- bugfix: allow anonymous bind for search, then bind with users credentials.

- added explaination how to setup anonymous bind for search to template
- make usage of TLS configurable
This commit is contained in:
Markus Kalkbrenner 2011-11-17 11:16:56 +01:00 committed by Robin Appelman
parent 1c7ba0dd9e
commit 0155effdb7
3 changed files with 16 additions and 8 deletions

View File

@ -20,12 +20,16 @@
* License along with this library. If not, see <http://www.gnu.org/licenses/>. * License along with this library. If not, see <http://www.gnu.org/licenses/>.
* *
*/ */
$params = array('ldap_host', 'ldap_port', 'ldap_dn', 'ldap_password', 'ldap_base', 'ldap_filter'); $params = array('ldap_host', 'ldap_port', 'ldap_dn', 'ldap_password', 'ldap_base', 'ldap_filter', 'ldap_tls');
foreach($params as $param){ foreach($params as $param){
if(isset($_POST[$param])){ if(isset($_POST[$param])){
OC_Appconfig::setValue('user_ldap', $param, $_POST[$param]); OC_Appconfig::setValue('user_ldap', $param, $_POST[$param]);
} }
elseif('ldap_tls' == $param) {
// unchecked checkboxes are not included in the post paramters
OC_Appconfig::setValue('user_ldap', $param, 0);
}
} }
// fill template // fill template

View File

@ -4,9 +4,11 @@
<p><label for="ldap_host">Host<input type="text" id="ldap_host" name="ldap_host" value="<?php echo $_['ldap_host']; ?>"></label> <p><label for="ldap_host">Host<input type="text" id="ldap_host" name="ldap_host" value="<?php echo $_['ldap_host']; ?>"></label>
<label for="ldap_port">Port</label><input type="text" id="ldap_port" name="ldap_port" value="<?php echo $_['ldap_port']; ?>" /></p> <label for="ldap_port">Port</label><input type="text" id="ldap_port" name="ldap_port" value="<?php echo $_['ldap_port']; ?>" /></p>
<p><label for="ldap_dn">Name</label><input type="text" id="ldap_dn" name="ldap_dn" value="<?php echo $_['ldap_dn']; ?>" /> <p><label for="ldap_dn">Name</label><input type="text" id="ldap_dn" name="ldap_dn" value="<?php echo $_['ldap_dn']; ?>" />
<label for="ldap_password">Password</label><input type="password" id="ldap_password" name="ldap_password" value="<?php echo $_['ldap_password']; ?>" /></p> <label for="ldap_password">Password</label><input type="password" id="ldap_password" name="ldap_password" value="<?php echo $_['ldap_password']; ?>" />
Leave both empty for anonymous bind for search, then bind with users credentials.</p>
<p><label for="ldap_base">Base</label><input type="text" id="ldap_base" name="ldap_base" value="<?php echo $_['ldap_base']; ?>" /> <p><label for="ldap_base">Base</label><input type="text" id="ldap_base" name="ldap_base" value="<?php echo $_['ldap_base']; ?>" />
<label for="ldap_filter">Filter (use %uid placeholder)</label><input type="text" id="ldap_filter" name="ldap_filter" value="<?php echo $_['ldap_filter']; ?>" /></p> <label for="ldap_filter">Filter (use %uid placeholder)</label><input type="text" id="ldap_filter" name="ldap_filter" value="<?php echo $_['ldap_filter']; ?>" /></p>
<p><input type="checkbox" id="ldap_tls" name="ldap_tls" value="1"<?php if ($_['ldap_tls']) echo ' checked'; ?>><label for="ldap_tls"><?php echo $l->t('Use TLS');?></label></p>
<input type="submit" value="Save" /> <input type="submit" value="Save" />
</fieldset> </fieldset>
</form> </form>

View File

@ -33,6 +33,7 @@ class OC_USER_LDAP extends OC_User_Backend {
protected $ldap_password; protected $ldap_password;
protected $ldap_base; protected $ldap_base;
protected $ldap_filter; protected $ldap_filter;
protected $ldap_tls;
function __construct() { function __construct() {
$this->ldap_host = OC_Appconfig::getValue('user_ldap', 'ldap_host',''); $this->ldap_host = OC_Appconfig::getValue('user_ldap', 'ldap_host','');
@ -41,11 +42,11 @@ class OC_USER_LDAP extends OC_User_Backend {
$this->ldap_password = OC_Appconfig::getValue('user_ldap', 'ldap_password',''); $this->ldap_password = OC_Appconfig::getValue('user_ldap', 'ldap_password','');
$this->ldap_base = OC_Appconfig::getValue('user_ldap', 'ldap_base',''); $this->ldap_base = OC_Appconfig::getValue('user_ldap', 'ldap_base','');
$this->ldap_filter = OC_Appconfig::getValue('user_ldap', 'ldap_filter',''); $this->ldap_filter = OC_Appconfig::getValue('user_ldap', 'ldap_filter','');
$this->ldap_tls = OC_Appconfig::getValue('user_tls', 'ldap_tls', 0);
if( !empty($this->ldap_host) if( !empty($this->ldap_host)
&& !empty($this->ldap_port) && !empty($this->ldap_port)
&& !empty($this->ldap_dn) && ((!empty($this->ldap_dn) && !empty($this->ldap_password)) || (empty($this->ldap_dn) && empty($this->ldap_password)))
&& !empty($this->ldap_password)
&& !empty($this->ldap_base) && !empty($this->ldap_base)
&& !empty($this->ldap_filter) && !empty($this->ldap_filter)
) )
@ -63,9 +64,10 @@ class OC_USER_LDAP extends OC_User_Backend {
private function getDs() { private function getDs() {
if(!$this->ds) { if(!$this->ds) {
$this->ds = ldap_connect( $this->ldap_host, $this->ldap_port ); $this->ds = ldap_connect( $this->ldap_host, $this->ldap_port );
if(ldap_set_option($this->ds, LDAP_OPT_PROTOCOL_VERSION, 3)) if(ldap_set_option($this->ds, LDAP_OPT_PROTOCOL_VERSION, 3))
if(ldap_set_option($this->ds, LDAP_OPT_REFERRALS, 0)) if(ldap_set_option($this->ds, LDAP_OPT_REFERRALS, 0))
@ldap_start_tls($this->ds); if($this->ldap_tls)
ldap_start_tls($this->ds);
} }
// login // login