Use Net_LDAP3::domain_root_dn() to resolve the domain DN for the %dc variable; replaces PR #268
| | |
|---|
| | | // DN and password to bind as before searching for bind DN, if anonymous search is not allowed |
|---|
| | | 'search_bind_dn' => '', |
|---|
| | | 'search_bind_pw' => '', |
|---|
| | | // Base DN and filter used for resolving the user's domain root DN which feeds the %dc variables |
|---|
| | | // Leave empty to skip this lookup and derive the root DN from the username domain |
|---|
| | | 'domain_base_dn' => '', |
|---|
| | | 'domain_filter' => '', |
|---|
| | | // Optional map of replacement strings => attributes used when binding for an individual address book |
|---|
| | | 'search_bind_attrib' => array(), // e.g. array('%udc' => 'ou') |
|---|
| | | // Default for %dn variable if search doesn't return DN value |
|---|
| | |
|---|
| | | } |
|---|
| | | |
|---|
| | | // Get the pieces needed for variable replacement. |
|---|
| | | if ($fu = $rcube->get_user_email()) |
|---|
| | | if ($fu = $rcube->get_user_email()) { |
|---|
| | | list($u, $d) = explode('@', $fu); |
|---|
| | | else |
|---|
| | | } |
|---|
| | | else { |
|---|
| | | $d = $this->mail_domain; |
|---|
| | | } |
|---|
| | | |
|---|
| | | $dc = 'dc='.strtr($d, array('.' => ',dc=')); // hierarchal domain string |
|---|
| | | |
|---|
| | | // resolve $dc through LDAP |
|---|
| | | if (!empty($this->prop['domain_filter']) && !empty($this->prop['search_bind_dn']) && |
|---|
| | | method_exists($this->ldap, 'domain_root_dn')) { |
|---|
| | | $this->ldap->bind($this->prop['search_bind_dn'], $this->prop['search_bind_pw']); |
|---|
| | | $dc = $this->ldap->domain_root_dn($d); |
|---|
| | | } |
|---|
| | | |
|---|
| | | $replaces = array('%dn' => '', '%dc' => $dc, '%d' => $d, '%fu' => $fu, '%u' => $u); |
|---|
| | | |
|---|
| | | // Search for the dn to use to authenticate |
|---|
