summaryrefslogtreecommitdiff
path: root/plugins/ldap_authentication
diff options
context:
space:
mode:
authorAleksander Machniak (Kolab Systems) <machniak@kolabsys.com>2011-08-18 08:19:58 (GMT)
committerAleksander Machniak (Kolab Systems) <machniak@kolabsys.com>2011-08-18 08:19:58 (GMT)
commit4d22d4d71e3937c4d3415ba4d84863f7c88a09d9 (patch)
tree74de6dcb4f3873e1a11395ba8a252933617bbedc /plugins/ldap_authentication
parent82d66f730a40acb2c0664df10aba030cf0769cd6 (diff)
downloadroundcubemail-plugins-kolab-4d22d4d71e3937c4d3415ba4d84863f7c88a09d9.tar.gz
Added plugin which implements possibility to login using uid or local email part
or full email address (#337)
Diffstat (limited to 'plugins/ldap_authentication')
-rw-r--r--plugins/ldap_authentication/config.inc.php.dist18
-rw-r--r--plugins/ldap_authentication/ldap_authentication.php140
2 files changed, 158 insertions, 0 deletions
diff --git a/plugins/ldap_authentication/config.inc.php.dist b/plugins/ldap_authentication/config.inc.php.dist
new file mode 100644
index 0000000..ca74520
--- /dev/null
+++ b/plugins/ldap_authentication/config.inc.php.dist
@@ -0,0 +1,18 @@
+<?php
+
+// The id of the LDAP address book (which refers to the $rcmail_config['ldap_public'])
+// or complete addressbook definition array.
+$rcmail_config['ldap_authentication_addressbook'] = '';
+
+// This will overwrite defined filter
+$rcmail_config['ldap_authentication_filter'] = '(&(objectClass=kolabInetOrgPerson)(|(uid=%u)(mail=%fu)(alias=%fu)))';
+
+// Use this fields (from fieldmap configuration) to get authentication ID
+$rcmail_config['ldap_authentication_login'] = 'email';
+
+// Use this fields (from fieldmap configuration) for default identity
+$rcmail_config['ldap_authentication_name'] = 'name';
+$rcmail_config['ldap_authentication_alias'] = 'alias';
+$rcmail_config['ldap_authentication_email'] = 'email';
+
+?>
diff --git a/plugins/ldap_authentication/ldap_authentication.php b/plugins/ldap_authentication/ldap_authentication.php
new file mode 100644
index 0000000..d491a8c
--- /dev/null
+++ b/plugins/ldap_authentication/ldap_authentication.php
@@ -0,0 +1,140 @@
+<?php
+
+/**
+ * LDAP Authentication
+ *
+ * Authenticate on LDAP server, finds canonized authentication ID for IMAP
+ * and for new users create identity based on LDAP information.
+ *
+ * @version 0.1
+ * @author Aleksander Machniak <machniak@kolabsys.com>
+ *
+ * Copyright (C) 2011, Kolab Systems AG
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+class ldap_authentication extends rcube_plugin
+{
+ public $task = 'login';
+
+ private $ldap;
+ private $data = array();
+
+ function init()
+ {
+ $this->add_hook('authenticate', array($this, 'authenticate'));
+ $this->add_hook('user_create', array($this, 'user_create'));
+ }
+
+ function user_create($args)
+ {
+ if (!empty($this->data['user_email']))
+ $args['user_email'] = $this->data['user_email'];
+ if (!empty($this->data['user_name']))
+ $args['user_name'] = $this->data['user_name'];
+ if (!empty($this->data['user_alias']))
+ $args['user_alias'] = $this->data['user_alias'];
+
+ return $args;
+ }
+
+ function authenticate($args)
+ {
+ if ($this->init_ldap()) {
+ $rcmail = rcmail::get_instance();
+ $filter = $rcmail->config->get('ldap_authentication_filter');
+ $domain = $rcmail->config->get('username_domain');
+
+ // get username and host
+ $user = $args['user'];
+ $host = rcube_parse_host($args['host']);
+
+ if (!empty($domain) && strpos($user, '@') === false) {
+ if (is_array($domain) && isset($domain[$args['host']]))
+ $user .= '@'.rcube_parse_host($domain[$host], $host);
+ else if (is_string($domain))
+ $user .= '@'.rcube_parse_host($domain, $host);
+ }
+
+ // replace variables in filter
+ list($u, $d) = explode('@', $user);
+ $dc = 'dc='.strtr($d, array('.' => ',dc=')); // hierarchal domain string
+ $replaces = array('%dc' => $dc, '%d' => $d, '%fu' => $user, '%u' => $u);
+
+ $filter = strtr($filter, $replaces);
+
+ // get record
+ $this->ldap->set_filter($filter);
+ $results = $this->ldap->list_records();
+
+ if (count($results->records) == 1) {
+ $record = $results->records[0];
+
+ $login_attr = $rcmail->config->get('ldap_authentication_login');
+ $alias_attr = $rcmail->config->get('ldap_authentication_alias');
+ $name_attr = $rcmail->config->get('ldap_authentication_name');
+
+ if ($login_attr)
+ $this->data['user_login'] = is_array($record[$login_attr]) ? $record[$login_attr][0] : $record[$login_attr];
+ if ($alias_attr)
+ $this->data['user_alias'] = is_array($record[$alias_attr]) ? $record[$alias_attr][0] : $record[$alias_attr];
+ if ($name_attr)
+ $this->data['user_name'] = is_array($record[$name_attr]) ? $record[$name_attr][0] : $record[$name_attr];
+
+ if ($this->data['user_login'])
+ $args['user'] = $this->data['user_login'];
+ }
+ }
+
+ return $args;
+ }
+
+ private function init_ldap()
+ {
+ if ($this->ldap)
+ return $this->ldap->ready;
+
+ $this->load_config();
+ $rcmail = rcmail::get_instance();
+
+ $addressbook = $rcmail->config->get('ldap_authentication_addressbook');
+
+ if (!is_array($addressbook)) {
+ $ldap_config = (array)$rcmail->config->get('ldap_public');
+ $addressbook = $ldap_config[$addressbook];
+ }
+
+ if (empty($addressbook)) {
+ return false;
+ }
+
+ $this->ldap = new ldap_authentication_ldap_backend(
+ $addressbook,
+ $rcmail->config->get('ldap_debug'),
+ $rcmail->config->mail_domain($_SESSION['imap_host'])
+ );
+
+ return $this->ldap->ready;
+ }
+}
+
+class ldap_authentication_ldap_backend extends rcube_ldap
+{
+ function set_filter($filter)
+ {
+ if ($filter)
+ $this->prop['filter'] = $filter;
+ }
+}