From 4020bf861e96fb0db58bcd8428f38058b9b3e910 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?D=C3=A9veloppeur=20=C3=A9gar=C3=A9?= <aymhce@gmail.com>
Date: Wed, 4 Feb 2015 00:35:24 +0100
Subject: [PATCH] automated creation of Friendica basic account

---
 ldapauth.tgz          | Bin 1514 -> 1941 bytes
 ldapauth/ldapauth.php |  59 +++++++++++++++++++++++++++++++++---------
 2 files changed, 47 insertions(+), 12 deletions(-)

diff --git a/ldapauth.tgz b/ldapauth.tgz
index 7dd3d6c427335979974f62e0cf6539bd60cd3ec8..62ff161abc5b090d3e32cdd9c22521b41e0b0354 100755
GIT binary patch
literal 1941
zcmV;G2Wt2qiwFqhS<zGi0BmGoaA9?HXfAYNascgFZEw>s5boFYR~*$KEed_x3#etl
zfFh89p)%kDLM2VyHX^l)oiHZEf9KAQ^U}3jfx!ou#Y*bjJ@?%C?wq($;4Qo)p0z4}
zZnSaSzP(rJ?(N?0c6Tf7z5VX~ZU^VHQR#HsJNsP}>+Dt9o$lW4b_Mn-e_<pl_9Q@M
z?)lSDehK*+xy5vEzjNo#oyxy8vh}wY&Bbg{x!lpA<-ZLTpwV9XA3EKg?mm9*?(b59
z>~wLey|at*?aI~o)8p=aT<>b@=FKYHgqPl&_2BvA!&h*Ksla#~`d-ZF)?=o887|^b
z@LuUAc#tS2!JB#^S21|p00g0Aek|lEX}@JsY0XZvgWolPkUe-2eq!*#Rvz4)#qpxo
zYGt+9^u@fjkYW->tTjjBdqr*UbUyQmU8@S#g(os(JV0jP1%co+MSm|ukVI>I!+$^T
z(Hq4kNdyxi;a$iBaiZYRkHaqv9$PU~3_u{R)cUu^o?<v5rydWLN0C&76bqQ6p&0+r
zvI_Y$VzBU(IuSAe&zC|eK$MbZGv$4xSHz1Vv{rCIf#5h5P7ra<=3}HF=z59-IZUNU
z7J%kZA@|BcK0JkhO}r$ET`jP{wG$lX35H_kp@Wi5LlrZL&YXnttPt{q*lQ&&<lKu=
zQK>2Gb-=asS&&Gk$UZuV%wl11y%G}MKw>E2f-f*Se(dUirrFRWw5Q^PePPmtFm@Cy
zFi_z*VuqE6@H#k%Pq7hmjEm;xOJ)d(Ny#RzPv~R7eUb3kM&qSGtrHBaaZY2eUGW~A
ziUe2l6gXo68CEQY<L9qOj}9LVhR5hLNl08}Q&rS-o9NyI$R|`Ff_Qhz$(GM#Oc|zi
zOb%jL(BUT7ygr`MdVEeoS`7jUr-=@?^<EJGqJ|3Qx&}18F(YO+1)8(is8a9OObD7a
