From b0ea24440f441c1f73b393e246f7d626557e403e Mon Sep 17 00:00:00 2001
From: Dave <davoaust88@gmail.com>
Date: Tue, 23 Jun 2015 13:17:25 +1000
Subject: [PATCH 1/2] Now handles multiple admin groups

Added in support for multiple admin groups using a ; delimited array in LDAPAUTH_GROUP_REQ
---
 plugin.php | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/plugin.php b/plugin.php
index 2756021..26285ba 100644
--- a/plugin.php
+++ b/plugin.php
@@ -80,10 +80,6 @@ function ldapauth_is_valid_user( $value ) {
 	} else if ( isset( $_REQUEST['username'] ) && isset( $_REQUEST['password'] )
 			&& !empty( $_REQUEST['username'] ) && !empty( $_REQUEST['password']  ) ) {
 
-
-
-
-
 		// try to authenticate
 		$ldapConnection = ldap_connect(LDAPAUTH_HOST, LDAPAUTH_PORT);
 		if (!$ldapConnection) die("Cannot connect to LDAP " . LDAPAUTH_HOST);
@@ -118,8 +114,10 @@ function ldapauth_is_valid_user( $value ) {
 				if (!array_key_exists(LDAPAUTH_GROUP_ATTR, $searchResult[0])) die('Not in any LDAP groups');
 				
 				$in_group = false;
+				$groups_to_check = explode(";", strtolower(LDAPAUTH_GROUP_REQ)); // This is now an array
+				
 				foreach($searchResult[0][LDAPAUTH_GROUP_ATTR] as $grps) {
-					if (strtolower($grps) == strtolower(LDAPAUTH_GROUP_REQ)) { $in_group = true; break;  }
+					if (in_array(strtolower($grps), $groups_to_check)) { $in_group = true; break;  }
 				}
 				
 				if (!$in_group) die('Not in admin group');
@@ -144,7 +142,7 @@ function ldapauth_is_valid_user( $value ) {
 	return $value;
 }
 
-function ldapauth_is_authorized_user( $username ) {
+function ldapauth_is_authorized_user( $username ) {	
 	// by default, anybody who can authenticate is also
 	// authorized as an administrator.
 	if ( LDAPAUTH_ALL_USERS_ADMIN ) {

From d1b6acd4648514e7cafaf6b78141ddfa1b6d3e14 Mon Sep 17 00:00:00 2001
From: Dave <davoaust88@gmail.com>
Date: Tue, 23 Jun 2015 13:18:15 +1000
Subject: [PATCH 2/2] Update README.md

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 73aed09..5a3ffd5 100644
--- a/README.md
+++ b/README.md
@@ -32,7 +32,7 @@ To use a privileged account for the user search:
 
 To check group membership before authenticating:
   * define( 'LDAPAUTH_GROUP_ATTR', 'memberof' ) // (optional) LDAP groups attr
-  * define( 'LDAPAUTH_GROUP_REQ', 'the-group') // (only if LDAPAUTH_GROUP_REQ set) Group user must be in
+  * define( 'LDAPAUTH_GROUP_REQ', 'the-group;another-admin-group') // (only if LDAPAUTH_GROUP_REQ set) Group/s user must be in. Allows multiple, semicolon delimited
 
 To automatically add LDAP users to config.php:
   * define( 'LDAPAUTH_ADD_NEW', true ) // (optional) Add LDAP users to config.php