From 4020bf861e96fb0db58bcd8428f38058b9b3e910 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?D=C3=A9veloppeur=20=C3=A9gar=C3=A9?= <aymhce@gmail.com>
Date: Wed, 4 Feb 2015 00:35:24 +0100
Subject: [PATCH 1/2] automated creation of Friendica basic account

---
 ldapauth.tgz          | Bin 1514 -> 1941 bytes
 ldapauth/ldapauth.php |  59 +++++++++++++++++++++++++++++++++---------
 2 files changed, 47 insertions(+), 12 deletions(-)

diff --git a/ldapauth.tgz b/ldapauth.tgz
index 7dd3d6c427335979974f62e0cf6539bd60cd3ec8..62ff161abc5b090d3e32cdd9c22521b41e0b0354 100755
GIT binary patch
literal 1941
zcmV;G2Wt2qiwFqhS<zGi0BmGoaA9?HXfAYNascgFZEw>s5boFYR~*$KEed_x3#etl
zfFh89p)%kDLM2VyHX^l)oiHZEf9KAQ^U}3jfx!ou#Y*bjJ@?%C?wq($;4Qo)p0z4}
zZnSaSzP(rJ?(N?0c6Tf7z5VX~ZU^VHQR#HsJNsP}>+Dt9o$lW4b_Mn-e_<pl_9Q@M
z?)lSDehK*+xy5vEzjNo#oyxy8vh}wY&Bbg{x!lpA<-ZLTpwV9XA3EKg?mm9*?(b59
z>~wLey|at*?aI~o)8p=aT<>b@=FKYHgqPl&_2BvA!&h*Ksla#~`d-ZF)?=o887|^b
z@LuUAc#tS2!JB#^S21|p00g0Aek|lEX}@JsY0XZvgWolPkUe-2eq!*#Rvz4)#qpxo
zYGt+9^u@fjkYW->tTjjBdqr*UbUyQmU8@S#g(os(JV0jP1%co+MSm|ukVI>I!+$^T
z(Hq4kNdyxi;a$iBaiZYRkHaqv9$PU~3_u{R)cUu^o?<v5rydWLN0C&76bqQ6p&0+r
zvI_Y$VzBU(IuSAe&zC|eK$MbZGv$4xSHz1Vv{rCIf#5h5P7ra<=3}HF=z59-IZUNU
z7J%kZA@|BcK0JkhO}r$ET`jP{wG$lX35H_kp@Wi5LlrZL&YXnttPt{q*lQ&&<lKu=
zQK>2Gb-=asS&&Gk$UZuV%wl11y%G}MKw>E2f-f*Se(dUirrFRWw5Q^PePPmtFm@Cy
zFi_z*VuqE6@H#k%Pq7hmjEm;xOJ)d(Ny#RzPv~R7eUb3kM&qSGtrHBaaZY2eUGW~A
ziUe2l6gXo68CEQY<L9qOj}9LVhR5hLNl08}Q&rS-o9NyI$R|`Ff_Qhz$(GM#Oc|zi
zOb%jL(BUT7ygr`MdVEeoS`7jUr-=@?^<EJGqJ|3Qx&}18F(YO+1)8(is8a9OObD7a
