Added group_indentifier option

README.md

@@ -46,10 +46,10 @@ user_dn: 'uid=[username],dc=company,dc=com'
 search_dn:
 group_dn:
 group_query: '(&(cn=*)(memberUid=[username]))'
+group_indentifier: cn
 map_username: uid
 map_fullname: givenName lastName
 map_email: mail
-
 save_grav_user: false
 store_ldap_data: false
 default_access_levels:
@@ -72,32 +72,33 @@ default_access_levels:
 
 |Key                   |Description                 | Values |
 |:---------------------|:---------------------------|:-------|
-|enabled|Enables the plugin | [default: **true**] \| false|
+|enabled|Enables the plugin | [default: `true`] \| `false`|
-|host|The DNS name or IP address of your LDAP server | e.g. ldap.yourcompany.com |
+|host|The DNS name or IP address of your LDAP server | e.g. `ldap.yourcompany.com` |
-|port|The TCP port of the host that the LDAP server runs under |  [default: **389**]|
+|port|The TCP port of the host that the LDAP server runs under |  [default: `389`]|
-|version|LDAP Version 3 is most popular (only change this if you know what you are doing) | [default: **3**]  |
+|version|LDAP Version 3 is most popular (only change this if you know what you are doing) | [default: `3`]  |
-|ssl|Enable SSL for the connection (typically for port 636 or 3269) | true \| [default: **false**] |
+|ssl|Enable SSL for the connection (typically for port 636 or 3269) | `true` \| [default: `false`] |
-|start_tls|Negotiate TLS encryption with the LDAP server (requires all traffic to be encrypted) | true \| [default: **false**] |
+|start_tls|Negotiate TLS encryption with the LDAP server (requires all traffic to be encrypted) | `true` \| [default: `false`] |
-|opt_referrals|Sets the value of LDAP_OPT_REFERRALS (Set to "off" for Windows 2003 servers) | true \| [default: **false**] |
+|opt_referrals|Sets the value of LDAP_OPT_REFERRALS (Set to "off" for Windows 2003 servers) | `true` \| [default: `false`] |
 
 ### LDAP Configuration
 
 |Key                   |Description                 | Values |
 |:---------------------|:---------------------------|:-------|
-|user_dn|DN String used to authenticate a user, where `[username]` is replaced by username value entered via login | e.g. `uid=[username],dc=company,dc=com` |
+|user_dn|DN String used to authenticate a user, where `[username]` is replaced by username value entered via login | [default: `uid=[username],dc=company,dc=com`] |
 |search_dn|DN String used to retrieve user data. If not provided, extra LDAP user data will not be stored in Grav user account file [OPTIONAL]| e.g. `ou=users,dc=company,dc=com` |
 |group_dn|DN String used to retrieve user group data. If not provided, extra LDAP group data will not be stored in Grav user account file [OPTIONAL] | e.g. `ou=groups,dc=company,dc=com` |
-|group_query|The query used to search Groups. Only change this if you know what you are doing| e.g. `(&(cn=*)(memberUid=[username]))`|
+|group_query|The query used to search Groups. Only change this if you know what you are doing| [default: `(&(cn=*)(memberUid=[username]))`] |
-|map_username|LDAP Attribute(s) that contains the user's username | [default: **uid**] |
+|group_indentifier|The Group identifier that will come back in the response, this is directly related to group query.| [default: `cn`] |
-|map_fullname|LDAP Attribute(s) that contains the user's full name | [default: **givenName lastName**] |
+|map_username|LDAP Attribute(s) that contains the user's username | [default: `uid`] |
-|map_email|LDAP Attribute(s) that contains the user's email address | [default: **mail**] |
+|map_fullname|LDAP Attribute(s) that contains the user's full name | [default: `givenName lastName`] |
+|map_email|LDAP Attribute(s) that contains the user's email address | [default: `mail`] |
 
 ### Advanced Configuration
 
 |Key                   |Description                 | Values |
 |:---------------------|:---------------------------|:-------|
-|save_grav_user|Store the grav user account as a local YAML account | true \| [default: **false**] |
+|save_grav_user|Store the grav user account as a local YAML account | true \| [default: `false`] |
-|store_ldap_data|If storing a local Grav user, you can also store LDAP data so its available in Grav| true \| [default: **false**] |
+|store_ldap_data|If storing a local Grav user, you can also store LDAP data so its available in Grav| true \| [default: `false`] |
 |default_access_levels.groups|Set a default group for all users logging in via LDAP [OPTIONAL] | e.g. `ldap_users` |
 |default_access_levels.access.site|Set the default **site access** for all users logging in via LDAP (used if no `access.groups` mapping applies) | e.g. `[login: 'true']` |
 |default_access_levels.access.groups|The default **access to assign** to users logging in based on **LDAP group membership**| e.g. `user: [site: [login: 'true']]` |
@@ -171,5 +172,22 @@ If either the `user_dn`, `search_dn`, `group_dn` or `group_query` are incorrect
 
 If you expect `fullname`, or `email` to be stored in the Grav user object, but they are not appearing, it's probably a problem with your field mappings.  Double check with your LDAP administrator that these are the correct mappings.
 
