[ Index ]

PHP Cross Reference of DokuWiki




/lib/plugins/authad/ -> auth.php (summary)

(no description)

File Size: 804 lines (28 kb)
Included or required:0 times
Referenced: 0 times
Includes or requires: 0 files

Defines 1 class

auth_plugin_authad:: (20 methods):

Class: auth_plugin_authad  - X-Ref

Active Directory authentication backend for DokuWiki

This makes authentication with a Active Directory server much easier
than when using the normal LDAP backend by utilizing the adLDAP library

Set DokuWiki's local.protected.php auth setting to read

$conf['authtype']       = 'authad';

$conf['plugin']['authad']['account_suffix']     = '@my.domain.org';
$conf['plugin']['authad']['base_dn']            = 'DC=my,DC=domain,DC=org';
$conf['plugin']['authad']['domain_controllers'] = 'srv1.domain.org,srv2.domain.org';

$conf['plugin']['authad']['sso']                = 1;
$conf['plugin']['authad']['admin_username']     = 'root';
$conf['plugin']['authad']['admin_password']     = 'pass';
$conf['plugin']['authad']['real_primarygroup']  = 1;
$conf['plugin']['authad']['use_ssl']            = 1;
$conf['plugin']['authad']['use_tls']            = 1;
$conf['plugin']['authad']['debug']              = 1;
// warn user about expiring password this many days in advance:
$conf['plugin']['authad']['expirywarn']         = 5;

// get additional information to the userinfo array
// add a list of comma separated ldap contact fields.
$conf['plugin']['authad']['additional'] = 'field1,field2';

__construct()   X-Ref

canDo($cap)   X-Ref
Load domain config on capability check

return: bool
param: string $cap

checkPass($user, $pass)   X-Ref
Check user+password [required auth function]

Checks if the given user exists and the given
plaintext password is correct by trying to bind
to the LDAP server

return: bool
author: James Van Lommel <james@nosq.com>
param: string $user
param: string $pass

getUserData($user, $requireGroups = true)   X-Ref
Return user info [required auth function]

Returns info about the given user needs to contain
at least these fields:

name    string  full name of the user
mail    string  email address of the user
grps    array   list of groups the user is in

This AD specific function returns the following
addional fields:

dn         string    distinguished name (DN)
uid        string    samaccountname
lastpwd    int       timestamp of the date when the password was set
expires    true      if the password expires
expiresin  int       seconds until the password expires
any fields specified in the 'additional' config option

return: array|false
author: James Van Lommel <james@nosq.com>
param: string $user
param: bool $requireGroups (optional) - ignored, groups are always supplied by this plugin

cleanGroup($group)   X-Ref
Make AD group names usable by DokuWiki.

Removes backslashes ('\'), pound signs ('#'), and converts spaces to underscores.

return: string
author: James Van Lommel (jamesvl@gmail.com)
param: string $group

cleanUser($user)   X-Ref
Sanitize user names

Normalizes domain parts, does not modify the user name itself (unlike cleanGroup)

return: string
author: Andreas Gohr <gohr@cosmocode.de>
param: string $user

isCaseSensitive()   X-Ref
Most values in LDAP are case-insensitive

return: bool

constructSearchString($filter)   X-Ref
Create a Search-String useable by adLDAPUsers::all($includeDescription = false, $search = "*", $sorted = true)

return: string
param: array $filter

getUserCount($filter = [])   X-Ref
Return a count of the number of user which meet $filter criteria

return: int number of users
param: array $filter  $filter array of field/pattern pairs, empty array for no filter

filterToString($filter)   X-Ref
create a unique string for each filter used with a group

return: string
param: array $filter

fillGroupUserArray($filter, $numberOfAdds)   X-Ref
Create an array of $numberOfAdds users passing a certain $filter, including belonging
to a certain group and save them to a object-wide array. If the array
already exists try to add $numberOfAdds further users to it.

return: int number of Users actually add to Array
param: array $filter
param: int $numberOfAdds additional number of users requested

retrieveUsers($start = 0, $limit = 0, $filter = [])   X-Ref
Bulk retrieval of user data

return: array userinfo (refer getUserData for internal userinfo details)
author: Dominik Eckelmann <dokuwiki@cosmocode.de>
param: int $start index of first user to be returned
param: int $limit max number of users to be returned
param: array $filter array of field/pattern pairs, null for no filter

modifyUser($user, $changes)   X-Ref
Modify user data

return: bool
param: string $user      nick of the user to be changed
param: array  $changes   array of field/value pairs to be changed

initAdLdap($domain)   X-Ref
Initialize the AdLDAP library and connect to the server

When you pass null as domain, it will reuse any existing domain.
Eg. the one of the logged in user. It falls back to the default
domain if no current one is available.

return: adLDAP|bool true if a connection was established
param: string|null $domain The AD domain to use

getUserDomain($user)   X-Ref
Get the domain part from a user

return: string
param: string $user

getUserName($user)   X-Ref
Get the user part from a user

When an account suffix is set, we strip the domain part from the user

return: string
param: string $user

loadServerConfig($domain)   X-Ref
Fetch the configuration for the given AD domain

return: array
param: string $domain current AD domain

getConfiguredDomains()   X-Ref
Returns a list of configured domains

The default domain has an empty string as key

return: array associative array(key => domain)

filter($user, $info)   X-Ref
Check provided user and userinfo for matching patterns

The patterns are set up with $this->_constructPattern()

return: bool
author: Chris Smith <chris@jalakai.co.uk>
param: string $user
param: array  $info

constructPattern($filter)   X-Ref
Create a pattern for $this->_filter()

author: Chris Smith <chris@jalakai.co.uk>
param: array $filter