zr_Ej(g>CQFJtOkou^WZ+!Ca3FC+7nkfHM;+ZnCf5d=W7!UZ+p$&1RFuej3tNwVE;>
z3GTDH6LLRF0@k86Ck9TVU#(Ur3HP-h*4~JU5i`BsfN#|;n}nm85TEK!G5H-A99{ga
zm75#gw%@h(sHjZFzppf(@DhQ9|9uK)MC;q0dt-a735Aoo6<m@Tzjr9M9J{;o!KJUZ
zy*M8laN`DqYQ(;xFPL<rH2;^h8rsB`ogA6c)N8(t#f;5Dy>EZ$ry@o3MyP|gzSFA3
ziR9#7?%f*F*0#HC$r6Ps;Mgvt9ezE4DT_xYJ?nXTx~1%F^b4wEtlxlNsA|N{sxD48
zQeB)F)ts;={aL^-By7aW$`lSSj^(+^xma1*H2e!mYcbN?GHTQ{b+cq?Qk<`UR{lJ!
z5yM?CBCg>$iP_IWFR7nviPGrT4W-(-9bIbI0Qa?s@%m=&H5%2e%_C8xiCTX%L&R@0
zJIisX>Bj+j=p$P?U$nt`JvEt^UIXuDgIY%2*01Rt%0!aF%5g7r&MH{UV(~T_OLC?^
zz{HCb>!-z@LL%P>MH6Kp6t?s;4TN3~`ykbhM`oX_TP;^_w4<X}$D>!nqvNATN6$xZ
z2gBFTj$XPujsC{U!@-lmaCrFqwF_-jOWD;QWbGkWDmEpz*k-Wn9vmDP-q`(C`=e*S
zYp--K)`7|!Np7axh1})F(gf$g!OyJo7K5shH=_^+8G}hE6{a_j<!MfXkc!Zxu^Do}
zGh`~^pb&S&C}FM)GdjJT(Ps^AZDAuZ6)B~6TC(`XixQ@CM56A(W@W7#6ovJ7VaxTN
zJDoR*yqPx|v}>;hTGvqA6<e=chzRcUu6D$JYxI{x8OwwsnI&bRcIOLEvfR}ISJyFb
zDh@4FRxwaVbt-~eonn$~Gnu2}wU8Mms^(H$6s5RWA!VsWLgmD4TrCMg(lmCuhDJUj
zF`Y75ui2fXN3Re}DgD|aMU=j7Jr+#S+XM`#U)ECl>yut5es;xhzQm)mzlMjC^DyyL
zvv2`<+Yg8bM;_F-=@nolUFR40UC2kTQx9~L!Rwzep+EB=$WmLpU?I<MEPtsu3WZUA
z`n@#s#;ko4So;8nyFQVq(UyE|)pLJlLH7>C%64vJrvdk%P1<&rWc8$$-`e(cWorNH
z`5VN+JuT=uJoG=MGr2R4hQ_JXm+S=vr*cOf-08zf$Y{3H=##bd<pT{GKlOH2Ck}Mq
z&`)LFJ1Wtc?tCyzx6W3s4O6YS58`z#g%4^5_B*BG&x4$Jy7Vj<T!WsL3h{MW1k5sR
zq(-Wlp_O(L?v3@KL5gP$yJ!P+906bbZM<QE_cVWv{JoTg=O+T%Pnprf#pinM_2Bv7
z(J`I24Ub;HM-u!9@172Z1Ndm|eWc@n>&k({myhA&I1>IR7SLqd%$T(_QyqBz?8UQV
z=+xZYs(Ji1T&(%@HFSBK*(#MbdRDm_8;<OJVmLT_{9;h~6XSy4e>yvz{iWZ3c6Rr6
zEAUs&|Nryfe}3-Z`;tz*fAPq>da0+~)#FP&+`hz<?dl&qbpG`d=jxw2Yc>bX)!#W|
bP7j!``u^3p8du|LY&?DdvmUf603-ka(dys(

