From 0950958232ddf116f1cd075d066096bc86eb4c4a Mon Sep 17 00:00:00 2001 From: Henrique de Andrade Date: Fri, 18 Nov 2016 15:55:56 -0200 Subject: [PATCH] Update plugin.php Adding again the validation that allow more than one admin group --- plugin.php | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/plugin.php b/plugin.php index 1763b65..cee8e19 100644 --- a/plugin.php +++ b/plugin.php @@ -149,19 +149,20 @@ function ldapauth_is_valid_user( $value ) { if (defined('LDAPAUTH_GROUP_ATTR') && defined('LDAPAUTH_GROUP_REQ')) { $in_group = false; -$bind = ldap_bind($ldapConnection, LDAPAUTH_SEARCH_USER, LDAPAUTH_SEARCH_PASS); + $bind = ldap_bind($ldapConnection, LDAPAUTH_SEARCH_USER, LDAPAUTH_SEARCH_PASS); - $searchGroup = ldap_search($ldapConnection, LDAPAUTH_GROUP_REQ, LDAPAUTH_GROUP_ATTR . "=" . $_REQUEST['username']); - $searchG = ldap_get_entries($ldapConnection,$searchGroup); - -if ( LDAPAUTH_GROUP_SCOP == 'base'){ - if ($searchG[0]['dn'] == LDAPAUTH_GROUP_REQ) $in_group = true; - } -else{ - if ($searchG[0]['dn']) $in_group = true; - } - -if (!$in_group) die('Not in admin group'); + $groups_to_check = explode(";", strtolower(LDAPAUTH_GROUP_REQ)); // This is now an array + foreach($groups_to_check as $group){ + $searchGroup = ldap_search($ldapConnection, $group, LDAPAUTH_GROUP_ATTR . "=" . $_REQUEST['username']); + $searchG = ldap_get_entries($ldapConnection,$searchGroup); + if ( LDAPAUTH_GROUP_SCOP == 'base'){ + if ($searchG[0]['dn'] == $group) $in_group = true; + } + else{ + if ($searchG[0]['dn']) $in_group = true; + } + } + if (!$in_group) die('Not in admin group'); } // attribute index returned by ldap_get_entries is lowercased (http://php.net/manual/en/function.ldap-get-entries.php)