id);
} else {
// email check failed or is disabled - register new FUDforum user.
$uent = new fud_user_reg;
$uent->users_opt = -1;
$uent->login = $login;
$uent->plaintext_passwd = $password;
$uent->email = $login .'@'. $ini['LDAP_HOST'];
$uent->add_user();
}
}
$usr_d = db_sab('SELECT id, passwd, salt FROM '. $GLOBALS['DBHOST_TBL_PREFIX'] .'users WHERE login='. _esc($login));
if ( !((empty($usr_d->salt) && $usr_d->passwd == md5($password)) || $usr_d->passwd == sha1($usr_d->salt . sha1($password)))) {
// Sync password
$salt = substr(md5(uniqid(mt_rand(), true)), 0, 9);
$sec_pass = sha1($salt . sha1($password));
q('UPDATE '. $GLOBALS['DBHOST_TBL_PREFIX'] .'users SET passwd='. _esc($sec_pass) .', salt='. _esc($salt) .' WHERE id='. $usr_d->id);
}
// Sync user details, if enabled
if (!empty($ini['LDAP_EMAIL'])) {
q('UPDATE '. $GLOBALS['DBHOST_TBL_PREFIX'] .'users SET email='. _esc($info[0][ $ini['LDAP_EMAIL'] ][0]) .' WHERE login='. _esc($login));
}
if (!empty($ini['LDAP_NAME'])) {
q('UPDATE '. $GLOBALS['DBHOST_TBL_PREFIX'] .'users SET name='. _esc($info[0][ $ini['LDAP_NAME'] ][0]) .' WHERE login='. _esc($login));
}
if (!empty($ini['LDAP_ALIAS'])) {
q('UPDATE '. $GLOBALS['DBHOST_TBL_PREFIX'] .'users SET alias='. _esc($info[0][ $ini['LDAP_ALIAS'] ][0]) .' WHERE login='. _esc($login));
}
return 1; // Allow access.
} else {
return 0; // Deny access.
}
ldap_close($connection);
}
function ldap_info() {
return array('name' => 'LDAP Authentication',
'desc' => 'Authenticate forum users from an LDAP server. You probably want to disable "Allow Registration" and "Allow Password Resets" from the Global Settings Manager after enabling this plugin.
',
'cat' => 'Authentication',
'version' => '1.3-modified');
}
function ldap_enable() {
if (!extension_loaded('ldap')) {
return array(null, 'You PHP installation doesn\'t support LDAP.'); // OK, Err.
}
return; // Good to go.
}
function ldap_config() {
if((@include $GLOBALS['PLUGIN_PATH'] .'ldap/ldap.ini') === false) {
$ini = NULL;
}
if (isset($_POST['Set'])) {
foreach (array_keys($_POST) as $key) {
if (substr($key,0,5) == 'LDAP_') {
$ini[$key] = $_POST[$key];
}
}
// Array key from ldap_get_entries() must be lowercase.
$ini['LDAP_UID'] = strtolower($ini['LDAP_UID']);
$fp = fopen($GLOBALS['PLUGIN_PATH'] .'ldap/ldap.ini', 'w');
fwrite($fp, '');
fclose($fp);
pf(successify('Settings successfully saved.'));
}
?>
LDAP server URL:
(use ldap://<servername>:<port>/ for normal LDAP, or ldaps://<servername>:<port>/ for LDAP over SSL)
Enable TLS (Transport Layer Security) mode:
(do not enable this if using LDAP over SSL)
Is the LDAP server case insensitive (like Active Directory):
Proxy user (if required to bind via proxy):
Proxy password (if required to bind via proxy):
Look for usernames in namespace:
Property to query:
LDAP Attribute for forum user alias:
(leave blank if not required)
LDAP Attribute for forum user real name:
(leave blank if not required)
LDAP Attribute for forum user email address:
(leave blank to use <login>@<ldap-server-name> as forum user email address)
Check for existing user with this email address: