From 99804a3a530a241361cd8c07050ff470a6517299 Mon Sep 17 00:00:00 2001 From: hickert Date: Wed, 31 Oct 2007 09:15:33 +0000 Subject: [PATCH] Made auth_mail a boolean value. If true allow login with mail too git-svn-id: https://oss.gonicus.de/repositories/gosa/branches/2.5@7695 594d385d-05f5-0310-b6e9-bd551577e9d8 --- FAQ | 8 +----- contrib/gosa.conf | 6 ++--- include/functions.inc | 45 +++++++++++++------------------ setup/class_setupStep_Config3.inc | 8 ++---- setup/setup_config3.tpl | 6 ++--- 5 files changed, 27 insertions(+), 46 deletions(-) diff --git a/FAQ b/FAQ index a6332bb5d..082db56ad 100644 --- a/FAQ +++ b/FAQ @@ -417,13 +417,7 @@ Q: Is it possible to login with the users mail address too? A: Yes, just add the following line to your gosa.conf: - - or for both, uid and mail: - - diff --git a/contrib/gosa.conf b/contrib/gosa.conf index 33212f59a..7f96d76f7 100644 --- a/contrib/gosa.conf +++ b/contrib/gosa.conf @@ -452,10 +452,10 @@ groups="{$cv.groupou}" gidbase="{$cv.uidbase}" uidbase="{$cv.uidbase}" -{if $cv.optional.login_attribute} - login_attribute="{$cv.optional.login_attribute}" +{if $cv.optional.auth_mail} + auth_mail="true" {else} - login_attribute="uid" + auth_mail="false" {/if} {if $cv.optional.strict_units} strict_units="true" diff --git a/include/functions.inc b/include/functions.inc index 0de2bcfc1..cc724f8a6 100644 --- a/include/functions.inc +++ b/include/functions.inc @@ -311,28 +311,19 @@ function ldap_login_user ($username, $password) echo "".$_SESSION['errors'].""; exit(); } - $ldap->cd($config->current['BASE']); - $allowed_attributes = array("uid","mail"); - $verify_attr = array(); - if(isset($config->current['LOGIN_ATTRIBUTE'])){ - $tmp = split(",",$config->current['LOGIN_ATTRIBUTE']); - foreach($tmp as $attr){ - if(in_array($attr,$allowed_attributes)){ - $verify_attr[] = $attr; - } - } - } - if(count($verify_attr) == 0){ - $verify_attr = array("uid"); + + /* Check if mail address is also a valid auth name */ + $auth_mail = FALSE; + if(isset($config->current['AUTH_MAIL']) && preg_match("/true/",$config->current['AUTH_MAIL'])){ + $auth_mail = TRUE; } - $tmp= $verify_attr; - $tmp[] = "uid"; - $filter = ""; - foreach($verify_attr as $attr) { - $filter.= "(".$attr."=".$username.")"; + + $ldap->cd($config->current['BASE']); + if(!$auth_mail){ + $ldap->search("(&(uid=$username)(objectClass=gosaAccount))", array("uid")); + }else{ + $ldap->search("(&(|(uid=".$username.")(mail=".$username."))(objectClass=gosaAccount))", array("uid","mail")); } - $filter = "(&(|".$filter.")(objectClass=gosaAccount))"; - $ldap->search($filter,$tmp); /* get results, only a count of 1 is valid */ switch ($ldap->count()){ @@ -352,14 +343,14 @@ function ldap_login_user ($username, $password) /* LDAP schema is not case sensitive. Perform additional check. */ $attrs= $ldap->fetch(); - $success = FALSE; - foreach($verify_attr as $attr){ - if ($attrs[$attr][0] == $username){ - $success = TRUE; + if($auth_mail){ + if ($attrs['uid'][0] != $username && $attrs['mail'][0] != $username){ + return(NULL); + } + }else{ + if ($attrs['uid'][0] != $username){ + return(NULL); } - } - if(!$success){ - return(FALSE); } /* got user dn, fill acl's */ diff --git a/setup/class_setupStep_Config3.inc b/setup/class_setupStep_Config3.inc index cc2307b5c..13415175b 100644 --- a/setup/class_setupStep_Config3.inc +++ b/setup/class_setupStep_Config3.inc @@ -26,11 +26,8 @@ class Step_Config3 extends setup_step var $errorlvl = TRUE; - var $login_attributes = array("uid" => "uid", - "mail" => "mail", - "uid,mail" => "both"); var $optional = array( - "login_attribute" => "uid", + "auth_mail" => "false", "strict_units" => false, "list_summary" => false, "forceglobals" => true, @@ -87,7 +84,6 @@ class Step_Config3 extends setup_step foreach($this->attributes as $attr){ $smarty->assign($attr,$this->$attr); } - $smarty->assign("login_attributes",$this->login_attributes); return($smarty -> fetch (get_template_path("../setup/setup_config3.tpl"))); } @@ -103,7 +99,7 @@ class Step_Config3 extends setup_step } } - foreach(array("login_attribute","list_summary","strict_units","noprimarygroup","forceglobals","forcessl","ldapstats","warnssl","snmpcommunity","compile","debuglevel","session_lifetime") as $name){ + foreach(array("auth_mail","list_summary","strict_units","noprimarygroup","forceglobals","forcessl","ldapstats","warnssl","snmpcommunity","compile","debuglevel","session_lifetime") as $name){ if(isset($_POST[$name])){ $this->optional[$name] = get_post($name); } diff --git a/setup/setup_config3.tpl b/setup/setup_config3.tpl index 1db42f49e..6a65f7a08 100644 --- a/setup/setup_config3.tpl +++ b/setup/setup_config3.tpl @@ -165,11 +165,11 @@

{t}Login and session{/t}

- {t}Login attribute{/t} + {t}Allow login with users mail address{/t}
- + {html_options options=$bool selected=$optional.auth_mail}
-- 2.30.2