diff --git a/config/defaults.inc.php b/config/defaults.inc.php index df8b612ea..eceae4465 100644 --- a/config/defaults.inc.php +++ b/config/defaults.inc.php @@ -798,6 +798,10 @@ $config['ldap_public']['Verisign'] = array( // DN and password to bind as before searching for bind DN, if anonymous search is not allowed 'search_bind_dn' => '', 'search_bind_pw' => '', + // Base DN and filter used for resolving the user's domain root DN which feeds the %dc variables + // Leave empty to skip this lookup and derive the root DN from the username domain + 'domain_base_dn' => '', + 'domain_filter' => '', // Optional map of replacement strings => attributes used when binding for an individual address book 'search_bind_attrib' => array(), // e.g. array('%udc' => 'ou') // Default for %dn variable if search doesn't return DN value diff --git a/program/lib/Roundcube/rcube_ldap.php b/program/lib/Roundcube/rcube_ldap.php index f492111cc..dc7b3c0f3 100644 --- a/program/lib/Roundcube/rcube_ldap.php +++ b/program/lib/Roundcube/rcube_ldap.php @@ -283,13 +283,22 @@ class rcube_ldap extends rcube_addressbook } // Get the pieces needed for variable replacement. - if ($fu = $rcube->get_user_email()) + if ($fu = $rcube->get_user_email()) { list($u, $d) = explode('@', $fu); - else + } + else { $d = $this->mail_domain; + } $dc = 'dc='.strtr($d, array('.' => ',dc=')); // hierarchal domain string + // resolve $dc through LDAP + if (!empty($this->prop['domain_filter']) && !empty($this->prop['search_bind_dn']) && + method_exists($this->ldap, 'domain_root_dn')) { + $this->ldap->bind($this->prop['search_bind_dn'], $this->prop['search_bind_pw']); + $dc = $this->ldap->domain_root_dn($d); + } + $replaces = array('%dn' => '', '%dc' => $dc, '%d' => $d, '%fu' => $fu, '%u' => $u); // Search for the dn to use to authenticate