r96495 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r96494‎ \| r96495 \| r96496 >
Date:	21:02, 7 September 2011
Author:	laner
Status:	deferred
Tags:	ldap
Comment:	* Added new wgLDAPUseFetchedUsername option, which will use the attribute from wgLDAPSearchAttributes as the username, if set * Added support for authenticating with one username, but having a different wiki name (ie: login with uid, but have cn be the wiki name) * Added some debugging messages * Bumped version to 1.1f
Modified paths:	/trunk/extensions/LdapAuthentication/LdapAuthentication.php (modified) (history)

Diff [purge]

Index: trunk/extensions/LdapAuthentication/LdapAuthentication.php
—	—	@@ -87,8 +87,9 @@
88	88	$wgLDAPUniqueAttribute = array(); //Currently unused
89	89	$wgLDAPUniqueBlockLogin = array(); //Currently unused
90	90	$wgLDAPUniqueRenameUser = array(); //Currently unused
	91	+$wgLDAPUseFetchedUsername = array();
91	92
92		~~-define( "LDAPAUTHVERSION", "1.2e" );~~
	93	+define( "LDAPAUTHVERSION", "1.2f" );
93	94
94	95	/**
95	96	* Add extension information to Special:Version
—	—	@@ -305,7 +306,7 @@
306	307	global $wgLDAPLowerCaseUsername;
307	308	global $wgLDAPSearchStrings;
308	309
309		~~- $this->printDebug( "Entering authenticate", NONSENSITIVE );~~
	310	+ $this->printDebug( "Entering authenticate for username $username", NONSENSITIVE );
310	311
311	312	// We don't handle local authentication
312	313	if ( 'local' == $_SESSION['wsDomain'] ) {
—	—	@@ -959,16 +960,34 @@
960	961	* @access public
961	962	*/
962	963	function getCanonicalName( $username ) {
	964	+ global $wgLDAPUseFetchedUsername;
963	965	$this->printDebug( "Entering getCanonicalName", NONSENSITIVE );
964	966
965	967	if ( $username != '' ) {
966	968	$this->printDebug( "Username isn't empty.", NONSENSITIVE );
967	969
	970	+ # Fetch username, so that we can possibly use it.
	971	+ # Only do it if we haven't already fetched it.
	972	+ if ( !$this->userdn ) {
	973	+ $this->connect();
	974	+ if ( $this->ldapconn ) {
	975	+ $this->printDebug( "Successfully connected", NONSENSITIVE );
	976	+ $this->userdn = $this->getSearchString( $username );
	977	+ wfRunHooks( 'SetUsernameAttributeFromLDAP', array( &$this->LDAPUsername, $this->userInfo ) );
	978	+ } else {
	979	+ $this->printDebug( "Failed to connect in getCanonicalName, this is non-critical, but may indicate a misconfiguration.", NONSENSITIVE );
	980	+ }
	981	+ }
	982	+
968	983	// We want to use the username returned by LDAP
969	984	// if it exists
970	985	if ( $this->LDAPUsername != '' ) {
971		~~- $this->printDebug( "Using LDAPUsername.", NONSENSITIVE );~~
972	986	$username = $this->LDAPUsername;
	987	+ if ( isset( $wgLDAPUseFetchedUsername[$_SESSION['wsDomain']] ) && $wgLDAPUseFetchedUsername[$_SESSION['wsDomain']] ) {
	988	+ $username[0] = strtoupper( $username[0] );
	989	+ return $username;
	990	+ }
	991	+ $this->printDebug( "Using LDAPUsername: $username", NONSENSITIVE );
973	992	}
974	993
975	994	if ( isset( $_SESSION['wsDomain'] ) && 'local' != $_SESSION['wsDomain'] ) {
—	—	@@ -1086,6 +1105,12 @@
1087	1106
1088	1107	$this->userInfo = @ldap_get_entries( $this->ldapconn, $entry );
1089	1108	$this->fetchedUserInfo = true;
	1109	+ $searchattr = $wgLDAPSearchAttributes[$_SESSION['wsDomain']];
	1110	+ if ( isset( $this->userInfo[0][$searchattr] ) ) {
	1111	+ $username = $this->userInfo[0][$searchattr][0];
	1112	+ $this->printDebug( "Setting the LDAPUsername based on fetched wgLDAPSearchAttributes: $username", NONSENSITIVE );
	1113	+ $this->LDAPUsername = $username;
	1114	+ }
1090	1115
1091	1116	// This is a pretty useful thing to have for auto authentication,
1092	1117	// group checking, and pulling preferences.

Status & tagging log

19:17, 23 December 2011 Johnduhart (talk | contribs) changed the status of r96495 [removed: new added: deferred]
06:59, 23 December 2011 RobLa (talk | contribs) changed the tags for r96495 [added: ldap]