[ Index ]

PHP Cross Reference of DokuWiki

title

Body

[close]

/lib/plugins/authad/ -> auth.php (summary)

(no description)

File Size: 730 lines (25 kb)
Included or required:0 times
Referenced: 0 times
Includes or requires: 0 files

Defines 1 class

auth_plugin_authad:: (20 methods):
  __construct()
  canDo()
  checkPass()
  getUserData()
  cleanGroup()
  cleanUser()
  isCaseSensitive()
  _constructSearchString()
  getUserCount()
  _filterToString()
  _fillGroupUserArray()
  retrieveUsers()
  modifyUser()
  _adldap()
  _userDomain()
  _userName()
  _loadServerConfig()
  _getConfiguredDomains()
  _filter()
  _constructPattern()


Class: auth_plugin_authad  - X-Ref

Active Directory authentication backend for DokuWiki

This makes authentication with a Active Directory server much easier
than when using the normal LDAP backend by utilizing the adLDAP library

Usage:
Set DokuWiki's local.protected.php auth setting to read

$conf['authtype']       = 'authad';

$conf['plugin']['authad']['account_suffix']     = '@my.domain.org';
$conf['plugin']['authad']['base_dn']            = 'DC=my,DC=domain,DC=org';
$conf['plugin']['authad']['domain_controllers'] = 'srv1.domain.org,srv2.domain.org';

//optional:
$conf['plugin']['authad']['sso']                = 1;
$conf['plugin']['authad']['admin_username']     = 'root';
$conf['plugin']['authad']['admin_password']     = 'pass';
$conf['plugin']['authad']['real_primarygroup']  = 1;
$conf['plugin']['authad']['use_ssl']            = 1;
$conf['plugin']['authad']['use_tls']            = 1;
$conf['plugin']['authad']['debug']              = 1;
// warn user about expiring password this many days in advance:
$conf['plugin']['authad']['expirywarn']         = 5;

// get additional information to the userinfo array
// add a list of comma separated ldap contact fields.
$conf['plugin']['authad']['additional'] = 'field1,field2';

__construct()   X-Ref
Constructor


canDo($cap)   X-Ref
Load domain config on capability check

return: bool
param: string $cap

checkPass($user, $pass)   X-Ref
Check user+password [required auth function]

Checks if the given user exists and the given
plaintext password is correct by trying to bind
to the LDAP server

return: bool
param: string $user
param: string $pass
author: James Van Lommel <james@nosq.com>

getUserData($user, $requireGroups=true)   X-Ref
Return user info [required auth function]

Returns info about the given user needs to contain
at least these fields:

name    string  full name of the user
mail    string  email address of the user
grps    array   list of groups the user is in

This AD specific function returns the following
addional fields:

dn         string    distinguished name (DN)
uid        string    samaccountname
lastpwd    int       timestamp of the date when the password was set
expires    true      if the password expires
expiresin  int       seconds until the password expires
any fields specified in the 'additional' config option

return: array
param: string $user
param: bool $requireGroups (optional) - ignored, groups are always supplied by this plugin
author: James Van Lommel <james@nosq.com>

cleanGroup($group)   X-Ref
Make AD group names usable by DokuWiki.

Removes backslashes ('\'), pound signs ('#'), and converts spaces to underscores.

return: string
param: string $group
author: James Van Lommel (jamesvl@gmail.com)

cleanUser($user)   X-Ref
Sanitize user names

Normalizes domain parts, does not modify the user name itself (unlike cleanGroup)

return: string
param: string $user
author: Andreas Gohr <gohr@cosmocode.de>

isCaseSensitive()   X-Ref
Most values in LDAP are case-insensitive

return: bool

_constructSearchString($filter)   X-Ref
Create a Search-String useable by adLDAPUsers::all($includeDescription = false, $search = "*", $sorted = true)

return: string
param: array $filter

getUserCount($filter = array()   X-Ref
Return a count of the number of user which meet $filter criteria

return: int number of users
param: array $filter  $filter array of field/pattern pairs, empty array for no filter

_filterToString($filter)   X-Ref
create a unique string for each filter used with a group

return: string
param: array $filter

_fillGroupUserArray($filter, $numberOfAdds)   X-Ref
Create an array of $numberOfAdds users passing a certain $filter, including belonging
to a certain group and save them to a object-wide array. If the array
already exists try to add $numberOfAdds further users to it.

return: int number of Users actually add to Array
param: array $filter
param: int $numberOfAdds additional number of users requested

retrieveUsers($start = 0, $limit = 0, $filter = array()   X-Ref
Bulk retrieval of user data

return: array userinfo (refer getUserData for internal userinfo details)
param: int $start index of first user to be returned
param: int $limit max number of users to be returned
param: array $filter array of field/pattern pairs, null for no filter
author: Dominik Eckelmann <dokuwiki@cosmocode.de>

modifyUser($user, $changes)   X-Ref
Modify user data

return: bool
param: string $user      nick of the user to be changed
param: array  $changes   array of field/value pairs to be changed

_adldap($domain)   X-Ref
Initialize the AdLDAP library and connect to the server

When you pass null as domain, it will reuse any existing domain.
Eg. the one of the logged in user. It falls back to the default
domain if no current one is available.

return: adLDAP|bool true if a connection was established
param: string|null $domain The AD domain to use

_userDomain($user)   X-Ref
Get the domain part from a user

return: string
param: string $user

_userName($user)   X-Ref
Get the user part from a user

return: string
param: string $user

_loadServerConfig($domain)   X-Ref
Fetch the configuration for the given AD domain

return: array
param: string $domain current AD domain

_getConfiguredDomains()   X-Ref
Returns a list of configured domains

The default domain has an empty string as key

return: array associative array(key => domain)

_filter($user, $info)   X-Ref
Check provided user and userinfo for matching patterns

The patterns are set up with $this->_constructPattern()

return: bool
param: string $user
param: array  $info
author: Chris Smith <chris@jalakai.co.uk>

_constructPattern($filter)   X-Ref
Create a pattern for $this->_filter()

param: array $filter
author: Chris Smith <chris@jalakai.co.uk>