attributes['username'] is required

plugins/LdapAuthentication/LdapAuthenticationPlugin.php

@@ -189,7 +189,6 @@ class LdapAuthenticationPlugin extends AuthenticationPlugin
         }
         $filter = Net_LDAP2_Filter::create($this->attributes['username'], 'equals',  $username);
         $options = array(
-            'scope' => 'sub',
             'attributes' => $attributes
         );
         $search = $ldap->search(null,$filter,$options);

plugins/LdapAuthorization/LdapAuthorizationPlugin.php

@@ -50,6 +50,7 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin
     public $uniqueMember_attribute = null;
     public $roles_to_groups = null;
     public $login_group = null;
+    public $attributes = array();
 
     function onInitializePlugin(){
         parent::onInitializePlugin();
@@ -68,6 +69,9 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin
         if(!isset($this->roles_to_groups)){
             throw new Exception("roles_to_groups must be set.");
         }
+        if(!isset($this->attributes['username'])){
+            throw new Exception("username attribute must be set.");
+        }
     }
 
     //---interface implementation---//
@@ -86,7 +90,7 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin
                             }
                         }
                     }else{
-                        if($this->isMemberOfGroup($entry->dn(),login_group)){
+                        if($this->isMemberOfGroup($entry->dn(),$this->login_group)){
                             return true;
                         }
                     }
@@ -143,7 +147,7 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin
         }
     }
 
-        function ldap_get_config(){
+    function ldap_get_config(){
         $config = array();
         $keys = array('host','port','version','starttls','binddn','bindpw','basedn','options','filter','scope');
         foreach($keys as $key){
@@ -187,7 +191,6 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin
         }
         $filter = Net_LDAP2_Filter::create($this->attributes['username'], 'equals',  $username);
         $options = array(
-            'scope' => 'sub',
             'attributes' => $attributes
         );
         $search = $ldap->search(null,$filter,$options);

plugins/LdapAuthorization/README

@@ -45,6 +45,9 @@ filter: Default search filter.
 scope: Default search scope.
     See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
 
+attributes: an array that relates StatusNet user attributes to LDAP ones
+    username*: LDAP attribute value entered when authenticating to StatusNet
+
 * required
 default values are in (parenthesis)
 
@@ -72,7 +75,7 @@ addPlugin('ldapAuthentication', array(
 addPlugin('ldapAuthorization', array(
     'provider_name'=>'Example',
     'authoritative'=>false,
-    'uniqueMember_attribute'=>'uniqueMember',
+    'uniqueMember_attribute'=>'member',
     'roles_to_groups'=> array(
         'moderator'=>'CN=SN-Moderators,OU=Users,OU=StatusNet,OU=US,DC=americas,DC=global,DC=loc',
         'administrator'=> array('CN=System-Adminstrators,OU=Users,OU=StatusNet,OU=US,DC=americas,DC=global,DC=loc',
@@ -81,6 +84,8 @@ addPlugin('ldapAuthorization', array(
     'binddn'=>'username',
     'bindpw'=>'password',
     'basedn'=>'OU=Users,OU=StatusNet,OU=US,DC=americas,DC=global,DC=loc',
-    'host'=>array('server1', 'server2')
+    'host'=>array('server1', 'server2'),
+    'attributes'=>array(
+        'username'=>'sAMAccountName')
 ));