literal 1514
zcmV<G1r_=qiwFR}@O@DL1MOICPuoZk&R6^^=1{ISRhl;lRB7oIL8`07OBJ~GLxqB4
zZ;}<xuDiP~MJN9I&F<Qcod!XB!0A+v0NJ}U&pbPCYY~Nh>?dm0sy&{xQFeBEwQg@~
zr`z4CwR_v$?X8YkPo>uBwl}xCsMhJ#+MRB1r(J{IBXY_mk;)eUwYeWmsrX9SEqd{^
zx7~U9^5s)-dP0e^{0|3v2S<ZP@o`7~JDZ*DrTlMh^|orzeiSxK@{8wx4|7kLqJggn
z_>f2<z@Pe*Nd-QG!-KsK5K=(`#l^Mrmn4%Uf(aM!iL#JiN!SY%{Yu~<(?P2cID!ge
z{9^1&f(v5mGb(*WIg^g!Fh>^(f6=F;Y#I@WeJQWF2*D2oml6=7WY%<?lUP6aQG{L!
zyd`jkOLT%@b21;JYp$QCNQ}W$@FWKGqyh7zAleze$3#fZV2)J)Gat_($dpP&1aiKj
zY6kBFB`icY7#iehKo}QuKT1`FAqP$@ctFBLARF|B=Rg*CP6O(fU~mITphg1%jzI`i
z!vqZxCNv_*?3iORuJC-RQ^Vx8fcN2=Cm7FbU<6sCPe~M<9iEQ%_x1<FGff9I1jbnr
zNB4UZ-A+LJ(%Sk&l1`a+6cC|Ic8!5aKGOY4L=$Yh1o@Is9UKior%8HxZW1GnshUv<
za~>uLuUU<WA(SSdIaAiO8P8(F!6D6Qv+p={|HT`-_1Vp)l6!8SN0x<q4!hvaxKvH@
z&7a2@tbotmS5C9pBr0e+|8+P0|0JLP*@Mo@1N*pR{%`N}x=ZuFhp*NAe+qg12j<&p
zJ%8@Nb2#?rq;K24crWO!10n-KO`G@O$1V-D{)l7NSazCi{jLGH=))1cByf~P9$wFs
ziu<iro(tXHt#mH7=BWGzty>OcgcoDg4@1uMlKwq1(`WTbGWS2k|AFp3MEc3A&+>lI
z`_Do?>?MeR4|oq+hL3m|BKptYhiR=n)~$%p_F}YA_&2vBnr9cJ0c$xZlY|9^WrjA=
z<&U-HZNT5oT2=z18RwUtTP!!X0j_Dc*2>F6Z|9iWdQ>vrc;(!zbf2&ifrLFhh3{0o
zy5D$K9~(k+;^m5Eo$+T^S2M%u>7F<AYu3>2`G&Dwt7AVTk&>99FW&m;;Bc^irsvo2
z<OnXb@dbSPb1)ph1*5^GM!L|+{9U@RcYFXB<A?{BB-D#-yMhU)6Ka<_aQOb{{TX!D
z8|Z6oEga*tUgEWZJ9zLleU5-9OnDinlp>N$4Mw&tO+95wpWElJa;4(&ty)KK-Z=V4
z5S0jaTZqe%%jh-gS;RCK2T<yT%Es4Sm=ZOz9pEiGpiyc7Jm11}j3XjscbZzY?@i;Y
zdzr>pWm8Ff5zNr<U4*S#*;t3eS4!MroT-(K?VP`pv{BQR#uSU;H}E{1;1OZoA`2U4
zH<M@2z{^rOBHyqpr3Kbr7*1Yyg+Yc{NYKW{lAf&<nD~(-DWiG{iN|<bbWsK>($6dw
z&?{iyrq*g?r?Qt>HOyEaoqRYOeHfmco$Q|+jy?{Cr|(aW8=Gl>?_)e1yc-OMdxxhD
zXs2e#&U>3z%EG8vpN(S0VJGhH?pofu5mui^uiT`;(%0;6&QI6WvYV{Z8p}1-1b5fP
zzj+gugNn%aqd>!)!GsE_M%dosx<ErCm7r;OKV;KI7FkzxSctpEC}OS*vySeHie6D2
z2BTE4rcJ&#QX<I<RTN5e9{YkUhu&Z`T>DApYCd^kfTztd*DpH7Sk#GFpyD$ZIc92V
zwHPmIF}_MGr515Xire|VAz_e^#%8xjLrcV`QzE?eY<~3d<1`@najL)71dr11$^(uS
zh@WUM&|_h};D2>)ZGN*Sg6kz7o$XtAxC<UOo^nQG(1lFL34S1kng>H3W<2Tds#SE|
zpWt^VACsp(m|nu?A8=v+=0OmvyZ@F%-tHjnpHj)*RR0^Pq>@T1sicxhDygKBN-C+O
Ql3!N-0WfY{a{wp+0LAb0O8@`>

