mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-29 10:12:41 +01:00
Add active-directory domain-based ldap authentication support
Summary: Add active-directory domain-based ldap authentication support Test Plan: Tested on a live install against Active Directory on a Windows Server Reviewers: epriestley CC: aran, epriestley Maniphest Tasks: T1496 Differential Revision: https://secure.phabricator.com/D2966
This commit is contained in:
parent
241c810916
commit
226cf288e9
2 changed files with 16 additions and 4 deletions
|
@ -604,6 +604,10 @@ return array(
|
||||||
// the array will be joined
|
// the array will be joined
|
||||||
'ldap.real_name_attributes' => array(),
|
'ldap.real_name_attributes' => array(),
|
||||||
|
|
||||||
|
// A domain name to use when authenticating against Active Directory
|
||||||
|
// (e.g. 'example.com')
|
||||||
|
'ldap.activedirectory_domain' => '',
|
||||||
|
|
||||||
// The LDAP version
|
// The LDAP version
|
||||||
'ldap.version' => 3,
|
'ldap.version' => 3,
|
||||||
|
|
||||||
|
|
|
@ -111,10 +111,17 @@ final class PhabricatorLDAPProvider {
|
||||||
throw new Exception('Username and/or password can not be empty');
|
throw new Exception('Username and/or password can not be empty');
|
||||||
}
|
}
|
||||||
|
|
||||||
$result = ldap_bind($this->getConnection(),
|
$activeDirectoryDomain =
|
||||||
$this->getSearchAttribute() . '=' . $username . ',' .
|
PhabricatorEnv::getEnvConfig('ldap.activedirectory_domain');
|
||||||
$this->getBaseDN(),
|
|
||||||
$password);
|
if ($activeDirectoryDomain) {
|
||||||
|
$dn = $username . '@' . $activeDirectoryDomain;
|
||||||
|
} else {
|
||||||
|
$dn = $this->getSearchAttribute() . '=' . $username . ',' .
|
||||||
|
$this->getBaseDN();
|
||||||
|
}
|
||||||
|
|
||||||
|
$result = ldap_bind($this->getConnection(), $dn, $password);
|
||||||
|
|
||||||
if (!$result) {
|
if (!$result) {
|
||||||
throw new Exception('Bad username/password.');
|
throw new Exception('Bad username/password.');
|
||||||
|
@ -176,6 +183,7 @@ final class PhabricatorLDAPProvider {
|
||||||
for($i = 0; $i < $entries['count']; $i++) {
|
for($i = 0; $i < $entries['count']; $i++) {
|
||||||
$row = array();
|
$row = array();
|
||||||
$entry = $entries[$i];
|
$entry = $entries[$i];
|
||||||
|
|
||||||
// Get username, email and realname
|
// Get username, email and realname
|
||||||
$username = $entry[$this->getSearchAttribute()][0];
|
$username = $entry[$this->getSearchAttribute()][0];
|
||||||
if(empty($username)) {
|
if(empty($username)) {
|
||||||
|
|
Loading…
Reference in a new issue