jannik/grav-plugin-login-ldap
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'release/1.0.1'

Browse Source
This commit is contained in:
Djamil Legato
2018-06-11 15:19:31 -07:00
parent 50891c22ec 4c08ca335e
commit ae335956c2
6 changed files with 23 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored Normal file
View File

@@ -0,0 +1 @@
/.idea

8
CHANGELOG.md
View File

@@ -1,5 +1,11 @@
# v1.0.1
## 06/11/2018
1. [](#improved)
* Added ability to search for groups with customizable `distinguishedName` setting of the bound user (useful for ActiveDirectory domains) [#1](https://github.com/trilbymedia/grav-plugin-login-ldap/issues/1)
# v1.0.0 # v1.0.0
## 05/18/2018 ## 05/18/2018
1. [](#new) 1. [](#new)
* Plugin released... * Plugin released...

9
blueprints.yaml
View File

@@ -1,5 +1,5 @@
name: Login LDAP name: Login LDAP
version: 1.0.0 version: 1.0.1
description: Allows for Grav user authentication against an LDAP Server such as OpenLDAP or ActiveDirectory description: Allows for Grav user authentication against an LDAP Server such as OpenLDAP or ActiveDirectory
icon: user-circle-o icon: user-circle-o
author: author:
@@ -173,6 +173,13 @@ form:
help: PLUGIN_LOGIN_LDAP.EMAIL_MAPPING_DESC help: PLUGIN_LOGIN_LDAP.EMAIL_MAPPING_DESC
placeholder: mail placeholder: mail
map_dn:
type: text
label: PLUGIN_LOGIN_LDAP.DN_MAPPING
size: large
help: PLUGIN_LOGIN_LDAP.DN_MAPPING_DESC
placeholder: distinguishedName
tab_2: tab_2:
type: tab type: tab
title: PLUGIN_LOGIN_LDAP.ADVANCED title: PLUGIN_LOGIN_LDAP.ADVANCED

4
languages/en.yaml
View File

@@ -8,7 +8,7 @@ PLUGIN_LOGIN_LDAP:
GROUP_SEARCH_DN: 'Group Search DN' GROUP_SEARCH_DN: 'Group Search DN'
GROUP_SEARCH_DN_DESC: 'String used to retrieve user group data. If not provided, extra LDAP group data will not be stored in Grav user account file' GROUP_SEARCH_DN_DESC: 'String used to retrieve user group data. If not provided, extra LDAP group data will not be stored in Grav user account file'
GROUP_QUERY: 'Group Query' GROUP_QUERY: 'Group Query'
GROUP_QUERY_DESC: 'The query used to search Groups. Only change this if you know what you are doing' GROUP_QUERY_DESC: 'The query used to search Groups. Only change this if you know what you are doing. [dn] will be replaced with the distinguished name attribute and [username] will be replaced with the username entered via login'
GROUP_IDENTIFIER: 'Group Identifier' GROUP_IDENTIFIER: 'Group Identifier'
GROUP_IDENTIFIER_DESC: 'The Group identifier that will come back in the response, this is directly related to group query.' GROUP_IDENTIFIER_DESC: 'The Group identifier that will come back in the response, this is directly related to group query.'
HOST: 'Host' HOST: 'Host'
@@ -34,6 +34,8 @@ PLUGIN_LOGIN_LDAP:
FULLNAME_MAPPING_DESC: 'LDAP Attribute(s) that contains the user''s full name' FULLNAME_MAPPING_DESC: 'LDAP Attribute(s) that contains the user''s full name'
EMAIL_MAPPING: 'User Email Mapping' EMAIL_MAPPING: 'User Email Mapping'
EMAIL_MAPPING_DESC: 'LDAP Attribute that contains the user''s email' EMAIL_MAPPING_DESC: 'LDAP Attribute that contains the user''s email'
DN_MAPPING: 'User Distinguished Name Mapping'
DN_MAPPING_DESC: 'LDAP Attribute that contains the user''s distinguished name (useful for ActiveDirectory domains)'
USER_SEARCH_DN: 'User Search DN' USER_SEARCH_DN: 'User Search DN'
USER_SEARCH_DN_DESC: 'String used to retrieve user data. If not provided, extra LDAP user data will not be stored in Grav user account file' USER_SEARCH_DN_DESC: 'String used to retrieve user data. If not provided, extra LDAP user data will not be stored in Grav user account file'
VERSION: 'Version' VERSION: 'Version'

3
login-ldap.php
View File

@@ -117,6 +117,7 @@ class LoginLDAPPlugin extends Plugin
$map_username = $this->config->get('plugins.login-ldap.map_username'); $map_username = $this->config->get('plugins.login-ldap.map_username');
$map_fullname = $this->config->get('plugins.login-ldap.map_fullname'); $map_fullname = $this->config->get('plugins.login-ldap.map_fullname');
$map_email = $this->config->get('plugins.login-ldap.map_email'); $map_email = $this->config->get('plugins.login-ldap.map_email');
$map_dn = $this->config->get('plugins.login-ldap.map_dn');
// Try to login via LDAP // Try to login via LDAP
$ldap->bind($username, $credentials['password']); $ldap->bind($username, $credentials['password']);
@@ -148,6 +149,7 @@ class LoginLDAPPlugin extends Plugin
$userdata['login'] = $this->getLDAPMappedItem($map_username, $ldap_data); $userdata['login'] = $this->getLDAPMappedItem($map_username, $ldap_data);
$userdata['fullname'] = $this->getLDAPMappedItem($map_fullname, $ldap_data); $userdata['fullname'] = $this->getLDAPMappedItem($map_fullname, $ldap_data);
$userdata['email'] = $this->getLDAPMappedItem($map_email, $ldap_data); $userdata['email'] = $this->getLDAPMappedItem($map_email, $ldap_data);
$userdata['dn'] = $this->getLDAPMappedItem($map_dn, $ldap_data);
$userdata['provider'] = 'ldap'; $userdata['provider'] = 'ldap';
// Get LDAP Data if required // Get LDAP Data if required
@@ -169,6 +171,7 @@ class LoginLDAPPlugin extends Plugin
if ($group_dn) { if ($group_dn) {
// retrieves all extra groups for user // retrieves all extra groups for user
$group_query = str_replace('[username]', $credentials['username'], $group_query); $group_query = str_replace('[username]', $credentials['username'], $group_query);
$group_query = str_replace('[dn]', $userdata['dn'], $group_query);
$query = $ldap->query($group_dn, $group_query); $query = $ldap->query($group_dn, $group_query);
$groups = $query->execute()->toArray(); $groups = $query->execute()->toArray();

1
login-ldap.yaml
View File

@@ -13,6 +13,7 @@ group_indentifier: cn
map_username: uid map_username: uid
map_fullname: givenName lastName map_fullname: givenName lastName
map_email: mail map_email: mail
map_dn: distinguishedName
save_grav_user: false save_grav_user: false
store_ldap_data: false store_ldap_data: false