Allow for defining the ldap_filter used when searching for a user. The filter support...

like %u (username) and %U (username provided though http auth)

diff --git a/dialup_admin/Changelog b/dialup_admin/Changelog
index 98dcb70..937c89a 100644 (file)
--- a/dialup_admin/Changelog
+++ b/dialup_admin/Changelog
@@ -42,6 +42,8 @@ Ver 1.63:
 * Also check for $server != '' in stats.php3. Bug noted by Ulrich Walcher <uwalcher@bcore.de>
 * Consider the account locked either if Dialup-Access == FALSE or if it is not set at all
 * Calculate weekly used time correctly (from Sunday 00:00:00)
+* Allow for defining the ldap_filter used when searching for a user. The filter supports dynamic variables
+  like %u (username) and %U (username provided though http auth)
 Ver 1.62:
 * Remove one sql query from user_admin which was not needed.
 * Instead of a query like "LIKE 'YYYY-MM-DD%'" use "AcctStopTime >= 'YYYY-MM-DD 00:00:00 AND AcctStopTime

diff --git a/dialup_admin/conf/admin.conf b/dialup_admin/conf/admin.conf
index 22da124..73708f0 100644 (file)
--- a/dialup_admin/conf/admin.conf
+++ b/dialup_admin/conf/admin.conf
@@ -167,6 +167,17 @@ ldap_regular_profile_attr: dialupregularprofile
 # Uncomment to enable ldap debug
 #
 #ldap_debug: true
+#
+# Allow for defining the ldap filter used when searching for a user
+# Variables supported:
+# %u: username
+# %U: username provided though http authentication
+#
+# One use of this would be to restrict access to only the user's belonging to
+# a specific administrator like this:
+# ldap_filter: (&(uid=%u)(manager=uid=%U,ou=admins,o=company,c=com))
+#
+#ldap_filter: (uid=%u)
 
 
 #

diff --git a/dialup_admin/lib/ldap/defaults.php3 b/dialup_admin/lib/ldap/defaults.php3
index 0005cb1..3583098 100644 (file)
--- a/dialup_admin/lib/ldap/defaults.php3
+++ b/dialup_admin/lib/ldap/defaults.php3
@@ -27,9 +27,13 @@ if ($config[ldap_default_dn] != ''){
                }
                if ($regular_profile_attr != ''){
                        $get_attrs = array("$regular_profile_attr");
+                       if ($config[ldap_filter] != '')
+                               $filter = ldap_xlat($config[ldap_filter],$login,$config);
+                       else
+                               $filter = 'uid=' . $login;
                        if ($config[ldap_debug] == 'true')
-                               print "<b>DEBUG(LDAP): Search Query: BASE='$config[ldap_base]',FILTER='uid=$login'</b><br>\n";
-                       $sr=@ldap_search($ds,"$config[ldap_base]","uid=" . $login,$get_attrs);
+                               print "<b>DEBUG(LDAP): Search Query: BASE='$config[ldap_base]',FILTER='$filter'</b><br>\n";
+                       $sr=@ldap_search($ds,"$config[ldap_base]",$filter,$get_attrs);
                        if ($info = @ldap_get_entries($ds,$sr)){
                                for($i=0;$i<$info[0][$regular_profile_attr]["count"];$i++){
                                        $dn2 = $info[0][$regular_profile_attr][$i];

diff --git a/dialup_admin/lib/ldap/functions.php3 b/dialup_admin/lib/ldap/functions.php3
index 01f568b..60e82f2 100644 (file)
--- a/dialup_admin/lib/ldap/functions.php3
+++ b/dialup_admin/lib/ldap/functions.php3
@@ -67,4 +67,14 @@ function closedb($ds,$config)
        if ($ds)
                @ldap_close($ds);
 }
+function ldap_xlat($filter,$login,$config)
+{
+       $string = $filter;
+       if ($filter != ''){
+               $string = preg_replace('/%u/',$login,$string);
+               $string = preg_replace('/%U/',$HTTP_SERVER_VARS["PHP_AUTH_USER"],$string);
+       }
+
+       return $string;
+}
 ?>

diff --git a/dialup_admin/lib/ldap/user_info.php3 b/dialup_admin/lib/ldap/user_info.php3
index e704bc0..33fe3fb 100644 (file)
--- a/dialup_admin/lib/ldap/user_info.php3
+++ b/dialup_admin/lib/ldap/user_info.php3
@@ -30,9 +30,13 @@ if ($config[general_decode_normal_attributes] == 'yes')
 $ds=@ldap_connect("$config[ldap_server]");  // must be a valid ldap server!
 if ($ds) {
        $r=@da_ldap_bind($ds,$config);
+       if ($config[ldap_filter] != '')
+               $filter = ldap_xlat($config[ldap_filter],$login,$config);
+       else
+               $filter = 'uid=' . $login;
        if ($config[ldap_debug] == 'true')
-               print "<b>DEBUG(LDAP): Search Query: BASE='$config[ldap_base]',FILTER='uid=$login'</b><br>\n";
-       $sr=@ldap_search($ds,"$config[ldap_base]", 'uid=' . $login);
+               print "<b>DEBUG(LDAP): Search Query: BASE='$config[ldap_base]',FILTER='$filter'</b><br>\n";
+       $sr=@ldap_search($ds,"$config[ldap_base]", $filter);
        $info = @ldap_get_entries($ds, $sr);
        $dn = $info[0]['dn'];
        if ($dn == '')