[sork] passwd patch...
Amith Varghese
amith at xalan.com
Tue Jan 14 14:27:01 PST 2003
Here's a small patch that I promised earlier that allows people who use LDAP
with passwd to use an optional binddn when binding to the LDAP tree. This
prevents having to bind to the tree as anonymous (which some people, including
me disallow). This functionality was there before but I've converted it to use
hooks. Let me know if there are any questions.
Thanks
Amith-------------- next part --------------
Index: passwd/config/conf.xml
===================================================================
RCS file: /repository/passwd/config/conf.xml,v
retrieving revision 1.4
diff -u -r1.4 conf.xml
--- passwd/config/conf.xml 20 Nov 2002 13:28:26 -0000 1.4
+++ passwd/config/conf.xml 14 Jan 2003 18:33:05 -0000
@@ -70,6 +70,7 @@
<configsection name="hooks">
<configboolean name="username" desc="Use a custom hook to translate the username for the backend">false</configboolean>
<configboolean name="default_username" desc="Use a custom hook for determining the default username">false</configboolean>
+ <configboolean name="userdn" desc="If we are using the LDAP driver, use a custom hook to provide a userdn for binding, instead of binding anonymously">false</configboolean>
</configsection>
</configuration>
Index: passwd/lib/Driver/ldap.php
===================================================================
RCS file: /repository/passwd/lib/Driver/ldap.php,v
retrieving revision 1.15
diff -u -r1.15 ldap.php
--- passwd/lib/Driver/ldap.php 12 Jan 2003 02:06:32 -0000 1.15
+++ passwd/lib/Driver/ldap.php 14 Jan 2003 18:33:05 -0000
@@ -33,7 +33,6 @@
$this->_params['uid'] = array_key_exists('uid', $params) ? $params['uid'] : 'uid';
$this->_params['basedn'] = array_key_exists('basedn', $params) ? $params['basedn'] : '';
$this->_params['realm'] = array_key_exists('realm', $params) ? $params['realm'] : '';
- $this->_params['userdn'] = array_key_exists('userdn', $params) ? $params['userdn'] : null;
}
/**
@@ -116,9 +115,13 @@
* @return boolean True or false based on success of the change.
*/
function change_password($username, $oldPassword, $newPassword) {
- // get the user's dn
- if (!is_null($this->_params['userdn'])) {
- $userdn = $this->_params['userdn'];
+ global $conf;
+
+ if ($conf['hooks']['userdn']) {
+ include_once HORDE_BASE . '/config/hooks.php';
+ if (function_exists('_passwd_hook_userdn')) {
+ $userdn = call_user_func('_passwd_hook_userdn',Auth::getAuth());
+ }
} else {
$userdn = $this->_lookupdn($username);
if (is_a($userdn, 'PEAR_Error')) {
Index: config/hooks.php.dist
===================================================================
RCS file: /repository/horde/config/hooks.php.dist,v
retrieving revision 1.27
diff -u -r1.27 hooks.php.dist
--- config/hooks.php.dist 6 Jan 2003 09:35:46 -0000 1.27
+++ config/hooks.php.dist 14 Jan 2003 18:35:45 -0000
@@ -329,3 +329,13 @@
return $userid;
}
}
+
+// Here is an example _passwd_hook_userdn function that you can use to provide
+// your ldap server with a userdn so that you do not have to perform anonymous
+// binds. The function takes Auth::getAuth() as a parameter
+if (!function_exists('_passwd_hook_userdn')) {
+ function _passwd_hook_userdn($auth)
+ {
+ return 'uid=' . $auth . ',o=example.com';
+ }
+}
Index: passwd/config/backends.php.dist
===================================================================
RCS file: /repository/passwd/config/backends.php.dist,v
retrieving revision 1.14
diff -u -r1.14 backends.php.dist
--- passwd/config/backends.php.dist 19 Dec 2002 21:05:52 -0000 1.14
+++ passwd/config/backends.php.dist 14 Jan 2003 18:47:26 -0000
@@ -113,7 +113,6 @@
'uid' => 'uid',
'realm' => '', // this will be appended to the username when
// looking for the userdn.
-// 'userdn' => 'uid=' . Auth::getAuth() . ',o=example.com',
'encryption' => 'crypt'
)
);
More information about the sork
mailing list