first commit

plugins/authentication/ldap/index.html

@@ -0,0 +1 @@
+<!DOCTYPE html><title></title>

plugins/authentication/ldap/ldap.php

@@ -0,0 +1,160 @@
+<?php
+/**
+ * @package     Joomla.Plugin
+ * @subpackage  Authentication.ldap
+ *
+ * @copyright   Copyright (C) 2005 - 2013 Open Source Matters, Inc. All rights reserved.
+ * @license     GNU General Public License version 2 or later; see LICENSE.txt
+ */
+
+defined('_JEXEC') or die;
+
+/**
+ * LDAP Authentication Plugin
+ *
+ * @package     Joomla.Plugin
+ * @subpackage  Authentication.ldap
+ * @since       1.5
+ */
+class PlgAuthenticationLdap extends JPlugin
+{
+	/**
+	 * This method should handle any authentication and report back to the subject
+	 *
+	 * @param   array   $credentials  Array holding the user credentials
+	 * @param   array   $options      Array of extra options
+	 * @param   object  &$response    Authentication response object
+	 *
+	 * @return  boolean
+	 *
+	 * @since   1.5
+	 */
+	public function onUserAuthenticate($credentials, $options, &$response)
+	{
+		$userdetails = null;
+		$success = 0;
+		$userdetails = array();
+
+		// For JLog
+		$response->type = 'LDAP';
+
+		// LDAP does not like Blank passwords (tries to Anon Bind which is bad)
+		if (empty($credentials['password']))
+		{
+			$response->status = JAuthentication::STATUS_FAILURE;
+			$response->error_message = JText::_('JGLOBAL_AUTH_PASS_BLANK');
+
+			return false;
+		}
+
+		// Load plugin params info
+		$ldap_email		= $this->params->get('ldap_email');
+		$ldap_fullname	= $this->params->get('ldap_fullname');
+		$ldap_uid		= $this->params->get('ldap_uid');
+		$auth_method	= $this->params->get('auth_method');
+
+		$ldap = new JClientLdap($this->params);
+
+		if (!$ldap->connect())
+		{
+			$response->status = JAuthentication::STATUS_FAILURE;
+			$response->error_message = JText::_('JGLOBAL_AUTH_NO_CONNECT');
+
+			return;
+		}
+
+		switch ($auth_method)
+		{
+			case 'search':
+			{
+				// Bind using Connect Username/password
+				// Force anon bind to mitigate misconfiguration like [#7119]
+				if (strlen($this->params->get('username')))
+				{
+					$bindtest = $ldap->bind();
+				}
+				else
+				{
+					$bindtest = $ldap->anonymous_bind();
+				}
+
+				if ($bindtest)
+				{
+					// Search for users DN
+					$binddata = $ldap->simple_search(str_replace("[search]", $credentials['username'], $this->params->get('search_string')));
+
+					if (isset($binddata[0]) && isset($binddata[0]['dn']))
+					{
+						// Verify Users Credentials
+						$success = $ldap->bind($binddata[0]['dn'], $credentials['password'], 1);
+
+						// Get users details
+						$userdetails = $binddata;
+					}
+					else
+					{
+						$response->status = JAuthentication::STATUS_FAILURE;
+						$response->error_message = JText::_('JGLOBAL_AUTH_USER_NOT_FOUND');
+					}
+				}
+				else
+				{
+					$response->status = JAuthentication::STATUS_FAILURE;
+					$response->error_message = JText::_('JGLOBAL_AUTH_NO_BIND');
+				}
+			}	break;
+
+			case 'bind':
+			{
+				// We just accept the result here
+				$success = $ldap->bind($credentials['username'], $credentials['password']);
+
+				if ($success)
+				{
+					$userdetails = $ldap->simple_search(str_replace("[search]", $credentials['username'], $this->params->get('search_string')));
+				}
+				else
+				{
+					$response->status = JAuthentication::STATUS_FAILURE;
+					$response->error_message = JText::_('JGLOBAL_AUTH_BIND_FAILED');
+				}
+			}	break;
+		}
+
+		if (!$success)
+		{
+			$response->status = JAuthentication::STATUS_FAILURE;
+
+			if (!strlen($response->error_message))
+			{
+				$response->error_message = JText::_('JGLOBAL_AUTH_INCORRECT');
+			}
+		}
+		else
+		{
+			// Grab some details from LDAP and return them
+			if (isset($userdetails[0][$ldap_uid][0]))
+			{
+				$response->username = $userdetails[0][$ldap_uid][0];
+			}
+
+			if (isset($userdetails[0][$ldap_email][0]))
+			{
+				$response->email = $userdetails[0][$ldap_email][0];
+			}
+
+			if (isset($userdetails[0][$ldap_fullname][0]))
+			{
+				$response->fullname = $userdetails[0][$ldap_fullname][0];
+			} else {
+				$response->fullname = $credentials['username'];
+			}
+
+			// Were good - So say so.
+			$response->status		= JAuthentication::STATUS_SUCCESS;
+			$response->error_message = '';
+		}
+
+		$ldap->close();
+	}
+}

