Add login_group configuration option so only members of a certain group can login

plugins/LdapAuthorization/LdapAuthorizationPlugin.php

@@ -49,6 +49,7 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin
     public $provider_name = null;
     public $uniqueMember_attribute = null;
     public $roles_to_groups = null;
+    public $login_group = null;
 
     function onInitializePlugin(){
         parent::onInitializePlugin();
@@ -77,8 +78,23 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin
         if($user_username->find() && $user_username->fetch()){
             $entry = $this->ldap_get_user($user_username->username);
             if($entry){
+                if(isset($this->login_group)){
+                    if(is_array($this->login_group)){
+                        foreach($this->login_group as $group){
+                            if($this->isMemberOfGroup($entry->dn(),$group)){
+                                return true;
+                            }
+                        }
+                    }else{
+                        if($this->isMemberOfGroup($entry->dn(),login_group)){
+                            return true;
+                        }
+                    }
+                    return null;
+                }else{
                     //if a user exists, we can assume he's allowed to login
                     return true;
+                }
             }else{
                 return null;
             }

plugins/LdapAuthorization/README

@@ -18,6 +18,8 @@ uniqueMember_attribute ('uniqueMember')*: the attribute of a group
     that lists the DNs of its members
 roles_to_groups*: array that maps StatusNet roles to LDAP groups
     some StatusNet roles are: moderator, administrator, sandboxed, silenced
+login_group: if this is set to a group DN, only members of that group will be
+    allowed to login
     
 The below settings must be exact copies of the settings used for the
     corresponding LDAP Authentication plugin.