zr_Ej(g>CQFJtOkou^WZ+!Ca3FC+7nkfHM;+ZnCf5d=W7!UZ+p$&1RFuej3tNwVE;>
z3GTDH6LLRF0@k86Ck9TVU#(Ur3HP-h*4~JU5i`BsfN#|;n}nm85TEK!G5H-A99{ga
zm75#gw%@h(sHjZFzppf(@DhQ9|9uK)MC;q0dt-a735Aoo6<m@Tzjr9M9J{;o!KJUZ
zy*M8laN`DqYQ(;xFPL<rH2;^h8rsB`ogA6c)N8(t#f;5Dy>EZ$ry@o3MyP|gzSFA3
ziR9#7?%f*F*0#HC$r6Ps;Mgvt9ezE4DT_xYJ?nXTx~1%F^b4wEtlxlNsA|N{sxD48
zQeB)F)ts;={aL^-By7aW$`lSSj^(+^xma1*H2e!mYcbN?GHTQ{b+cq?Qk<`UR{lJ!
z5yM?CBCg>$iP_IWFR7nviPGrT4W-(-9bIbI0Qa?s@%m=&H5%2e%_C8xiCTX%L&R@0
zJIisX>Bj+j=p$P?U$nt`JvEt^UIXuDgIY%2*01Rt%0!aF%5g7r&MH{UV(~T_OLC?^
zz{HCb>!-z@LL%P>MH6Kp6t?s;4TN3~`ykbhM`oX_TP;^_w4<X}$D>!nqvNATN6$xZ
z2gBFTj$XPujsC{U!@-lmaCrFqwF_-jOWD;QWbGkWDmEpz*k-Wn9vmDP-q`(C`=e*S
zYp--K)`7|!Np7axh1})F(gf$g!OyJo7K5shH=_^+8G}hE6{a_j<!MfXkc!Zxu^Do}
zGh`~^pb&S&C}FM)GdjJT(Ps^AZDAuZ6)B~6TC(`XixQ@CM56A(W@W7#6ovJ7VaxTN
zJDoR*yqPx|v}>;hTGvqA6<e=chzRcUu6D$JYxI{x8OwwsnI&bRcIOLEvfR}ISJyFb
zDh@4FRxwaVbt-~eonn$~Gnu2}wU8Mms^(H$6s5RWA!VsWLgmD4TrCMg(lmCuhDJUj
zF`Y75ui2fXN3Re}DgD|aMU=j7Jr+#S+XM`#U)ECl>yut5es;xhzQm)mzlMjC^DyyL
zvv2`<+Yg8bM;_F-=@nolUFR40UC2kTQx9~L!Rwzep+EB=$WmLpU?I<MEPtsu3WZUA
z`n@#s#;ko4So;8nyFQVq(UyE|)pLJlLH7>C%64vJrvdk%P1<&rWc8$$-`e(cWorNH
z`5VN+JuT=uJoG=MGr2R4hQ_JXm+S=vr*cOf-08zf$Y{3H=##bd<pT{GKlOH2Ck}Mq
z&`)LFJ1Wtc?tCyzx6W3s4O6YS58`z#g%4^5_B*BG&x4$Jy7Vj<T!WsL3h{MW1k5sR
zq(-Wlp_O(L?v3@KL5gP$yJ!P+906bbZM<QE_cVWv{JoTg=O+T%Pnprf#pinM_2Bv7
z(J`I24Ub;HM-u!9@172Z1Ndm|eWc@n>&k({myhA&I1>IR7SLqd%$T(_QyqBz?8UQV
z=+xZYs(Ji1T&(%@HFSBK*(#MbdRDm_8;<OJVmLT_{9;h~6XSy4e>yvz{iWZ3c6Rr6
zEAUs&|Nryfe}3-Z`;tz*fAPq>da0+~)#FP&+`hz<?dl&qbpG`d=jxw2Yc>bX)!#W|
bP7j!``u^3p8du|LY&?DdvmUf603-ka(dys(

