Add login_group configuration option so only members of a certain group can login
This commit is contained in:
parent
d07df8a796
commit
44c7813ac1
|
@ -49,6 +49,7 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin
|
|||
public $provider_name = null;
|
||||
public $uniqueMember_attribute = null;
|
||||
public $roles_to_groups = null;
|
||||
public $login_group = null;
|
||||
|
||||
function onInitializePlugin(){
|
||||
parent::onInitializePlugin();
|
||||
|
@ -77,8 +78,23 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin
|
|||
if($user_username->find() && $user_username->fetch()){
|
||||
$entry = $this->ldap_get_user($user_username->username);
|
||||
if($entry){
|
||||
if(isset($this->login_group)){
|
||||
if(is_array($this->login_group)){
|
||||
foreach($this->login_group as $group){
|
||||
if($this->isMemberOfGroup($entry->dn(),$group)){
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}else{
|
||||
if($this->isMemberOfGroup($entry->dn(),login_group)){
|
||||
return true;
|
||||
}
|
||||
}
|
||||
return null;
|
||||
}else{
|
||||
//if a user exists, we can assume he's allowed to login
|
||||
return true;
|
||||
}
|
||||
}else{
|
||||
return null;
|
||||
}
|
||||
|
|
|
@ -18,6 +18,8 @@ uniqueMember_attribute ('uniqueMember')*: the attribute of a group
|
|||
that lists the DNs of its members
|
||||
roles_to_groups*: array that maps StatusNet roles to LDAP groups
|
||||
some StatusNet roles are: moderator, administrator, sandboxed, silenced
|
||||
login_group: if this is set to a group DN, only members of that group will be
|
||||
allowed to login
|
||||
|
||||
The below settings must be exact copies of the settings used for the
|
||||
corresponding LDAP Authentication plugin.
|
||||
|
|
Loading…
Reference in New Issue
Block a user