* Also check for $server != '' in stats.php3. Bug noted by Ulrich Walcher <uwalcher@bcore.de>
* Consider the account locked either if Dialup-Access == FALSE or if it is not set at all
* Calculate weekly used time correctly (from Sunday 00:00:00)
+* Allow for defining the ldap_filter used when searching for a user. The filter supports dynamic variables
+ like %u (username) and %U (username provided though http auth)
Ver 1.62:
* Remove one sql query from user_admin which was not needed.
* Instead of a query like "LIKE 'YYYY-MM-DD%'" use "AcctStopTime >= 'YYYY-MM-DD 00:00:00 AND AcctStopTime
# Uncomment to enable ldap debug
#
#ldap_debug: true
+#
+# Allow for defining the ldap filter used when searching for a user
+# Variables supported:
+# %u: username
+# %U: username provided though http authentication
+#
+# One use of this would be to restrict access to only the user's belonging to
+# a specific administrator like this:
+# ldap_filter: (&(uid=%u)(manager=uid=%U,ou=admins,o=company,c=com))
+#
+#ldap_filter: (uid=%u)
#
}
if ($regular_profile_attr != ''){
$get_attrs = array("$regular_profile_attr");
+ if ($config[ldap_filter] != '')
+ $filter = ldap_xlat($config[ldap_filter],$login,$config);
+ else
+ $filter = 'uid=' . $login;
if ($config[ldap_debug] == 'true')
- print "<b>DEBUG(LDAP): Search Query: BASE='$config[ldap_base]',FILTER='uid=$login'</b><br>\n";
- $sr=@ldap_search($ds,"$config[ldap_base]","uid=" . $login,$get_attrs);
+ print "<b>DEBUG(LDAP): Search Query: BASE='$config[ldap_base]',FILTER='$filter'</b><br>\n";
+ $sr=@ldap_search($ds,"$config[ldap_base]",$filter,$get_attrs);
if ($info = @ldap_get_entries($ds,$sr)){
for($i=0;$i<$info[0][$regular_profile_attr]["count"];$i++){
$dn2 = $info[0][$regular_profile_attr][$i];
if ($ds)
@ldap_close($ds);
}
+function ldap_xlat($filter,$login,$config)
+{
+ $string = $filter;
+ if ($filter != ''){
+ $string = preg_replace('/%u/',$login,$string);
+ $string = preg_replace('/%U/',$HTTP_SERVER_VARS["PHP_AUTH_USER"],$string);
+ }
+
+ return $string;
+}
?>
$ds=@ldap_connect("$config[ldap_server]"); // must be a valid ldap server!
if ($ds) {
$r=@da_ldap_bind($ds,$config);
+ if ($config[ldap_filter] != '')
+ $filter = ldap_xlat($config[ldap_filter],$login,$config);
+ else
+ $filter = 'uid=' . $login;
if ($config[ldap_debug] == 'true')
- print "<b>DEBUG(LDAP): Search Query: BASE='$config[ldap_base]',FILTER='uid=$login'</b><br>\n";
- $sr=@ldap_search($ds,"$config[ldap_base]", 'uid=' . $login);
+ print "<b>DEBUG(LDAP): Search Query: BASE='$config[ldap_base]',FILTER='$filter'</b><br>\n";
+ $sr=@ldap_search($ds,"$config[ldap_base]", $filter);
$info = @ldap_get_entries($ds, $sr);
$dn = $info[0]['dn'];
if ($dn == '')