Wspólne podkatalogi: core-org2/disposable i core/disposable
diff -C3 core-org2/ldap_api.php core/ldap_api.php
*** core-org2/ldap_api.php	2010-02-10 13:05:00.000000000 +0000
--- core/ldap_api.php	2010-02-10 13:18:51.000000000 +0000
***************
*** 138,143 ****
--- 138,149 ----
  		$t_ldap_uid_field	= config_get( 'ldap_uid_field', 'uid' ) ;
  		$t_search_filter 	= "(&$t_ldap_organization($t_ldap_uid_field=$t_username))";
  		$t_search_attrs  	= array( $t_ldap_uid_field, 'dn' );
+ 
+ 		$t_ldap_group_dn		= config_get( 'ldap_group_dn', '');
+ 		$t_ldap_group_member_field	= config_get( 'ldap_group_member_field', 'memberuid' ) ;
+ 		$t_search_attrs_group	  	= array( $t_ldap_group_member_field, 'dn' );
+ 		$t_search_filter_group	 	= "(&($t_ldap_group_member_field=$t_username))";
+ 
  		$t_ds            	= ldap_connect_bind();
  
  		# Search for the user id
***************
*** 153,160 ****
  
  				# Attempt to bind with the DN and password
  				if ( @ldap_bind( $t_ds, $t_dn, $p_password ) ) {
! 					$t_authenticated = true;
! 					break; # Don't need to go any further
  				}
  			}
  		}
--- 159,179 ----
  
  				# Attempt to bind with the DN and password
  				if ( @ldap_bind( $t_ds, $t_dn, $p_password ) ) {
! 					if ($t_ldap_group_dn != '') {
! 						# check for group mantis for this user
! 						$t_sr2	= ldap_read( $t_ds, $t_ldap_group_dn, $t_search_filter_group, $t_search_attrs_group);
! 						$t_info2	= ldap_get_entries( $t_ds, $t_sr2 );
! 						if ($t_info2[0]['memberuid']) {
! 							# We don't need check recived memberuid listi ($t_info2[0]['memberuid'])
! 							# becouse filter in ldap_read() guarantees (if $t_info2[0]['memberuid'] is not empty)
! 							# occurrence $t_username in this list
! 							$t_authenticated = true;
! 							break; # Don't need to go any further
! 						}
! 					} else {
! 						$t_authenticated = true;
! 						break; # Don't need to go any further
! 					}
  				}
  			}
  		}