Allow login with mail attribute too.

If configured by <location ... LOGIN_ATTRIBUTE='mail'

git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@7685 594d385d-05f5-0310-b6e9-bd551577e9d8

diff --git a/html/index.php b/html/index.php
index ddece7ad4db52876130fce1a2f78677e4dacfd09..50a3d45a29d5a386e5f97df5c115c5dedce3dc80 100644 (file)
--- a/html/index.php
+++ b/html/index.php
@@ -260,7 +260,7 @@ if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['login'])){
 
   /* Check for valid input */
   $username= $_POST["username"];
-  if (!ereg("^[A-Za-z0-9_.-]+$", $username)){
+  if (!ereg("^[@A-Za-z0-9_.-]+$", $username)){
     $message= _("Please specify a valid username!");
   } elseif (mb_strlen($_POST["password"], 'UTF-8') == 0){
     $message= _("Please specify your password!");

diff --git a/include/functions.inc b/include/functions.inc
index adf7cf60a41d858768e89f6787ccf9ade05909a0..1bbd8436bac78fa20c6a11b09f7daa25669e3ec8 100644 (file)
--- a/include/functions.inc
+++ b/include/functions.inc
@@ -306,7 +306,27 @@ function ldap_login_user ($username, $password)
     exit();
   }
   $ldap->cd($config->current['BASE']);
-  $ldap->search("(&(uid=$username)(objectClass=gosaAccount))", array("uid"));
+  $allowed_attributes = array("uid","mail");
+  $verify_attr = array();
+  if(isset($config->current['LOGIN_ATTRIBUTE'])){
+    $tmp = split(",",$config->current['LOGIN_ATTRIBUTE']); 
+    foreach($tmp as $attr){
+      if(in_array($attr,$allowed_attributes)){
+        $verify_attr[] = $attr;
+      }
+    }
+  }
+  if(count($verify_attr) == 0){
+    $verify_attr = array("uid");
+  }
+  $tmp= $verify_attr;
+  $tmp[] = "uid";
+  $filter = "";
+  foreach($verify_attr as $attr) {
+    $filter.= "(".$attr."=".$username.")";
+  }
+  $filter = "(&(|".$filter.")(objectClass=gosaAccount))";
+  $ldap->search($filter,$tmp);
 
   /* get results, only a count of 1 is valid */
   switch ($ldap->count()){
@@ -326,13 +346,19 @@ function ldap_login_user ($username, $password)
 
   /* LDAP schema is not case sensitive. Perform additional check. */
   $attrs= $ldap->fetch();
-  if ($attrs['uid'][0] != $username){
-    return(NULL);
+  $success = FALSE;
+  foreach($verify_attr as $attr){
+    if ($attrs[$attr][0] == $username){
+      $success = TRUE;
+    }
+  }
+  if(!$success){
+    return(FALSE);
   }
 
   /* got user dn, fill acl's */
   $ui= new userinfo($config, $ldap->getDN());
-  $ui->username= $username;
+  $ui->username= $attrs['uid'];
 
   /* password check, bind as user with supplied password  */
   $ldap->disconnect();