[PATCH] change_password add LDAP user_dn_mapping_string

Hi,

I have attached a patch for the change_user plugin to enable a user name
to be mapped to a DN using a format string.
This is useful for LDAP servers where anonymous searching is disabled.

Example config option:
$cpw_ldap['user_dn_mapping']='uid=%s,ou=people,dc=example,dc=com';


--
Craig Shelley

[user_dn_mapping.diff]

---

Index: backend/ldap.php
===================================================================
--- backend/ldap.php (revision 13483)
+++ backend/ldap.php (working copy)
@@ -126,6 +126,17 @@
 global $cpw_ldap_default_crypto;
 $cpw_ldap_default_crypto='';
 
+/**
+ * user dn mapping string
+ * If set to empty string, a search is performed in order to find the user's dn
+ * otherwise the dn is generated from this format string. %s should be used
+ * to indicate the place where to insert the user id
+ * eg $cpw_ldap_user_dn_mapping='uid=%s,ou=people,dc=example,dc=com'
+ * @global string $cpw_ldap_user_dn_mapping
+ */
+global $cpw_ldap_user_dn_mapping;
+$cpw_ldap_user_dn_mapping='';
+
 /** end of default config */
 
 /** configuration overrides from config file */
@@ -140,6 +151,7 @@
 if (isset($cpw_ldap['adminpw'])) $cpw_ldap_adminpw=$cpw_ldap['adminpw'];
 if (isset($cpw_ldap['userid_attr'])) $cpw_ldap_userid_attr=$cpw_ldap['userid_attr'];
 if (isset($cpw_ldap['default_crypto'])) $cpw_ldap_default_crypto=$cpw_ldap['default_crypto'];
+if (isset($cpw_ldap['user_dn_mapping'])) $cpw_ldap_user_dn_mapping=$cpw_ldap['user_dn_mapping'];
 
 /** make sure that setting does not contain mapping */
 $cpw_ldap_server=sqimap_get_user_server($cpw_ldap_server,$username);
@@ -191,7 +203,7 @@
     global $cpw_ldap_server, $cpw_ldap_port, $cpw_ldap_basedn,
         $cpw_ldap_connect_opts,$cpw_ldap_use_tls,
         $cpw_ldap_binddn, $cpw_ldap_bindpw,
-        $cpw_ldap_admindn, $cpw_ldap_adminpw;
+        $cpw_ldap_admindn, $cpw_ldap_adminpw, $cpw_ldap_user_dn_mapping;
 
     // unfortunately, we can only pass one parameter to a hook function,
     // so we have to pass it as an array.
@@ -270,34 +282,38 @@
             return $msgs;
         }
 
-        /**
-         * Bind to LDAP (use anonymous bind or unprivileged DN) in order to get user's DN
-         * hide ldap_bind() function call errors, because errors are processed in script
-         */
-        if ($cpw_ldap_binddn!='') {
-            // authenticated bind
-            $cpw_ldap_binding=@ldap_bind($cpw_ldap_con,$cpw_ldap_binddn,$cpw_ldap_bindpw);
+        if ($cpw_ldap_user_dn_mapping!='') {
+            $cpw_ldap_userdn=sprintf($cpw_ldap_user_dn_mapping,$username);
         } else {
-            // anonymous bind
-            $cpw_ldap_binding=@ldap_bind($cpw_ldap_con);
-        }
+            /**
+             * Bind to LDAP (use anonymous bind or unprivileged DN) in order to get user's DN
+             * hide ldap_bind() function call errors, because errors are processed in script
+             */
+            if ($cpw_ldap_binddn!='') {
+                // authenticated bind
+                $cpw_ldap_binding=@ldap_bind($cpw_ldap_con,$cpw_ldap_binddn,$cpw_ldap_bindpw);
+            } else {
+                // anonymous bind
+                $cpw_ldap_binding=@ldap_bind($cpw_ldap_con);
+            }
 
-        // check ldap_bind errors
-        if (! $cpw_ldap_binding) {
-            array_push($msgs,
-                       _("Unable to bind to LDAP server."),
-                       sprintf(_("Server replied: %s"),ldap_error($cpw_ldap_con)));
-            @ldap_unbind($cpw_ldap_con);
-            return $msgs;
-        }
+            // check ldap_bind errors
+            if (! $cpw_ldap_binding) {
+                array_push($msgs,
+                           _("Unable to bind to LDAP server."),
+                           sprintf(_("Server replied: %s"),ldap_error($cpw_ldap_con)));
+                @ldap_unbind($cpw_ldap_con);
+                return $msgs;
+            }
 
-        // find userdn
-        $cpw_ldap_search_err=cpw_ldap_uid_search($cpw_ldap_con,$cpw_ldap_basedn,$msgs,$cpw_ldap_res,$cpw_ldap_userdn);
+            // find userdn
+            $cpw_ldap_search_err=cpw_ldap_uid_search($cpw_ldap_con,$cpw_ldap_basedn,$msgs,$cpw_ldap_res,$cpw_ldap_userdn);
 
-        // check for search errors and stop execution if something is wrong
-        if (! $cpw_ldap_search_err) {
-            @ldap_unbind($cpw_ldap_con);
-            return $msgs;
+            // check for search errors and stop execution if something is wrong
+            if (! $cpw_ldap_search_err) {
+                @ldap_unbind($cpw_ldap_con);
+                return $msgs;
+            }
         }
 
         /**
Index: README
===================================================================
--- README (revision 13483)
+++ README (working copy)
@@ -309,6 +309,13 @@
       server supports MD4, RIPEMD-160, SHA, SSHA or SMD5 and Mhash extension
       is not present.
 
+  * 'user dn mapping string'
+    If set to empty string, a search is performed in order to find the user's dn
+    otherwise the dn is generated from this format string. %s should be used
+    to indicate the place where to insert the user id
+    eg 'uid=%s,ou=people,dc=example,dc=com'
+    Defaults to ''
+
   Configuration example:
   $cpw_ldap['basedn']='ou=users,dc=example,dc=com'; // sets base dn
   $cpw_ldap['connect_opts']['PROTOCOL_VERSION']=3;   // forces v3 bind protocol

---

------------------------------------------------------------------------------

-----
squirrelmail-devel mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: squirrelmail-devel@...
List archives: http://news.gmane.org/gmane.mail.squirrelmail.devel
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-devel