Powered by MantisBT 2.27.0-dev-master-449ddbf76
Copyright © 2000 - 2024 MantisBT Team
Contact administrator for assistance
Copyright © 2000 - 2024 MantisBT Team
Contact administrator for assistance
Page execution time: 0.0961 seconds
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0009232 | mantisbt | ldap | public | 2008-06-06 02:43 | 2014-11-09 05:57 |
| Reporter | legolas558 | Assigned To | |||
| Priority | normal | Severity | feature | Reproducibility | N/A |
| Status | new | Resolution | open | ||
| Platform | Any | OS | Any | OS Version | Any |
| Product Version | 1.0.8 | ||||
| Summary | 0009232: Role field for LDAP authentication | ||||
| Description | It should be possible to allow LDAP authentication only when a specific string is present in a specific field of the user LDAP entry. See attached patch. My implementation is similar to mod_authz_ldap's one. | ||||
| Tags | patch | ||||
| Attached Files | mantis-patch-role.diff (1,655 bytes)
--- mantis-orig/core/config_defaults_inc.php 2008-06-05 17:18:24.000000000 -0700
+++ mantis-orig/core/config_defaults_inc.php 2008-06-05 17:19:16.000000000 -0700
@@ -798,6 +798,8 @@
$g_ldap_organization = ''; # e.g. '(organizationname=*Traffic)'
$g_ldap_uid_field = 'uid'; # Use 'sAMAccountName' for Active Directory
$g_ldap_bind_dn = '';
+ $g_ldap_role_field = '';
+ $g_ldap_role = '';
$g_ldap_bind_passwd = '';
$g_use_ldap_email = OFF; # Should we send to the LDAP email address or what MySql tells us
--- mantis-orig/core/ldap_api.php 2008-06-05 17:20:59.000000000 -0700
+++ mantis/core/ldap_api.php 2008-06-05 17:16:05.000000000 -0700
@@ -114,7 +114,11 @@
$t_username = user_get_field( $p_user_id, 'username' );
$t_ldap_uid_field = config_get( 'ldap_uid_field', 'uid' ) ;
- $t_search_filter = "(&$t_ldap_organization($t_ldap_uid_field=$t_username))";
+ $t_ldap_role_field = config_get( 'ldap_role_field', '' ) ;
+ $t_ldap_role = config_get( 'ldap_role', '' ) ;
+ $t_search_filter = "(&$t_ldap_organization($t_ldap_uid_field=$t_username)";
+ if ($t_ldap_role_field !== '')
+ $t_search_filter .= "($t_ldap_role_field=*$t_ldap_role*)";
$t_search_filter .= ")";
$t_search_attrs = array( $t_ldap_uid_field, 'dn' );
$t_ds = ldap_connect_bind();
| ||||