diff --git a/ldapauth/ldapauth.php b/ldapauth/ldapauth.php
index b87f669d5..2c8f3effd 100755
--- a/ldapauth/ldapauth.php
+++ b/ldapauth/ldapauth.php
@@ -2,8 +2,9 @@
 /**
  * Name: LDAP Authenticate
  * Description: Authenticate a user against an LDAP directory
- * Version: 1.0
+ * Version: 1.1
  * Author: Mike Macgirvin <http://macgirvin.com/profile/mike>
+ * Author: aymhce
  */
  
 /**
@@ -17,8 +18,9 @@
  *
  * Optionally authenticates only if a member of a given group in the directory.
  *
- * The person must have registered with Friendica using the normal registration 
+ * By default, the person must have registered with Friendica using the normal registration 
  * procedures in order to have a Friendica user record, contact, and profile.
+ * However, it's possible with an option to automate the creation of a Friendica basic account.
  *
  * Note when using with Windows Active Directory: you may need to set TLS_CACERT in your site
  * ldap.conf file to the signing cert for your LDAP server. 
@@ -31,6 +33,7 @@
  *
  */
 
+require_once('include/user.php');
 
 
 function ldapauth_install() {
@@ -44,19 +47,13 @@ function ldapauth_uninstall() {
 
 
 function ldapauth_hook_authenticate($a,&$b) {
-	if(ldapauth_authenticate($b['username'],$b['password'])) {
-		$results = q("SELECT * FROM `user` WHERE `nickname` = '%s' AND `blocked` = 0 AND `verified` = 1 LIMIT 1",
-				dbesc($b['username'])
-		);
-		if(count($results)) {
-				$b['user_record'] = $results[0];
-				$b['authenticated'] = 1;
-		}
+	if(ldapauth_authenticate($b['username'],$b['password']) && is_existing_account($b['username'])) {
+		$b['user_record'] = $results[0];
+		$b['authenticated'] = 1;
 	}
 	return;
 }
 
-
 function ldapauth_authenticate($username,$password) {
 
     $ldap_server   = get_config('ldapauth','ldap_server');
@@ -65,7 +62,15 @@ function ldapauth_authenticate($username,$password) {
     $ldap_searchdn = get_config('ldapauth','ldap_searchdn');
     $ldap_userattr = get_config('ldapauth','ldap_userattr');
     $ldap_group    = get_config('ldapauth','ldap_group');
+	$ldap_autocreateaccount = get_config('ldapauth','ldap_autocreateaccount');
+	$ldap_autocreateaccount_emailattribute = get_config('ldapauth','ldap_autocreateaccount_emailattribute');
+	$ldap_autocreateaccount_nameattribute = get_config('ldapauth','ldap_autocreateaccount_nameattribute');
 
+	if(! strlen($ldap_autocreateaccount_emailattribute))
+		$ldap_autocreateaccount_emailattribute = "mail";
+	if(! strlen($ldap_autocreateaccount_nameattribute))
+		$ldap_autocreateaccount_nameattribute = "givenName";
+	
     if(! ((strlen($password))
             && (function_exists('ldap_connect'))
             && (strlen($ldap_server))))
@@ -98,9 +103,14 @@ function ldapauth_authenticate($username,$password) {
 
     if(! @ldap_bind($connect,$dn,$password))
         return false;
+		
+	$emailarray = @ldap_get_values($connect, $id, $ldap_autocreateaccount_emailattribute);
+	$namearray = @ldap_get_values($connect, $id, $ldap_autocreateaccount_nameattribute);
 
-    if(! strlen($ldap_group))
+    if(! strlen($ldap_group)){
+		ldap_autocreateaccount($ldap_autocreateaccount,$username,$password,$emailarray[0],$namearray[0]);
         return true;
+	}
 
     $r = @ldap_compare($connect,$ldap_group,'member',$dn);
     if ($r === -1) {
@@ -126,5 +136,30 @@ function ldapauth_authenticate($username,$password) {
         return false;
     }
 
+	ldap_autocreateaccount($ldap_autocreateaccount,$username,$password,$emailarray[0],$namearray[0]);
     return true;
 }
+
+function ldap_autocreateaccount($ldap_autocreateaccount,$username,$password,$email,$name) {
+	if($ldap_autocreateaccount == "true" && !is_existing_account($username)){
+		if (strlen($email) > 0 && strlen($name) > 0){
+			$arr = array('username'=>$name,'nickname'=>$username,'email'=>$email,'password'=>$password,'verified'=>1);
+			$result = create_user($arr);
+			if ($result['success']){
+				logger("ldapauth: account " . $username . " created");
+			}else{
+				logger("ldapauth: account " . $username . " was not created ! : " . implode($result));
+			}
+		}else{
+			logger("ldapauth: unable to create account, no email or nickname found");
+		}
+	}
+}
+
+function is_existing_account($username){
+	$results = q("SELECT * FROM `user` WHERE `nickname` = '%s' AND `blocked` = 0 AND `verified` = 1 LIMIT 1",$username);
+	if(count($results)) {
+		return true;
+	}
+	return false;
+}

From 31456b2f43daa3516300c69c4ad54d5468dece0c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?D=C3=A9veloppeur=20=C3=A9gar=C3=A9?=
 <97802n@mac97802n.maif.local>
Date: Wed, 4 Feb 2015 16:55:07 +0100
Subject: [PATCH 2/2] update readme

---
 ldapauth.tgz          | Bin 1941 -> 2357 bytes
 ldapauth/README       |  26 +++++++++++++++++++++++---
 ldapauth/ldapauth.php |  23 +++++++++++++++++++++--
 3 files changed, 44 insertions(+), 5 deletions(-)
 mode change 100755 => 100644 ldapauth.tgz

diff --git a/ldapauth.tgz b/ldapauth.tgz
old mode 100755
new mode 100644
index 62ff161abc5b090d3e32cdd9c22521b41e0b0354..aa3da0a902264720046eda40dc97e2c67c32c251
GIT binary patch
literal 2357
zcmV-53Ci{#iwFQFK+;qI1MOPtQ`<-q&sY3cOkBRmP6@wo;11TgaNw;?6^|5QcR!>k
zBTHjj8+pb%BZZ}|_}{mC9<pQ%wuvEib?Pdx8BKTp`Z<!CDDb9U5|10No{yT%=H9z^
zM1Ah+&t|)$KMj#qyR+Nr?7;P1(rmT&T05`EyJy6dQX*qd0F;02{j=F-5ATC*!{H-x
zj2-Fc{|H4k{*lK<&y)nK$G^SP-r0lr@9ehQMf_iaX7M*)>eKOb!#W<1f2-4J?q%w~
z1@V6eiSUXvH;iK;{h!DGr+-7dOO3a0OXMv%^ConkoE#s1B8QL)l*OU%#S||cQ|XIv
z8i$<i=PnYDB$5i^jl7V_n0QPJ2tq;qn2THF{*4N$I9v4={*3~-*e9pqS4vJje-w&u
zAtOJH<9NE?XiV%%-RG0WRPbRK(Z&Qezt3`ex0A7t=o%$rP54=alm&o{ctOA!F5%B9
z50dBs+pNg7Ec#W_VG@xc7v%Sl1^h;mLq86`QF3gz0b@Wo$Q6ozd*De53u5H4P<rS|
ziIQSYCZH&WAJ8mAHi{^jdQ#qS5fIN8TuK5`a-4O8`&>oDiz3jLF+mc}U@07e#0i}Y
z00PJFBLK+ANbqDzKpjd=t+FEjb4vm`^pYrc)rKj=jx#cWLLp-h3>0(}%9si;<|d5C
z8J8!BUNJE)CSGK=3I$ok0b=RXAQ6BN^n-zb3>={3dO1mO0f4~{m-rmK;{zOYsL2LI
zOMc-u^cxi}31df+DL5(|fb$e8h#FVULHXbtKEco;HeXN;NV#OD6XFy4;BcQOEVkY_
z<G^(Tjy1+9*$+j0pWN~UqIpXg1@C}jNn>((^0|L>c+|VNM4MrUfGF##!lny3&V~eS
zLIwmV!x2MWJ{7UbFvX*C5ZnR=*NM&ROSA|0!%<?qtc{k6FCK@IOjPPCR0FC2naJ12
zv1Y}VuK=J#S|8Q-jq#0!LP*A3#teFcQBSrZG=C;wb%47n-u8Pf=!;`d5$8&O?`sa{
zigbyCV(RoSZ!(4WL1jA!MoGZ5uRP(8Rp{k<Dv&Q=S_x0ON`f2sU84)XX4QFdEW$w&
zD~AsumP)5Ga1FJ{gOaq`Bn*^%t0I_ym%*-W6A&nd?X)PBQ;jd7NtwFx7-zQ=o=D6=
zD&<lH1AuPL_E}fye9UZxDeWxJjcj_Oky(XV_h53WGNjpttt$^<sPd<OLGQq1MUjRP
z$wmlEoI>l2RA0c>iB^;9fC82fx^s=N(EqC9%9)m_?Bjz!pk7mno~~l6K5Y*<2bq=#
zjg8Tz=3~3j<{6>d6R}8W8V!<9!x7Y_HfEvPed6FnXMNRuB{kKhktkV@AW8l95Eylk
z;O)Xw5TWEbKr?wZOX~GHjs3bh-Ag9qea?JZbwcJxNkAJIQS4n#?VwaD4HM?8xLE{!
zJiXy)tk%eXOI!BT>W?}9T6MCgrQ;Gu-7Pd0-VNjBR3>uwbIhRpZlU^w<p3n?<ssbL
zTCI5Qo60}|3WwEnV}8%zi(@;YbLHZnX%S!5$eTALlzmm5a7y(}ROh&AO2w94?CY~!
z1-k;LKctcT(!4q_Te9l)rWRbf!>GlHV9LDv*5yH4-EPH#MF=JA7?sRX1b=oh$NM^A
ztFwf4b0-$~bjGSX?NV0LkngchZ&qT3j+tY%2isD>=KRYs+v8~ob9##9nDrgvQqXD}
za&A=?m--U^`+f2eS#ynSUD5M>@G(uf2DP@Le0#&*gr)YHz>RQ3S#>q@YBem4RXtJ0
zh4R5_igNfK)idvha@wX*m&zBVuv)b$)6%P{tCpZ;RBiq0&LOoY(X9*)V`l+F&J10Z
zwc6Z1-5<!%izGcT#co6b-Va$7c|m5gf^Ruyq8Et$V7TMHJ`t;y%T;&g{qs+k{ZAL?
zm*+?4C;i`g7oR_#pSe4xs#amX=>6QgxHvrd?2@Ko19a67X?vJ4Wt)<lZ8OkyyWOtF
zjoojtJ-BjboP|$f-4q`-l6f_@y}0v@rB0l#1HaSGn|CTmUJXJRqzHzgkdWRi7PlD~
zC@Cj83|5n@TBnwbB^+e@jxw?`7rGg}yC9?U3b(ePk?4vP0v@um8ozl_LS-h}pw{|v
zX$Qatr7G|{#pdfhYjm!{R5P#D@YG%`=%I$<E;xGKj7Q*{cV~vcUnaXVuEaZIb>N$%
z%+&5=>IpiZlM1Wr=vNyK1}d!>Qbl$sg6&o|Nh(y#q{4SDQkfYz70P&a7vqa|8E6rg
zG<!L{u0SYB0Ar_}g@F|D(TIv_*`6f(=BY}(=MX$H?`MuVl;#<aNe}yFIir7Z((A;x
z-zco-aI|(Gz~RhrXn)FaIL$l~1c-wHj`VqK5nSg9_?F^Pae}7}Y%=hD4Hf!#>IAX4
zEj|#)hZR7AzEE-G3S<86cO&YxTKgpM;0+v{`Us+oNAl~1_x)-6SG@!MZTpJSQzP$5
z6S?iGRtt-2|5n9Qm8tBn&YmE;@6|@vvCpEok{aVE(YT~-nLVJuQfjCJCw({!DXzA#
zpMp01@Bs?7o$5HNA_je3r;FP2#gU21ba<LkNVgVNu5wd3dk(_)vJoGYwb(mM#r1{U
zc)IkAF!CCny>S=5>EHpiNNYw(DXZwdo`iV={g%<Zd$CCZI?T%lE@sdEL%3$}-(hdg
zX5r(B0Q&7i9yt2XYWZ{Tq<3_Qujen$PsufIye7Z@(!1!9Ypd@X-vj(ZI^^)|m|PDc
z?ti5LE;jXwjU_I%$jQgkkC&uXcC&XMn8*f;QEwhY=Z~4Kd}-g6e&`J5M^gH_;i7kV
zeA;^!9ZTlFJDuIu-28uMw^_{pUWC>gd~Imz^~90aMu%Oc=bLkFaLDzn6Ry%T4!52@
z*(z;#rlkj3r4?pb-!sTsI>p-52y5l})!M_W(x&ECn;BYdc4GCEaaHMQld27msh&8a
z`i=qB)2CCL8%=%xTxzpJsgj*X{n+Dr<1`yL;s5^~J<ERpuK)jkoo2IB{Quue(0u$S
z&@8<XmGvp#m=5p<#CDzd@3uOv;{Ly&f(k0Apn?i2sGx!hDyX1>3M#0ef(k0Apn?i2
bsGx!hDyX1>3M#0ef|k+WGvPs&08jt`==G%!

