Add active-directory domain-based ldap authentication support

Summary: Add active-directory domain-based ldap authentication support

Test Plan: Tested on a live install against Active Directory on a Windows Server

Reviewers: epriestley

CC: aran, epriestley

Maniphest Tasks: T1496

Differential Revision: https://secure.phabricator.com/D2966

conf/default.conf.php

@@ -604,6 +604,10 @@ return array(
   // the array will be joined
   'ldap.real_name_attributes' => array(),
 
+  // A domain name to use when authenticating against Active Directory
+  // (e.g. 'example.com')
+  'ldap.activedirectory_domain' => '',
+
   // The LDAP version
   'ldap.version' => 3,
 

src/applications/auth/ldap/PhabricatorLDAPProvider.php

@@ -111,10 +111,17 @@ final class PhabricatorLDAPProvider {
       throw new Exception('Username and/or password can not be empty');
     }
 
-    $result = ldap_bind($this->getConnection(),
+    $activeDirectoryDomain =
-              $this->getSearchAttribute() . '=' . $username . ',' .
+      PhabricatorEnv::getEnvConfig('ldap.activedirectory_domain');
-              $this->getBaseDN(),
+
-              $password);
+    if ($activeDirectoryDomain) {
+      $dn = $username . '@' . $activeDirectoryDomain;
+    } else {
+      $dn = $this->getSearchAttribute() . '=' . $username . ',' .
+            $this->getBaseDN();
+    }
+
+    $result = ldap_bind($this->getConnection(), $dn, $password);
 
     if (!$result) {
       throw new Exception('Bad username/password.');
@@ -176,6 +183,7 @@ final class PhabricatorLDAPProvider {
     for($i = 0; $i < $entries['count']; $i++) {
       $row = array();
       $entry = $entries[$i];
+
       // Get username, email and realname 
       $username = $entry[$this->getSearchAttribute()][0];
       if(empty($username)) {