Update plugin.php

Adding again the validation that allow more than one admin group
This commit is contained in:
Henrique de Andrade 2016-11-18 15:55:56 -02:00 committed by GitHub
parent 1c92562cb8
commit 0950958232

View File

@ -149,19 +149,20 @@ function ldapauth_is_valid_user( $value ) {
if (defined('LDAPAUTH_GROUP_ATTR') && defined('LDAPAUTH_GROUP_REQ')) { if (defined('LDAPAUTH_GROUP_ATTR') && defined('LDAPAUTH_GROUP_REQ')) {
$in_group = false; $in_group = false;
$bind = ldap_bind($ldapConnection, LDAPAUTH_SEARCH_USER, LDAPAUTH_SEARCH_PASS); $bind = ldap_bind($ldapConnection, LDAPAUTH_SEARCH_USER, LDAPAUTH_SEARCH_PASS);
$searchGroup = ldap_search($ldapConnection, LDAPAUTH_GROUP_REQ, LDAPAUTH_GROUP_ATTR . "=" . $_REQUEST['username']); $groups_to_check = explode(";", strtolower(LDAPAUTH_GROUP_REQ)); // This is now an array
foreach($groups_to_check as $group){
$searchGroup = ldap_search($ldapConnection, $group, LDAPAUTH_GROUP_ATTR . "=" . $_REQUEST['username']);
$searchG = ldap_get_entries($ldapConnection,$searchGroup); $searchG = ldap_get_entries($ldapConnection,$searchGroup);
if ( LDAPAUTH_GROUP_SCOP == 'base'){
if ( LDAPAUTH_GROUP_SCOP == 'base'){ if ($searchG[0]['dn'] == $group) $in_group = true;
if ($searchG[0]['dn'] == LDAPAUTH_GROUP_REQ) $in_group = true;
} }
else{ else{
if ($searchG[0]['dn']) $in_group = true; if ($searchG[0]['dn']) $in_group = true;
} }
}
if (!$in_group) die('Not in admin group'); if (!$in_group) die('Not in admin group');
} }
// attribute index returned by ldap_get_entries is lowercased (http://php.net/manual/en/function.ldap-get-entries.php) // attribute index returned by ldap_get_entries is lowercased (http://php.net/manual/en/function.ldap-get-entries.php)