literal 1514
zcmV<G1r_=qiwFR}@O@DL1MOICPuoZk&R6^^=1{ISRhl;lRB7oIL8`07OBJ~GLxqB4
zZ;}<xuDiP~MJN9I&F<Qcod!XB!0A+v0NJ}U&pbPCYY~Nh>?dm0sy&{xQFeBEwQg@~
zr`z4CwR_v$?X8YkPo>uBwl}xCsMhJ#+MRB1r(J{IBXY_mk;)eUwYeWmsrX9SEqd{^
zx7~U9^5s)-dP0e^{0|3v2S<ZP@o`7~JDZ*DrTlMh^|orzeiSxK@{8wx4|7kLqJggn
z_>f2<z@Pe*Nd-QG!-KsK5K=(`#l^Mrmn4%Uf(aM!iL#JiN!SY%{Yu~<(?P2cID!ge
z{9^1&f(v5mGb(*WIg^g!Fh>^(f6=F;Y#I@WeJQWF2*D2oml6=7WY%<?lUP6aQG{L!
zyd`jkOLT%@b21;JYp$QCNQ}W$@FWKGqyh7zAleze$3#fZV2)J)Gat_($dpP&1aiKj
zY6kBFB`icY7#iehKo}QuKT1`FAqP$@ctFBLARF|B=Rg*CP6O(fU~mITphg1%jzI`i
z!vqZxCNv_*?3iORuJC-RQ^Vx8fcN2=Cm7FbU<6sCPe~M<9iEQ%_x1<FGff9I1jbnr
zNB4UZ-A+LJ(%Sk&l1`a+6cC|Ic8!5aKGOY4L=$Yh1o@Is9UKior%8HxZW1GnshUv<
za~>uLuUU<WA(SSdIaAiO8P8(F!6D6Qv+p={|HT`-_1Vp)l6!8SN0x<q4!hvaxKvH@
z&7a2@tbotmS5C9pBr0e+|8+P0|0JLP*@Mo@1N*pR{%`N}x=ZuFhp*NAe+qg12j<&p
zJ%8@Nb2#?rq;K24crWO!10n-KO`G@O$1V-D{)l7NSazCi{jLGH=))1cByf~P9$wFs
ziu<iro(tXHt#mH7=BWGzty>OcgcoDg4@1uMlKwq1(`WTbGWS2k|AFp3MEc3A&+>lI
z`_Do?>?MeR4|oq+hL3m|BKptYhiR=n)~$%p_F}YA_&2vBnr9cJ0c$xZlY|9^WrjA=
z<&U-HZNT5oT2=z18RwUtTP!!X0j_Dc*2>F6Z|9iWdQ>vrc;(!zbf2&ifrLFhh3{0o
zy5D$K9~(k+;^m5Eo$+T^S2M%u>7F<AYu3>2`G&Dwt7AVTk&>99FW&m;;Bc^irsvo2
z<OnXb@dbSPb1)ph1*5^GM!L|+{9U@RcYFXB<A?{BB-D#-yMhU)6Ka<_aQOb{{TX!D
z8|Z6oEga*tUgEWZJ9zLleU5-9OnDinlp>N$4Mw&tO+95wpWElJa;4(&ty)KK-Z=V4
z5S0jaTZqe%%jh-gS;RCK2T<yT%Es4Sm=ZOz9pEiGpiyc7Jm11}j3XjscbZzY?@i;Y
zdzr>pWm8Ff5zNr<U4*S#*;t3eS4!MroT-(K?VP`pv{BQR#uSU;H}E{1;1OZoA`2U4
zH<M@2z{^rOBHyqpr3Kbr7*1Yyg+Yc{NYKW{lAf&<nD~(-DWiG{iN|<bbWsK>($6dw
z&?{iyrq*g?r?Qt>HOyEaoqRYOeHfmco$Q|+jy?{Cr|(aW8=Gl>?_)e1yc-OMdxxhD
zXs2e#&U>3z%EG8vpN(S0VJGhH?pofu5mui^uiT`;(%0;6&QI6WvYV{Z8p}1-1b5fP
zzj+gugNn%aqd>!)!GsE_M%dosx<ErCm7r;OKV;KI7FkzxSctpEC}OS*vySeHie6D2
z2BTE4rcJ&#QX<I<RTN5e9{YkUhu&Z`T>DApYCd^kfTztd*DpH7Sk#GFpyD$ZIc92V
zwHPmIF}_MGr515Xire|VAz_e^#%8xjLrcV`QzE?eY<~3d<1`@najL)71dr11$^(uS
zh@WUM&|_h};D2>)ZGN*Sg6kz7o$XtAxC<UOo^nQG(1lFL34S1kng>H3W<2Tds#SE|
zpWt^VACsp(m|nu?A8=v+=0OmvyZ@F%-tHjnpHj)*RR0^Pq>@T1sicxhDygKBN-C+O
Ql3!N-0WfY{a{wp+0LAb0O8@`>