literal 1941
zcmV;G2Wt2qiwFqhS<zGi0BmGoaA9?HXfAYNascgFZEw>s5boFYR~*$KEed_x3#etl
zfFh89p)%kDLM2VyHX^l)oiHZEf9KAQ^U}3jfx!ou#Y*bjJ@?%C?wq($;4Qo)p0z4}
zZnSaSzP(rJ?(N?0c6Tf7z5VX~ZU^VHQR#HsJNsP}>+Dt9o$lW4b_Mn-e_<pl_9Q@M
z?)lSDehK*+xy5vEzjNo#oyxy8vh}wY&Bbg{x!lpA<-ZLTpwV9XA3EKg?mm9*?(b59
z>~wLey|at*?aI~o)8p=aT<>b@=FKYHgqPl&_2BvA!&h*Ksla#~`d-ZF)?=o887|^b
z@LuUAc#tS2!JB#^S21|p00g0Aek|lEX}@JsY0XZvgWolPkUe-2eq!*#Rvz4)#qpxo
zYGt+9^u@fjkYW->tTjjBdqr*UbUyQmU8@S#g(os(JV0jP1%co+MSm|ukVI>I!+$^T
z(Hq4kNdyxi;a$iBaiZYRkHaqv9$PU~3_u{R)cUu^o?<v5rydWLN0C&76bqQ6p&0+r
zvI_Y$VzBU(IuSAe&zC|eK$MbZGv$4xSHz1Vv{rCIf#5h5P7ra<=3}HF=z59-IZUNU
z7J%kZA@|BcK0JkhO}r$ET`jP{wG$lX35H_kp@Wi5LlrZL&YXnttPt{q*lQ&&<lKu=
zQK>2Gb-=asS&&Gk$UZuV%wl11y%G}MKw>E2f-f*Se(dUirrFRWw5Q^PePPmtFm@Cy
zFi_z*VuqE6@H#k%Pq7hmjEm;xOJ)d(Ny#RzPv~R7eUb3kM&qSGtrHBaaZY2eUGW~A
ziUe2l6gXo68CEQY<L9qOj}9LVhR5hLNl08}Q&rS-o9NyI$R|`Ff_Qhz$(GM#Oc|zi
zOb%jL(BUT7ygr`MdVEeoS`7jUr-=@?^<EJGqJ|3Qx&}18F(YO+1)8(is8a9OObD7a
zr_Ej(g>CQFJtOkou^WZ+!Ca3FC+7nkfHM;+ZnCf5d=W7!UZ+p$&1RFuej3tNwVE;>
z3GTDH6LLRF0@k86Ck9TVU#(Ur3HP-h*4~JU5i`BsfN#|;n}nm85TEK!G5H-A99{ga
zm75#gw%@h(sHjZFzppf(@DhQ9|9uK)MC;q0dt-a735Aoo6<m@Tzjr9M9J{;o!KJUZ
zy*M8laN`DqYQ(;xFPL<rH2;^h8rsB`ogA6c)N8(t#f;5Dy>EZ$ry@o3MyP|gzSFA3
ziR9#7?%f*F*0#HC$r6Ps;Mgvt9ezE4DT_xYJ?nXTx~1%F^b4wEtlxlNsA|N{sxD48
zQeB)F)ts;={aL^-By7aW$`lSSj^(+^xma1*H2e!mYcbN?GHTQ{b+cq?Qk<`UR{lJ!
z5yM?CBCg>$iP_IWFR7nviPGrT4W-(-9bIbI0Qa?s@%m=&H5%2e%_C8xiCTX%L&R@0
zJIisX>Bj+j=p$P?U$nt`JvEt^UIXuDgIY%2*01Rt%0!aF%5g7r&MH{UV(~T_OLC?^
zz{HCb>!-z@LL%P>MH6Kp6t?s;4TN3~`ykbhM`oX_TP;^_w4<X}$D>!nqvNATN6$xZ
z2gBFTj$XPujsC{U!@-lmaCrFqwF_-jOWD;QWbGkWDmEpz*k-Wn9vmDP-q`(C`=e*S
zYp--K)`7|!Np7axh1})F(gf$g!OyJo7K5shH=_^+8G}hE6{a_j<!MfXkc!Zxu^Do}
zGh`~^pb&S&C}FM)GdjJT(Ps^AZDAuZ6)B~6TC(`XixQ@CM56A(W@W7#6ovJ7VaxTN
zJDoR*yqPx|v}>;hTGvqA6<e=chzRcUu6D$JYxI{x8OwwsnI&bRcIOLEvfR}ISJyFb
zDh@4FRxwaVbt-~eonn$~Gnu2}wU8Mms^(H$6s5RWA!VsWLgmD4TrCMg(lmCuhDJUj
zF`Y75ui2fXN3Re}DgD|aMU=j7Jr+#S+XM`#U)ECl>yut5es;xhzQm)mzlMjC^DyyL
zvv2`<+Yg8bM;_F-=@nolUFR40UC2kTQx9~L!Rwzep+EB=$WmLpU?I<MEPtsu3WZUA
z`n@#s#;ko4So;8nyFQVq(UyE|)pLJlLH7>C%64vJrvdk%P1<&rWc8$$-`e(cWorNH
z`5VN+JuT=uJoG=MGr2R4hQ_JXm+S=vr*cOf-08zf$Y{3H=##bd<pT{GKlOH2Ck}Mq
z&`)LFJ1Wtc?tCyzx6W3s4O6YS58`z#g%4^5_B*BG&x4$Jy7Vj<T!WsL3h{MW1k5sR
zq(-Wlp_O(L?v3@KL5gP$yJ!P+906bbZM<QE_cVWv{JoTg=O+T%Pnprf#pinM_2Bv7
z(J`I24Ub;HM-u!9@172Z1Ndm|eWc@n>&k({myhA&I1>IR7SLqd%$T(_QyqBz?8UQV
z=+xZYs(Ji1T&(%@HFSBK*(#MbdRDm_8;<OJVmLT_{9;h~6XSy4e>yvz{iWZ3c6Rr6
zEAUs&|Nryfe}3-Z`;tz*fAPq>da0+~)#FP&+`hz<?dl&qbpG`d=jxw2Yc>bX)!#W|
bP7j!``u^3p8du|LY&?DdvmUf603-ka(dys(