-Under the `example` folder you can find a `default.md` page that you can use to see the data collected during LDAP authentication. It's an useful way for configuring the plugin as well as tweaking the Blacklist.
+To get a quick state of your LDAP configuration, you can simply dump out the Grav user on a temporary _secure_ page:
+
+```markdown
+---
+title: LDAP Test
+cache_enabled: false
+process:
+    twig: true
+access:
+    site.login: true
+---
+
+# Grav User
+
+{{ vardump(grav.user) }}
+```
+
+For a more detailed example, you can look in the `example.` folder of this plugin, where you can find a `default.md` page that you can use to see the data collected during LDAP authentication. It's an useful way for configuring the plugin as well as tweaking the Blacklist.
 

blueprints.yaml

@@ -1,5 +1,5 @@
 name: Login LDAP
-version: 0.1.1
+version: 0.1.2
 description: Allows for Grav user authentication against an LDAP Server such as OpenLDAP or ActiveDirectory
 icon: user-circle-o
 author:
@@ -145,6 +145,13 @@ form:
                   placeholder: '(&(cn=*)(memberUid=[username]))'
                   help: PLUGIN_LOGIN_LDAP.GROUP_QUERY_DESC
 
+                group_indentifier:
+                  type: text
+                  label: PLUGIN_LOGIN_LDAP.GROUP_IDENTIFIER
+                  size: large
+                  placeholder: 'cn'
+                  help: PLUGIN_LOGIN_LDAP.GROUP_IDENTIFIER_DESC
+
                 map_username:
                   type: text
                   label: PLUGIN_LOGIN_LDAP.USERNAME_MAPPING

languages/en.yaml

@@ -9,6 +9,8 @@ PLUGIN_LOGIN_LDAP:
   GROUP_SEARCH_DN_DESC: 'String used to retrieve user group data. If not provided, extra LDAP group data will not be stored in Grav user account file'
   GROUP_QUERY: 'Group Query'
   GROUP_QUERY_DESC: 'The query used to search Groups. Only change this if you know what you are doing'
+  GROUP_IDENTIFIER: 'Group Identifier'
+  GROUP_IDENTIFIER_DESC: 'The Group identifier that will come back in the response, this is directly related to group query.'
   HOST: 'Host'
   HOST_DESC: 'Host name of the LDAP server'
   INSTRUCTIONS: 'Instructions'

login-ldap.php

@@ -71,21 +71,22 @@ class LoginLDAPPlugin extends Plugin
         $credentials = $event->getCredentials();
 
         // Get Proper username
-        $user_dn     = $this->config->get('plugins.login-ldap.user_dn');
+        $user_dn            = $this->config->get('plugins.login-ldap.user_dn');
-        $search_dn   = $this->config->get('plugins.login-ldap.search_dn');
+        $search_dn          = $this->config->get('plugins.login-ldap.search_dn');
-        $group_dn    = $this->config->get('plugins.login-ldap.group_dn');
+        $group_dn           = $this->config->get('plugins.login-ldap.group_dn');
-        $group_query = $this->config->get('plugins.login-ldap.group_query');
+        $group_query        = $this->config->get('plugins.login-ldap.group_query');
+        $group_indentifier  = $this->config->get('plugins.login-ldap.group_indentifier');
 
         $username   = str_replace('[username]', $credentials['username'], $user_dn);
 
         // Get Host info
-        $host           = $this->config->get('plugins.login-ldap.host');
+        $host               = $this->config->get('plugins.login-ldap.host');
-        $port           = $this->config->get('plugins.login-ldap.port');
+        $port               = $this->config->get('plugins.login-ldap.port');
-        $version        = $this->config->get('plugins.login-ldap.version');
+        $version            = $this->config->get('plugins.login-ldap.version');
-        $ssl            = $this->config->get('plugins.login-ldap.ssl');
+        $ssl                = $this->config->get('plugins.login-ldap.ssl');
-        $start_tls      = $this->config->get('plugins.login-ldap.start_tls');
+        $start_tls          = $this->config->get('plugins.login-ldap.start_tls');
-        $opt_referrals  = $this->config->get('plugins.login-ldap.opt_referrals');
+        $opt_referrals      = $this->config->get('plugins.login-ldap.opt_referrals');
-        $blacklist      = $this->config->get('plugins.login-ldap.blacklist_ldap_fields', []);
+        $blacklist          = $this->config->get('plugins.login-ldap.blacklist_ldap_fields', []);
 
         if (is_null($host)) {
             throw new ConnectionException('FATAL: LDAP host entry missing in plugin configuration...');
@@ -177,7 +178,7 @@ class LoginLDAPPlugin extends Plugin
 
                     foreach ($groups as $group) {
                         $attributes = $group->getAttributes();
-                        $user_group = array_shift($attributes['cn']);
+                        $user_group = array_shift($attributes[$group_indentifier]);
                         $user_groups[] = $user_group;
 
                         if ($this->config->get('plugins.login-ldap.store_ldap_data', false)) {

login-ldap.yaml

@@ -9,6 +9,7 @@ user_dn: 'uid=[username],dc=company,dc=com'
 search_dn:
 group_dn:
 group_query: '(&(cn=*)(memberUid=[username]))'
+group_indentifier: cn
 map_username: uid
 map_fullname: givenName lastName
 map_email: mail