oldkid/friendica-addons
1
0
Fork 0
forked from friendica/friendica-addons
Code Pull requests Activity

automated creation of Friendica basic account

Browse source
This commit is contained in:
Développeur égaré 2015-02-04 00:35:24 +01:00
parent 8c96978e2c
commit 4020bf861e
2 changed files with 47 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

BIN
ldapauth.tgz
View file

Binary file not shown.

55
ldapauth/ldapauth.php
View file

@ -2,8 +2,9 @@
/** /**
* Name: LDAP Authenticate * Name: LDAP Authenticate
* Description: Authenticate a user against an LDAP directory * Description: Authenticate a user against an LDAP directory
* Version: 1.0 * Version: 1.1
* Author: Mike Macgirvin <http://macgirvin.com/profile/mike> * Author: Mike Macgirvin <http://macgirvin.com/profile/mike>
* Author: aymhce
*/ */
/** /**
@ -17,8 +18,9 @@
* *
* Optionally authenticates only if a member of a given group in the directory. * Optionally authenticates only if a member of a given group in the directory.
* *
* The person must have registered with Friendica using the normal registration * By default, the person must have registered with Friendica using the normal registration
* procedures in order to have a Friendica user record, contact, and profile. * procedures in order to have a Friendica user record, contact, and profile.
* However, it's possible with an option to automate the creation of a Friendica basic account.
* *
* Note when using with Windows Active Directory: you may need to set TLS_CACERT in your site * Note when using with Windows Active Directory: you may need to set TLS_CACERT in your site
* ldap.conf file to the signing cert for your LDAP server. * ldap.conf file to the signing cert for your LDAP server.
@ -31,6 +33,7 @@
* *
*/ */
require_once('include/user.php');
function ldapauth_install() { function ldapauth_install() {
@ -44,19 +47,13 @@ function ldapauth_uninstall() {
function ldapauth_hook_authenticate($a,&$b) { function ldapauth_hook_authenticate($a,&$b) {
if(ldapauth_authenticate($b['username'],$b['password'])) { if(ldapauth_authenticate($b['username'],$b['password']) && is_existing_account($b['username'])) {
$results = q("SELECT * FROM `user` WHERE `nickname` = '%s' AND `blocked` = 0 AND `verified` = 1 LIMIT 1",
dbesc($b['username'])
);
if(count($results)) {
$b['user_record'] = $results[0]; $b['user_record'] = $results[0];
$b['authenticated'] = 1; $b['authenticated'] = 1;
} }
}
return; return;
} }
function ldapauth_authenticate($username,$password) { function ldapauth_authenticate($username,$password) {
$ldap_server = get_config('ldapauth','ldap_server'); $ldap_server = get_config('ldapauth','ldap_server');
@ -65,6 +62,14 @@ function ldapauth_authenticate($username,$password) {
$ldap_searchdn = get_config('ldapauth','ldap_searchdn'); $ldap_searchdn = get_config('ldapauth','ldap_searchdn');
$ldap_userattr = get_config('ldapauth','ldap_userattr'); $ldap_userattr = get_config('ldapauth','ldap_userattr');
$ldap_group = get_config('ldapauth','ldap_group'); $ldap_group = get_config('ldapauth','ldap_group');
$ldap_autocreateaccount = get_config('ldapauth','ldap_autocreateaccount');
$ldap_autocreateaccount_emailattribute = get_config('ldapauth','ldap_autocreateaccount_emailattribute');
$ldap_autocreateaccount_nameattribute = get_config('ldapauth','ldap_autocreateaccount_nameattribute');
if(! strlen($ldap_autocreateaccount_emailattribute))
$ldap_autocreateaccount_emailattribute = "mail";
if(! strlen($ldap_autocreateaccount_nameattribute))
$ldap_autocreateaccount_nameattribute = "givenName";
if(! ((strlen($password)) if(! ((strlen($password))
&& (function_exists('ldap_connect')) && (function_exists('ldap_connect'))
@ -99,8 +104,13 @@ function ldapauth_authenticate($username,$password) {
if(! @ldap_bind($connect,$dn,$password)) if(! @ldap_bind($connect,$dn,$password))
return false; return false;
if(! strlen($ldap_group)) $emailarray = @ldap_get_values($connect, $id, $ldap_autocreateaccount_emailattribute);
$namearray = @ldap_get_values($connect, $id, $ldap_autocreateaccount_nameattribute);
if(! strlen($ldap_group)){
ldap_autocreateaccount($ldap_autocreateaccount,$username,$password,$emailarray[0],$namearray[0]);
return true; return true;
}
$r = @ldap_compare($connect,$ldap_group,'member',$dn); $r = @ldap_compare($connect,$ldap_group,'member',$dn);
if ($r === -1) { if ($r === -1) {
@ -126,5 +136,30 @@ function ldapauth_authenticate($username,$password) {
return false; return false;
} }
ldap_autocreateaccount($ldap_autocreateaccount,$username,$password,$emailarray[0],$namearray[0]);
return true; return true;
} }
function ldap_autocreateaccount($ldap_autocreateaccount,$username,$password,$email,$name) {
if($ldap_autocreateaccount == "true" && !is_existing_account($username)){
if (strlen($email) > 0 && strlen($name) > 0){
$arr = array('username'=>$name,'nickname'=>$username,'email'=>$email,'password'=>$password,'verified'=>1);
$result = create_user($arr);
if ($result['success']){
logger("ldapauth: account " . $username . " created");
}else{
logger("ldapauth: account " . $username . " was not created ! : " . implode($result));
}
}else{
logger("ldapauth: unable to create account, no email or nickname found");
}
}
}
function is_existing_account($username){
$results = q("SELECT * FROM `user` WHERE `nickname` = '%s' AND `blocked` = 0 AND `verified` = 1 LIMIT 1",$username);
if(count($results)) {
return true;
}
return false;
}