plugins/authentication/ldap/ldap.xml

@@ -0,0 +1,132 @@
+<?xml version="1.0" encoding="utf-8"?>
+<extension version="3.1" type="plugin" group="authentication">
+	<name>plg_authentication_ldap</name>
+	<author>Joomla! Project</author>
+	<creationDate>November 2005</creationDate>
+	<copyright>Copyright (C) 2005 - 2013 Open Source Matters. All rights reserved.</copyright>
+	<license>GNU General Public License version 2 or later; see LICENSE.txt</license>
+	<authorEmail>admin@joomla.org</authorEmail>
+	<authorUrl>www.joomla.org</authorUrl>
+	<version>3.0.0</version>
+	<description>PLG_LDAP_XML_DESCRIPTION</description>
+	<files>
+		<filename plugin="ldap">ldap.php</filename>
+		<filename>index.html</filename>
+	</files>
+	<languages>
+		<language tag="en-GB">en-GB.plg_authentication_ldap.ini</language>
+		<language tag="en-GB">en-GB.plg_authentication_ldap.sys.ini</language>
+	</languages>
+	<config>
+		<fields name="params">
+
+			<fieldset name="basic">
+				<field name="host" type="text"
+					description="PLG_LDAP_FIELD_HOST_DESC"
+					label="PLG_LDAP_FIELD_HOST_LABEL"
+					size="20"
+				/>
+
+				<field name="port" type="text"
+					default="389"
+					description="PLG_LDAP_FIELD_PORT_DESC"
+					label="PLG_LDAP_FIELD_PORT_LABEL"
+					size="20"
+				/>
+
+				<field name="use_ldapV3" type="radio"
+					default="0"
+					class="btn-group"
+					description="PLG_LDAP_FIELD_V3_DESC"
+					label="PLG_LDAP_FIELD_V3_LABEL"
+				>
+					<option value="0">JNo</option>
+					<option value="1">JYes</option>
+				</field>
+
+				<field name="negotiate_tls" type="radio"
+					default="0"
+					class="btn-group"
+					description="PLG_LDAP_FIELD_NEGOCIATE_DESC"
+					label="PLG_LDAP_FIELD_NEGOCIATE_LABEL"
+				>
+					<option value="0">JNo</option>
+					<option value="1">JYes</option>
+				</field>
+
+				<field name="no_referrals" type="radio"
+					default="0"
+					class="btn-group"
+					description="PLG_LDAP_FIELD_REFERRALS_DESC"
+					label="PLG_LDAP_FIELD_REFERRALS_LABEL"
+				>
+					<option value="0">JNo</option>
+					<option value="1">JYes</option>
+				</field>
+
+				<field name="auth_method" type="list"
+					default="bind"
+					description="PLG_LDAP_FIELD_AUTHMETHOD_DESC"
+					label="PLG_LDAP_FIELD_AUTHMETHOD_LABEL"
+				>
+					<option value="search">PLG_LDAP_FIELD_VALUE_BINDSEARCH</option>
+					<option value="bind">PLG_LDAP_FIELD_VALUE_BINDUSER</option>
+				</field>
+
+				<field name="base_dn" type="text"
+					description="PLG_LDAP_FIELD_BASEDN_DESC"
+					label="PLG_LDAP_FIELD_BASEDN_LABEL"
+					size="20"
+				/>
+
+				<field name="search_string" type="text"
+					description="PLG_LDAP_FIELD_SEARCHSTRING_DESC"
+					label="PLG_LDAP_FIELD_SEARCHSTRING_LABEL"
+					size="20"
+				/>
+
+				<field name="users_dn" type="text"
+					description="PLG_LDAP_FIELD_USERSDN_DESC"
+					label="PLG_LDAP_FIELD_USERSDN_LABEL"
+					size="20"
+				/>
+
+
+				<field name="username" type="text"
+					description="PLG_LDAP_FIELD_USERNAME_DESC"
+					label="PLG_LDAP_FIELD_USERNAME_LABEL"
+					size="20"
+				/>
+
+				<field name="password" type="password"
+					description="PLG_LDAP_FIELD_PASSWORD_DESC"
+					label="PLG_LDAP_FIELD_PASSWORD_LABEL"
+					size="20"
+				/>
+
+
+				<field name="ldap_fullname" type="text"
+					default="fullName"
+					description="PLG_LDAP_FIELD_FULLNAME_DESC"
+					label="PLG_LDAP_FIELD_FULLNAME_LABEL"
+					size="20"
+				/>
+
+				<field name="ldap_email" type="text"
+					default="mail"
+					description="PLG_LDAP_FIELD_EMAIL_DESC"
+					label="PLG_LDAP_FIELD_EMAIL_LABEL"
+					size="20"
+				/>
+
+				<field name="ldap_uid" type="text"
+					default="uid"
+					description="PLG_LDAP_FIELD_UID_DESC"
+					label="PLG_LDAP_FIELD_UID_LABEL"
+					size="20"
+				/>
+			</fieldset>
+
+		</fields>
+	</config>
+</extension>