[pmwiki-users] YALP (Yet Another LDAP Patch)
Thomas -Balu- Walter
list+pmwiki-users at b-a-l-u.de
Tue Aug 22 09:00:14 CDT 2006
Hi once more,
I've just figured out that you can not have a filter option in your
ldap://-URL which is needed here on campus.
We have an attribute called "eduPersonScopedAffiliation" (yes, I love
those big names :) that specifies if the person is a student, an
employee, etc and it's department.
So I thought I'd fix this:
Index: scripts/authuser.php
===================================================================
--- scripts/authuser.php (revision 1507)
+++ scripts/authuser.php (working copy)
@@ -110,7 +110,7 @@
if (!preg_match('!(ldaps?://[^/]+)/(.+)$!', $ldap, $match))
continue;
list($z, $url, $path) = $match;
- list($basedn, $attr, $sub) = explode('?', $path);
+ list($basedn, $attr, $sub, $filter) = explode('?', $path);
if (!$attr) $attr = 'uid';
if (!$sub) $sub = 'one';
$binddn = @$AuthLDAPBindDN;
@@ -119,7 +119,7 @@
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
if (ldap_bind($ds, $binddn, $bindpw)) {
$fn = ($sub == 'sub') ? 'ldap_search' : 'ldap_list';
- $sr = $fn($ds, $basedn, "($attr=$id)", array($attr));
+ $sr = $fn($ds, $basedn, "(& ($attr=$id) $filter)", array($attr));
$x = ldap_get_entries($ds, $sr);
if ($x['count'] == 1) {
$dn = $x[0]['dn'];
Now you can specify a filter as the last attribute:
ldap://ldap.example.com/ou=people,o=example?uid?sub?(eduPersonScopedAffiliation=*@it.example)
If you don't - everything should work as normal: $filter get's NULL then and
the final query is done with "(& (uid=balu) )" which is a working filter
option.
Ba-LDAPmaster-lu
More information about the pmwiki-users
mailing list