View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0009232 | mantisbt | ldap | public | 2008-06-06 02:43 | 2014-11-09 05:57 |
Reporter | legolas558 | Assigned To | |||
Priority | normal | Severity | feature | Reproducibility | N/A |
Status | new | Resolution | open | ||
Platform | Any | OS | Any | OS Version | Any |
Product Version | 1.0.8 | ||||
Summary | 0009232: Role field for LDAP authentication | ||||
Description | It should be possible to allow LDAP authentication only when a specific string is present in a specific field of the user LDAP entry. See attached patch. My implementation is similar to mod_authz_ldap's one. | ||||
Tags | patch | ||||
Attached Files | mantis-patch-role.diff (1,655 bytes)
--- mantis-orig/core/config_defaults_inc.php 2008-06-05 17:18:24.000000000 -0700 +++ mantis-orig/core/config_defaults_inc.php 2008-06-05 17:19:16.000000000 -0700 @@ -798,6 +798,8 @@ $g_ldap_organization = ''; # e.g. '(organizationname=*Traffic)' $g_ldap_uid_field = 'uid'; # Use 'sAMAccountName' for Active Directory $g_ldap_bind_dn = ''; + $g_ldap_role_field = ''; + $g_ldap_role = ''; $g_ldap_bind_passwd = ''; $g_use_ldap_email = OFF; # Should we send to the LDAP email address or what MySql tells us --- mantis-orig/core/ldap_api.php 2008-06-05 17:20:59.000000000 -0700 +++ mantis/core/ldap_api.php 2008-06-05 17:16:05.000000000 -0700 @@ -114,7 +114,11 @@ $t_username = user_get_field( $p_user_id, 'username' ); $t_ldap_uid_field = config_get( 'ldap_uid_field', 'uid' ) ; - $t_search_filter = "(&$t_ldap_organization($t_ldap_uid_field=$t_username))"; + $t_ldap_role_field = config_get( 'ldap_role_field', '' ) ; + $t_ldap_role = config_get( 'ldap_role', '' ) ; + $t_search_filter = "(&$t_ldap_organization($t_ldap_uid_field=$t_username)"; + if ($t_ldap_role_field !== '') + $t_search_filter .= "($t_ldap_role_field=*$t_ldap_role*)"; $t_search_filter .= ")"; $t_search_attrs = array( $t_ldap_uid_field, 'dn' ); $t_ds = ldap_connect_bind(); | ||||