- Add option do bind for an individual LDAP address book (#1486997)

14 years ago · 1148c6e936
parent 13ffa2810e
commit 1148c6e936
3 changed files with 36 additions and 8 deletions
--- a/1
+++ b/1
@ -9,6 +9,7 @@ CHANGELOG Roundcube Webmail
 - Fix HTML to plain text conversion doesn't handle citation blocks (#1486921)
 - Use custom sorting when SORT is disabled by IMAP admin (#1486959)
 - Allow setting some washtml options from plugin (#1486578)
+- Add option do bind for an individual LDAP address book (#1486997)

 RELEASE 0.4.1
 -------------
--- a/config/main.inc.php.dist
+++ b/config/main.inc.php.dist
@ -407,16 +407,22 @@ $rcmail_config['ldap_public']['Verisign'] = array(
  // For example %n = mail.domain.tld, %d = domain.tld
  'hosts'         => array('directory.verisign.com'),
  'port'          => 389,
-  'use_tls'	    => false,
+  'use_tls'	      => false,
  'user_specific' => false,   // If true the base_dn, bind_dn and bind_pass default to the user's IMAP login.
  // %fu - The full username provided, assumes the username is an email
  //       address, uses the username_domain value if not an email address.
  // %u  - The username prior to the '@'.
  // %d  - The domain name after the '@'.
  // %dc - The domain name hierarchal string e.g. "dc=test,dc=domain,dc=com"
+  // %dn - DN found by ldap search when search_filter/search_base_dn are used
  'base_dn'       => '',
  'bind_dn'       => '',
  'bind_pass'     => '',
+  // It's possible to bind for an individual address book
+  // The login name is used to search for the DN to bind with
+  'search_base_dn' => '',
+  'search_filter'  => '',   // e.g. '(&(objectClass=posixAccount)(uid=%u))'
+
  'writable'      => false,   // Indicates if we can write to the LDAP directory or not.
  // If writable is true then these fields need to be populated:
  // LDAP_Object_Classes, required_fields, LDAP_rdn
--- a/program/include/rcube_ldap.php
+++ b/program/include/rcube_ldap.php
@ -4,7 +4,7 @@
 | program/include/rcube_ldap.php                                        |
 |                                                                       |
 | This file is part of the Roundcube Webmail client                     |
- | Copyright (C) 2006-2009, Roundcube Dev. - Switzerland                 |
+ | Copyright (C) 2006-2010, Roundcube Dev. - Switzerland                 |
 | Licensed under the GNU GPL                                            |
 |                                                                       |
 | PURPOSE:                                                              |
@ -29,22 +29,22 @@ class rcube_ldap extends rcube_addressbook
  var $conn;
  var $prop = array();
  var $fieldmap = array();
-  
+
  var $filter = '';
  var $result = null;
  var $ldap_result = null;
  var $sort_col = '';
  var $mail_domain = '';
  var $debug = false;
-  
+
  /** public properties */
  var $primary_key = 'ID';
  var $readonly = true;
  var $list_page = 1;
  var $page_size = 10;
  var $ready = false;
-  
-  
+
+
  /**
   * Object constructor
   *
@ -90,7 +90,7 @@ class rcube_ldap extends rcube_addressbook

    if (is_resource($this->conn))
      return true;
-    
+
    if (!is_array($this->prop['hosts']))
      $this->prop['hosts'] = array($this->prop['hosts']);

@ -134,8 +134,29 @@ class rcube_ldap extends rcube_addressbook
        list($u, $d) = explode('@', $fu);
        $dc = 'dc='.strtr($d, array('.' => ',dc=')); // hierarchal domain string

-        // Replace the bind_dn and base_dn variables.
        $replaces = array('%dc' => $dc, '%d' => $d, '%fu' => $fu, '%u' => $u);
+
+        if ($this->prop['search_base_dn'] && $this->prop['search_filter']) {
+          // Search for the dn to use to authenticate
+          $this->prop['search_base_dn'] = strtr($this->prop['search_base_dn'], $replaces);
+          $this->prop['search_filter'] = strtr($this->prop['search_filter'], $replaces);
+
+          $this->_debug("S: searching with base {$this->prop['search_base_dn']} for {$this->prop['search_filter']}");
+
+          $res = ldap_search($this->conn, $this->prop['search_base_dn'], $this->prop['search_filter'], array('uid'));
+          if ($res && ($entry = ldap_first_entry($this->conn, $res))) {
+            $bind_dn = ldap_get_dn($this->conn, $entry);
+
+            $this->_debug("S: search returned dn: $bind_dn");
+
+            if ($bind_dn) {
+              $this->prop['bind_dn'] = $bind_dn;
+              $dn = ldap_explode_dn($bind_dn, 1);
+              $replaces['%dn'] = $dn[0];
+            }
+          }
+        }
+        // Replace the bind_dn and base_dn variables.
        $this->prop['bind_dn'] = strtr($this->prop['bind_dn'], $replaces);
        $this->prop['base_dn'] = strtr($this->prop['base_dn'], $replaces);
      }