diff --git a/blueprints.yaml b/blueprints.yaml index 9d7bd0d..80e97cf 100644 --- a/blueprints.yaml +++ b/blueprints.yaml @@ -173,6 +173,13 @@ form: help: PLUGIN_LOGIN_LDAP.EMAIL_MAPPING_DESC placeholder: mail + map_dn: + type: text + label: PLUGIN_LOGIN_LDAP.DN_MAPPING + size: large + help: PLUGIN_LOGIN_LDAP.DN_MAPPING_DESC + placeholder: distinguishedName + tab_2: type: tab title: PLUGIN_LOGIN_LDAP.ADVANCED diff --git a/languages/en.yaml b/languages/en.yaml index 7fd369a..680bfcf 100644 --- a/languages/en.yaml +++ b/languages/en.yaml @@ -8,7 +8,7 @@ PLUGIN_LOGIN_LDAP: GROUP_SEARCH_DN: 'Group Search DN' GROUP_SEARCH_DN_DESC: 'String used to retrieve user group data. If not provided, extra LDAP group data will not be stored in Grav user account file' GROUP_QUERY: 'Group Query' - GROUP_QUERY_DESC: 'The query used to search Groups. Only change this if you know what you are doing' + GROUP_QUERY_DESC: 'The query used to search Groups. Only change this if you know what you are doing [dn] will be replaced with the distinguished name attribute and [username] will be replaced with the username entered via login' GROUP_IDENTIFIER: 'Group Identifier' GROUP_IDENTIFIER_DESC: 'The Group identifier that will come back in the response, this is directly related to group query.' HOST: 'Host' @@ -34,6 +34,8 @@ PLUGIN_LOGIN_LDAP: FULLNAME_MAPPING_DESC: 'LDAP Attribute(s) that contains the user''s full name' EMAIL_MAPPING: 'User Email Mapping' EMAIL_MAPPING_DESC: 'LDAP Attribute that contains the user''s email' + DN_MAPPING: 'User Distinguished Name Mapping' + DN_MAPPING_DESC: 'LDAP Attribute that contains the user''s distinguished name (useful for ActiveDirectory domains)' USER_SEARCH_DN: 'User Search DN' USER_SEARCH_DN_DESC: 'String used to retrieve user data. If not provided, extra LDAP user data will not be stored in Grav user account file' VERSION: 'Version' diff --git a/login-ldap.php b/login-ldap.php index 6c08b3e..6578bf3 100644 --- a/login-ldap.php +++ b/login-ldap.php @@ -117,6 +117,7 @@ class LoginLDAPPlugin extends Plugin $map_username = $this->config->get('plugins.login-ldap.map_username'); $map_fullname = $this->config->get('plugins.login-ldap.map_fullname'); $map_email = $this->config->get('plugins.login-ldap.map_email'); + $map_dn = $this->config->get('plugins.login-ldap.map_dn'); // Try to login via LDAP $ldap->bind($username, $credentials['password']); @@ -148,6 +149,7 @@ class LoginLDAPPlugin extends Plugin $userdata['login'] = $this->getLDAPMappedItem($map_username, $ldap_data); $userdata['fullname'] = $this->getLDAPMappedItem($map_fullname, $ldap_data); $userdata['email'] = $this->getLDAPMappedItem($map_email, $ldap_data); + $userdata['dn'] = $this->getLDAPMappedItem($map_dn, $ldap_data); $userdata['provider'] = 'ldap'; // Get LDAP Data if required @@ -169,6 +171,7 @@ class LoginLDAPPlugin extends Plugin if ($group_dn) { // retrieves all extra groups for user $group_query = str_replace('[username]', $credentials['username'], $group_query); + $group_query = str_replace('[dn]', $userdata['dn'], $group_query); $query = $ldap->query($group_dn, $group_query); $groups = $query->execute()->toArray(); diff --git a/login-ldap.yaml b/login-ldap.yaml index 421f4aa..60f4f14 100644 --- a/login-ldap.yaml +++ b/login-ldap.yaml @@ -13,6 +13,7 @@ group_indentifier: cn map_username: uid map_fullname: givenName lastName map_email: mail +map_dn: distinguishedName save_grav_user: false store_ldap_data: false