[ Index ]

PHP Cross Reference of DokuWiki

title

Body

[close]

/lib/plugins/authad/ -> auth.php (summary)

(no description)

File Size: 804 lines (28 kb)
Included or required:0 times
Referenced: 0 times
Includes or requires: 0 files

Defines 1 class

auth_plugin_authad:: (20 methods):
  __construct()
  canDo()
  checkPass()
  getUserData()
  cleanGroup()
  cleanUser()
  isCaseSensitive()
  constructSearchString()
  getUserCount()
  filterToString()
  fillGroupUserArray()
  retrieveUsers()
  modifyUser()
  initAdLdap()
  getUserDomain()
  getUserName()
  loadServerConfig()
  getConfiguredDomains()
  filter()
  constructPattern()


Class: auth_plugin_authad  - X-Ref

Active Directory authentication backend for DokuWiki

This makes authentication with a Active Directory server much easier
than when using the normal LDAP backend by utilizing the adLDAP library

Usage:
Set DokuWiki's local.protected.php auth setting to read

$conf['authtype']       = 'authad';

$conf['plugin']['authad']['account_suffix']     = '@my.domain.org';
$conf['plugin']['authad']['base_dn']            = 'DC=my,DC=domain,DC=org';
$conf['plugin']['authad']['domain_controllers'] = 'srv1.domain.org,srv2.domain.org';

//optional:
$conf['plugin']['authad']['sso']                = 1;
$conf['plugin']['authad']['admin_username']     = 'root';
$conf['plugin']['authad']['admin_password']     = 'pass';
$conf['plugin']['authad']['real_primarygroup']  = 1;
$conf['plugin']['authad']['use_ssl']            = 1;
$conf['plugin']['authad']['use_tls']            = 1;
$conf['plugin']['authad']['debug']              = 1;
// warn user about expiring password this many days in advance:
$conf['plugin']['authad']['expirywarn']         = 5;

// get additional information to the userinfo array
// add a list of comma separated ldap contact fields.
$conf['plugin']['authad']['additional'] = 'field1,field2';

__construct()   X-Ref
Constructor


canDo($cap)   X-Ref
Load domain config on capability check

param: string $cap
return: bool

checkPass($user, $pass)   X-Ref
Check user+password [required auth function]

Checks if the given user exists and the given
plaintext password is correct by trying to bind
to the LDAP server

author: James Van Lommel <james@nosq.com>
param: string $user
param: string $pass
return: bool

getUserData($user, $requireGroups = true)   X-Ref
Return user info [required auth function]

Returns info about the given user needs to contain
at least these fields:

name    string  full name of the user
mail    string  email address of the user
grps    array   list of groups the user is in

This AD specific function returns the following
addional fields:

dn         string    distinguished name (DN)
uid        string    samaccountname
lastpwd    int       timestamp of the date when the password was set
expires    true      if the password expires
expiresin  int       seconds until the password expires
any fields specified in the 'additional' config option

author: James Van Lommel <james@nosq.com>
param: string $user
param: bool $requireGroups (optional) - ignored, groups are always supplied by this plugin
return: array|false

cleanGroup($group)   X-Ref
Make AD group names usable by DokuWiki.

Removes backslashes ('\'), pound signs ('#'), and converts spaces to underscores.

author: James Van Lommel (jamesvl@gmail.com)
param: string $group
return: string

cleanUser($user)   X-Ref
Sanitize user names

Normalizes domain parts, does not modify the user name itself (unlike cleanGroup)

author: Andreas Gohr <gohr@cosmocode.de>
param: string $user
return: string

isCaseSensitive()   X-Ref
Most values in LDAP are case-insensitive

return: bool

constructSearchString($filter)   X-Ref
Create a Search-String useable by adLDAPUsers::all($includeDescription = false, $search = "*", $sorted = true)

param: array $filter
return: string

getUserCount($filter = [])   X-Ref
Return a count of the number of user which meet $filter criteria

param: array $filter  $filter array of field/pattern pairs, empty array for no filter
return: int number of users

filterToString($filter)   X-Ref
create a unique string for each filter used with a group

param: array $filter
return: string

fillGroupUserArray($filter, $numberOfAdds)   X-Ref
Create an array of $numberOfAdds users passing a certain $filter, including belonging
to a certain group and save them to a object-wide array. If the array
already exists try to add $numberOfAdds further users to it.

param: array $filter
param: int $numberOfAdds additional number of users requested
return: int number of Users actually add to Array

retrieveUsers($start = 0, $limit = 0, $filter = [])   X-Ref
Bulk retrieval of user data

author: Dominik Eckelmann <dokuwiki@cosmocode.de>
param: int $start index of first user to be returned
param: int $limit max number of users to be returned
param: array $filter array of field/pattern pairs, null for no filter
return: array userinfo (refer getUserData for internal userinfo details)

modifyUser($user, $changes)   X-Ref
Modify user data

param: string $user      nick of the user to be changed
param: array  $changes   array of field/value pairs to be changed
return: bool

initAdLdap($domain)   X-Ref
Initialize the AdLDAP library and connect to the server

When you pass null as domain, it will reuse any existing domain.
Eg. the one of the logged in user. It falls back to the default
domain if no current one is available.

param: string|null $domain The AD domain to use
return: adLDAP|bool true if a connection was established

getUserDomain($user)   X-Ref
Get the domain part from a user

param: string $user
return: string

getUserName($user)   X-Ref
Get the user part from a user

When an account suffix is set, we strip the domain part from the user

param: string $user
return: string

loadServerConfig($domain)   X-Ref
Fetch the configuration for the given AD domain

param: string $domain current AD domain
return: array

getConfiguredDomains()   X-Ref
Returns a list of configured domains

The default domain has an empty string as key

return: array associative array(key => domain)

filter($user, $info)   X-Ref
Check provided user and userinfo for matching patterns

The patterns are set up with $this->_constructPattern()

author: Chris Smith <chris@jalakai.co.uk>
param: string $user
param: array  $info
return: bool

constructPattern($filter)   X-Ref
Create a pattern for $this->_filter()

author: Chris Smith <chris@jalakai.co.uk>
param: array $filter