diff --git a/ldapauth/ldapauth.php b/ldapauth/ldapauth.php
index b87f669d..2c8f3eff 100755
--- a/ldapauth/ldapauth.php
+++ b/ldapauth/ldapauth.php
@@ -2,8 +2,9 @@
 /**
  * Name: LDAP Authenticate
  * Description: Authenticate a user against an LDAP directory
- * Version: 1.0
+ * Version: 1.1
  * Author: Mike Macgirvin <http://macgirvin.com/profile/mike>
+ * Author: aymhce
  */
  
 /**
@@ -17,8 +18,9 @@
  *
  * Optionally authenticates only if a member of a given group in the directory.
  *
- * The person must have registered with Friendica using the normal registration 
+ * By default, the person must have registered with Friendica using the normal registration 
  * procedures in order to have a Friendica user record, contact, and profile.
+ * However, it's possible with an option to automate the creation of a Friendica basic account.
  *
  * Note when using with Windows Active Directory: you may need to set TLS_CACERT in your site
  * ldap.conf file to the signing cert for your LDAP server. 
@@ -31,6 +33,7 @@
  *
  */
 
+require_once('include/user.php');
 
 
 function ldapauth_install() {
@@ -44,19 +47,13 @@ function ldapauth_uninstall() {
 
 
 function ldapauth_hook_authenticate($a,&$b) {
-	if(ldapauth_authenticate($b['username'],$b['password'])) {
-		$results = q("SELECT * FROM `user` WHERE `nickname` = '%s' AND `blocked` = 0 AND `verified` = 1 LIMIT 1",
-				dbesc($b['username'])
-		);
-		if(count($results)) {
-				$b['user_record'] = $results[0];
-				$b['authenticated'] = 1;
-		}
+	if(ldapauth_authenticate($b['username'],$b['password']) && is_existing_account($b['username'])) {
+		$b['user_record'] = $results[0];
+		$b['authenticated'] = 1;
 	}
 	return;
 }
 
-
 function ldapauth_authenticate($username,$password) {
 
     $ldap_server   = get_config('ldapauth','ldap_server');
@@ -65,7 +62,15 @@ function ldapauth_authenticate($username,$password) {
     $ldap_searchdn = get_config('ldapauth','ldap_searchdn');
     $ldap_userattr = get_config('ldapauth','ldap_userattr');
     $ldap_group    = get_config('ldapauth','ldap_group');
+	$ldap_autocreateaccount = get_config('ldapauth','ldap_autocreateaccount');
+	$ldap_autocreateaccount_emailattribute = get_config('ldapauth','ldap_autocreateaccount_emailattribute');
+	$ldap_autocreateaccount_nameattribute = get_config('ldapauth','ldap_autocreateaccount_nameattribute');
 
+	if(! strlen($ldap_autocreateaccount_emailattribute))
+		$ldap_autocreateaccount_emailattribute = "mail";
+	if(! strlen($ldap_autocreateaccount_nameattribute))
+		$ldap_autocreateaccount_nameattribute = "givenName";
+	
     if(! ((strlen($password))
             && (function_exists('ldap_connect'))
             && (strlen($ldap_server))))
@@ -98,9 +103,14 @@ function ldapauth_authenticate($username,$password) {
 
     if(! @ldap_bind($connect,$dn,$password))
         return false;
+		
+	$emailarray = @ldap_get_values($connect, $id, $ldap_autocreateaccount_emailattribute);
+	$namearray = @ldap_get_values($connect, $id, $ldap_autocreateaccount_nameattribute);
 
-    if(! strlen($ldap_group))
+    if(! strlen($ldap_group)){
+		ldap_autocreateaccount($ldap_autocreateaccount,$username,$password,$emailarray[0],$namearray[0]);
         return true;
+	}
 
     $r = @ldap_compare($connect,$ldap_group,'member',$dn);
     if ($r === -1) {
@@ -126,5 +136,30 @@ function ldapauth_authenticate($username,$password) {
         return false;
     }
 
+	ldap_autocreateaccount($ldap_autocreateaccount,$username,$password,$emailarray[0],$namearray[0]);
     return true;
 }
+
+function ldap_autocreateaccount($ldap_autocreateaccount,$username,$password,$email,$name) {
+	if($ldap_autocreateaccount == "true" && !is_existing_account($username)){
+		if (strlen($email) > 0 && strlen($name) > 0){
+			$arr = array('username'=>$name,'nickname'=>$username,'email'=>$email,'password'=>$password,'verified'=>1);
+			$result = create_user($arr);
+			if ($result['success']){
+				logger("ldapauth: account " . $username . " created");
+			}else{
+				logger("ldapauth: account " . $username . " was not created ! : " . implode($result));
+			}
+		}else{
+			logger("ldapauth: unable to create account, no email or nickname found");
+		}
+	}
+}
+
+function is_existing_account($username){
+	$results = q("SELECT * FROM `user` WHERE `nickname` = '%s' AND `blocked` = 0 AND `verified` = 1 LIMIT 1",$username);
+	if(count($results)) {
+		return true;
+	}
+	return false;
+}