diff --git a/ldapauth/README b/ldapauth/README
index 90ee2595b..ee09e94d6 100755
--- a/ldapauth/README
+++ b/ldapauth/README
@@ -1,17 +1,37 @@
 Authenticate a user against an LDAP directory
 Useful for Windows Active Directory and other LDAP-based organisations
 to maintain a single password across the organisation.
-
 Optionally authenticates only if a member of a given group in the directory.
 
-The person must have registered with Friendica using the normal registration 
+By default, the person must have registered with Friendica using the normal registration 
 procedures in order to have a Friendica user record, contact, and profile.
+However, it's possible with an option to automate the creation of a Friendica basic account.
 
 Note when using with Windows Active Directory: you may need to set TLS_CACERT in your site
 ldap.conf file to the signing cert for your LDAP server. 
 
-The required configuration options for this module may be set in the .htconfig.php file
+The configuration options for this module may be set in the .htconfig.php file
 e.g.:
 
+// ldap hostname server - required
 $a->config['ldapauth']['ldap_server'] = 'host.example.com';
+// dn to search users - required
+$a->config['ldapauth']['ldap_searchdn'] = 'ou=users,dc=example,dc=com';
+// attribute to find username - required
+$a->config['ldapauth']['ldap_userattr'] = 'uid';
+
+// admin dn - optional - only if ldap server dont have anonymous access
+$a->config['ldapauth']['ldap_binddn'] = 'cn=admin,dc=example,dc=com';
+// admin password - optional - only if ldap server dont have anonymous access
+$a->config['ldapauth']['ldap_bindpw'] = 'password';
+
+// for create Friendica account if user exist in ldap
+//     required an email and a simple (beautiful) nickname on user ldap object
+//   active account creation - optional - default none
+$a->config['ldapauth']['ldap_autocreateaccount'] = 'true';
+//   attribute to get email - optional - default : 'mail'
+$a->config['ldapauth']['ldap_autocreateaccount_emailattribute'] = 'mail';
+//   attribute to get nickname - optional - default : 'givenName'
+$a->config['ldapauth']['ldap_autocreateaccount_nameattribute'] = 'givenName';
+
 ...etc.
diff --git a/ldapauth/ldapauth.php b/ldapauth/ldapauth.php
index 2c8f3effd..62f4b003b 100755
--- a/ldapauth/ldapauth.php
+++ b/ldapauth/ldapauth.php
@@ -25,12 +25,31 @@
  * Note when using with Windows Active Directory: you may need to set TLS_CACERT in your site
  * ldap.conf file to the signing cert for your LDAP server. 
  * 
- * The required configuration options for this module may be set in the .htconfig.php file
+ * The configuration options for this module may be set in the .htconfig.php file
  * e.g.:
  *
+ * // ldap hostname server - required
  * $a->config['ldapauth']['ldap_server'] = 'host.example.com';
- * ...etc.
+ * // dn to search users - required
+ * $a->config['ldapauth']['ldap_searchdn'] = 'ou=users,dc=example,dc=com';
+ * // attribute to find username - required
+ * $a->config['ldapauth']['ldap_userattr'] = 'uid';
  *
+ * // admin dn - optional - only if ldap server dont have anonymous access
+ * $a->config['ldapauth']['ldap_binddn'] = 'cn=admin,dc=example,dc=com';
+ * // admin password - optional - only if ldap server dont have anonymous access
+ * $a->config['ldapauth']['ldap_bindpw'] = 'password';
+ *
+ * // for create Friendica account if user exist in ldap
+ * //     required an email and a simple (beautiful) nickname on user ldap object
+ * //   active account creation - optional - default none
+ * $a->config['ldapauth']['ldap_autocreateaccount'] = 'true';
+ * //   attribute to get email - optional - default : 'mail'
+ * $a->config['ldapauth']['ldap_autocreateaccount_emailattribute'] = 'mail';
+ * //   attribute to get nickname - optional - default : 'givenName'
+ * $a->config['ldapauth']['ldap_autocreateaccount_nameattribute'] = 'givenName';
+ *
+ * ...etc.
  */
 
 require_once('include/user.php');