem($map_username, $ldap_data); $userdata['login'] = $this->getLDAPMappedItem($map_username, $ldap_data);
$userdata['fullname'] = $this->getLDAPMappedItem($map_fullname, $ldap_data); $userdata['fullname'] = $this->getLDAPMappedItem($map_fullname, $ldap_data);
$userdata['email'] = $this->getLDAPMappedItem($map_email, $ldap_data); $userdata['email'] = $this->getLDAPMappedItem($map_email, $ldap_data);
$userdata['dn'] = $this->getLDAPMappedItem($map_dn, $ldap_data);
$userdata['provider'] = 'ldap'; $userdata['provider'] = 'ldap';
// Get LDAP Data if required // Get LDAP Data if required
@@ -169,6 +171,7 @@ class LoginLDAPPlugin extends Plugin
if ($group_dn) { if ($group_dn) {
// retrieves all extra groups for user // retrieves all extra groups for user
$group_query = str_replace('[username]', $credentials['username'], $group_query); $group_query = str_replace('[username]', $credentials['username'], $group_query);
$group_query = str_replace('[dn]', $userdata['dn'], $group_query);
$query = $ldap->query($group_dn, $group_query); $query = $ldap->query($group_dn, $group_query);
$groups = $query->execute()->toArray(); $groups = $query->execute()->toArray();

1
login-ldap.yaml
View File

@@ -13,6 +13,7 @@ group_indentifier: cn
map_username: uid map_username: uid
map_fullname: givenName lastName map_fullname: givenName lastName
map_email: mail map_email: mail
map_dn: distinguishedName
save_grav_user: false save_grav_user: false
store_ldap_data: false store_ldap_data: false