View Issue Details

WikiJump to Notes
IDProjectCategoryView StatusDate SubmittedLast Update
0009232mantisbtldappublic2008-06-06 02:432014-11-09 05:57
Reporterlegolas558 Assigned To 
PrioritynormalSeverityfeatureReproducibilityN/A
Status newResolutionopen 
PlatformAnyOSAnyOS VersionAny
Product Version1.0.8 
Summary0009232: Role field for LDAP authentication
Description

It should be possible to allow LDAP authentication only when a specific string is present in a specific field of the user LDAP entry.

See attached patch.

My implementation is similar to mod_authz_ldap's one.

Tagspatch
Attached Files
mantis-patch-role.diff (1,655 bytes)    
--- mantis-orig/core/config_defaults_inc.php    2008-06-05 17:18:24.000000000 -0700
+++ mantis-orig/core/config_defaults_inc.php    2008-06-05 17:19:16.000000000 -0700
@@ -798,6 +798,8 @@
        $g_ldap_organization    = '';    # e.g. '(organizationname=*Traffic)'
        $g_ldap_uid_field               = 'uid'; # Use 'sAMAccountName' for Active Directory
        $g_ldap_bind_dn                 = '';
+       $g_ldap_role_field              = '';
+       $g_ldap_role                    = '';
        $g_ldap_bind_passwd             = '';
        $g_use_ldap_email               = OFF; # Should we send to the LDAP email address or what MySql tells us

--- mantis-orig/core/ldap_api.php       2008-06-05 17:20:59.000000000 -0700
+++ mantis/core/ldap_api.php    2008-06-05 17:16:05.000000000 -0700
@@ -114,7 +114,11 @@

                $t_username             = user_get_field( $p_user_id, 'username' );
                $t_ldap_uid_field       = config_get( 'ldap_uid_field', 'uid' ) ;
-               $t_search_filter        = "(&$t_ldap_organization($t_ldap_uid_field=$t_username))";
+               $t_ldap_role_field      = config_get( 'ldap_role_field', '' ) ;
+               $t_ldap_role            = config_get( 'ldap_role', '' ) ;
+               $t_search_filter        = "(&$t_ldap_organization($t_ldap_uid_field=$t_username)";
+               if ($t_ldap_role_field !== '')
+                       $t_search_filter .= "($t_ldap_role_field=*$t_ldap_role*)";
                $t_search_filter .= ")";
                $t_search_attrs         = array( $t_ldap_uid_field, 'dn' );
                $t_ds                   = ldap_connect_bind();
mantis-patch-role.diff (1,655 bytes)   

Activities

legolas558

legolas558

2008-06-06 02:45

reporter   ~0018023

Last edited: 2008-06-06 02:45

This patch is related to patch 0009124
legolas558

legolas558

2014-11-09 05:57

reporter   ~0041817

6 years..I am no more using Mantis