Updated groups check
Groups check now uses membership attribute on user object directly
This commit is contained in:
parent
2ec10b908e
commit
9932e85775
17
plugin.php
17
plugin.php
@ -148,20 +148,15 @@ function ldapauth_is_valid_user( $value ) {
|
|||||||
// are we checking group auth?
|
// are we checking group auth?
|
||||||
if (defined('LDAPAUTH_GROUP_ATTR') && defined('LDAPAUTH_GROUP_REQ')) {
|
if (defined('LDAPAUTH_GROUP_ATTR') && defined('LDAPAUTH_GROUP_REQ')) {
|
||||||
|
|
||||||
$in_group = false;
|
if (!array_key_exists(LDAPAUTH_GROUP_ATTR, $searchResult[0])) die('Not in any LDAP groups');
|
||||||
$bind = ldap_bind($ldapConnection, LDAPAUTH_SEARCH_USER, LDAPAUTH_SEARCH_PASS);
|
|
||||||
|
|
||||||
|
$in_group = false;
|
||||||
$groups_to_check = explode(";", strtolower(LDAPAUTH_GROUP_REQ)); // This is now an array
|
$groups_to_check = explode(";", strtolower(LDAPAUTH_GROUP_REQ)); // This is now an array
|
||||||
foreach($groups_to_check as $group){
|
|
||||||
$searchGroup = ldap_search($ldapConnection, $group, LDAPAUTH_GROUP_ATTR . "=" . $_REQUEST['username']);
|
foreach($searchResult[0][LDAPAUTH_GROUP_ATTR] as $grps) {
|
||||||
$searchG = ldap_get_entries($ldapConnection,$searchGroup);
|
if (in_array(strtolower($grps), $groups_to_check)) { $in_group = true; break; }
|
||||||
if ( LDAPAUTH_GROUP_SCOP == 'base'){
|
|
||||||
if ($searchG[0]['dn'] == $group) $in_group = true;
|
|
||||||
}
|
|
||||||
else{
|
|
||||||
if ($searchG[0]['dn']) $in_group = true;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!$in_group) die('Not in admin group');
|
if (!$in_group) die('Not in admin group');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user