From: hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>
Date: Wed, 31 Oct 2007 09:15:33 +0000 (+0000)
Subject: Made auth_mail a boolean value.
X-Git-Url: https://git.tokkee.org/?a=commitdiff_plain;h=99804a3a530a241361cd8c07050ff470a6517299;p=gosa.git

Made auth_mail a boolean value.
If true allow login with mail too


git-svn-id: https://oss.gonicus.de/repositories/gosa/branches/2.5@7695 594d385d-05f5-0310-b6e9-bd551577e9d8
---

diff --git a/FAQ b/FAQ
index a6332bb5d..082db56ad 100644
--- a/FAQ
+++ b/FAQ
@@ -417,13 +417,7 @@ Q: Is it possible to login with the users mail address too?
 
 A: Yes, just add the following line to your gosa.conf:
    <location ...
-	login_attribute="mail"
-   ...>
-
-	or for both, uid and mail:
-
-   <location ...
-	login_attribute="uid,mail"
+	auth_mail="true"
    ...>
 
 
diff --git a/contrib/gosa.conf b/contrib/gosa.conf
index 33212f59a..7f96d76f7 100644
--- a/contrib/gosa.conf
+++ b/contrib/gosa.conf
@@ -452,10 +452,10 @@
 			groups="{$cv.groupou}"
 			gidbase="{$cv.uidbase}"
 			uidbase="{$cv.uidbase}"
-{if $cv.optional.login_attribute}
-			login_attribute="{$cv.optional.login_attribute}"
+{if $cv.optional.auth_mail}
+			auth_mail="true"
 {else}
-			login_attribute="uid"
+			auth_mail="false"
 {/if}
 {if $cv.optional.strict_units}
 			strict_units="true"
diff --git a/include/functions.inc b/include/functions.inc
index 0de2bcfc1..cc724f8a6 100644
--- a/include/functions.inc
+++ b/include/functions.inc
@@ -311,28 +311,19 @@ function ldap_login_user ($username, $password)
     echo "<body>".$_SESSION['errors']."</body></html>";
     exit();
   }
-  $ldap->cd($config->current['BASE']);
-  $allowed_attributes = array("uid","mail");
-  $verify_attr = array();
-  if(isset($config->current['LOGIN_ATTRIBUTE'])){
-    $tmp = split(",",$config->current['LOGIN_ATTRIBUTE']); 
-    foreach($tmp as $attr){
-      if(in_array($attr,$allowed_attributes)){
-        $verify_attr[] = $attr;
-      }
-    }
-  }
-  if(count($verify_attr) == 0){
-    $verify_attr = array("uid");
+
+  /* Check if mail address is also a valid auth name */
+  $auth_mail = FALSE;
+  if(isset($config->current['AUTH_MAIL']) && preg_match("/true/",$config->current['AUTH_MAIL'])){
+    $auth_mail = TRUE;
   }
-  $tmp= $verify_attr;
-  $tmp[] = "uid";
-  $filter = "";
-  foreach($verify_attr as $attr) {
-    $filter.= "(".$attr."=".$username.")";
+
+  $ldap->cd($config->current['BASE']);
+  if(!$auth_mail){
+    $ldap->search("(&(uid=$username)(objectClass=gosaAccount))", array("uid"));
+  }else{
+    $ldap->search("(&(|(uid=".$username.")(mail=".$username."))(objectClass=gosaAccount))", array("uid","mail"));
   }
-  $filter = "(&(|".$filter.")(objectClass=gosaAccount))";
-  $ldap->search($filter,$tmp);
 
   /* get results, only a count of 1 is valid */
   switch ($ldap->count()){
@@ -352,14 +343,14 @@ function ldap_login_user ($username, $password)
 
   /* LDAP schema is not case sensitive. Perform additional check. */
   $attrs= $ldap->fetch();
-  $success = FALSE;
-  foreach($verify_attr as $attr){
-    if ($attrs[$attr][0] == $username){
-      $success = TRUE;
+  if($auth_mail){
+    if ($attrs['uid'][0] != $username && $attrs['mail'][0] != $username){
+      return(NULL);
+    }
+  }else{
+    if ($attrs['uid'][0] != $username){
+      return(NULL);
     }
-  }
-  if(!$success){
-    return(FALSE);
   }
 
   /* got user dn, fill acl's */
diff --git a/setup/class_setupStep_Config3.inc b/setup/class_setupStep_Config3.inc
index cc2307b5c..13415175b 100644
--- a/setup/class_setupStep_Config3.inc
+++ b/setup/class_setupStep_Config3.inc
@@ -26,11 +26,8 @@ class Step_Config3 extends setup_step
 
   var $errorlvl   = TRUE;
 
-  var $login_attributes = array("uid"       => "uid", 
-                                "mail"      => "mail",
-                                "uid,mail"  => "both");
   var $optional = array(
-              "login_attribute" => "uid",
+              "auth_mail" => "false",
               "strict_units" => false,
               "list_summary" => false,
               "forceglobals" => true,
@@ -87,7 +84,6 @@ class Step_Config3 extends setup_step
     foreach($this->attributes as $attr){
       $smarty->assign($attr,$this->$attr);
     }
-    $smarty->assign("login_attributes",$this->login_attributes);
     return($smarty -> fetch (get_template_path("../setup/setup_config3.tpl")));
   }
 
@@ -103,7 +99,7 @@ class Step_Config3 extends setup_step
         }
       }
       
-      foreach(array("login_attribute","list_summary","strict_units","noprimarygroup","forceglobals","forcessl","ldapstats","warnssl","snmpcommunity","compile","debuglevel","session_lifetime") as $name){
+      foreach(array("auth_mail","list_summary","strict_units","noprimarygroup","forceglobals","forcessl","ldapstats","warnssl","snmpcommunity","compile","debuglevel","session_lifetime") as $name){
         if(isset($_POST[$name])){
           $this->optional[$name] = get_post($name);
         }
diff --git a/setup/setup_config3.tpl b/setup/setup_config3.tpl
index 1db42f49e..6a65f7a08 100644
--- a/setup/setup_config3.tpl
+++ b/setup/setup_config3.tpl
@@ -165,11 +165,11 @@
     <p><b>{t}Login and session{/t}</b></p>
     <div class='step4_container'>
         <div class='step4_name'>
-            {t}Login attribute{/t}
+            {t}Allow login with users mail address{/t}
         </div>
         <div class='step4_value'>
-            <select name="login_attribute" size="1" title="">
-            	{html_options options=$login_attributes selected=$optional.login_attribute}
+            <select name="auth_mail" size="1" title="">
+            	{html_options options=$bool selected=$optional.auth_mail}
             </select>
         </div>
     </div>