History log of /plugin/pureldap/auth.php (Results 1 – 15 of 15)
Revision Date Author Comments
# fb75804e 17-Jul-2025 Andreas Gohr <gohr@cosmocode.de>

Parse AD bind error messages for more info for the user

This is mainly to tell users when their password expired or needs to be
changed.


# 208fe81a 05-Dec-2023 Andreas Gohr <andi@splitbrain.org>

automatic code style fixes


# 0f498d06 03-Aug-2023 Andreas Gohr <andi@splitbrain.org>

implement password expiry warnings. fixes #4


# 08ace392 02-Aug-2023 Andreas Gohr <andi@splitbrain.org>

support password changes

Internally this also changes the behviour to stay authenticated as the
actual user if the user logged in. This is needed to allow self-service
password changes.

This commit

support password changes

Internally this also changes the behviour to stay authenticated as the
actual user if the user logged in. This is needed to allow self-service
password changes.

This commit also contains a few cleanups.

show more ...


# 49b4734a 21-Jul-2021 Andreas Gohr <andi@splitbrain.org>

remove basically unused filter converter


# 5da7f46b 21-Jul-2021 Andreas Gohr <andi@splitbrain.org>

remove commented default methods


# 22654fde 21-Jul-2021 Andreas Gohr <andi@splitbrain.org>

disable logout for SSO setups


# bf69b89c 21-Jul-2021 Andreas Gohr <andi@splitbrain.org>

first go at SSO

This basically copies the functionality from authAD


# a1128cc0 08-Jul-2021 Andreas Gohr <andi@splitbrain.org>

rework username handling

Background Info
---------------

Active Directory has at least three different way how users are
identified:

1) sAMAccountName: user

The sAMAccountName is what users usual

rework username handling

Background Info
---------------

Active Directory has at least three different way how users are
identified:

1) sAMAccountName: user

The sAMAccountName is what users usually know as their username. It's
what they usually log in with on their workstation. It is however
lacking the actual domain to which to login. Typically it is prefixed by
a netbios domain for login. Eg. DOMAIN\user

Note: The samaccount name is also limited to 20 characters because of
legacy reasons.

2) userPrincipalName: user@domain.something

The userPrincipalName contains something that looks like a domain. But
it may be actually different to the Domain managed by the AD. Because
of... reasons? See https://serverfault.com/a/928116

3) bind ID: user@domain.ext

Now, loggin in (eg. doing a LDAP bind) can use different mechanisms. The
userPrincipalName works, user@domain (different from the UPN) should
work too.

DokuWiki requirements:
----------------------

In DokuWiki we need a unique username, that stays the same on every
login. (logging in with or without the domain part should identify the
same user).

We also need this name to be usable to run additional LDAP queries. Eg.
find groups with this user name.

We also want users to be able to login without having to type the domain
part.

This patch
----------

So with this patch we use the samaccount name to identify a user. For
logging in, we add the configured account suffix (aka the domain). After
that we only use the domainless user name everywhere.

In a future update we may (re)introduce the multidomain support from
authAD. When we do, this will probably force us to use the suffix part
in the usernames to different different domain users (something the
authAD plugin doesn't do which is probably wrong). But for most people
the single suffix approach should be fine.

show more ...


# 6d90d5c8 07-Jul-2021 Andreas Gohr <andi@splitbrain.org>

some cleanup for the options


# 85916a2d 29-Mar-2020 Andreas Gohr <andi@splitbrain.org>

actually use the bulk retrieval in usermanager


# b21740b4 29-Mar-2020 Andreas Gohr <andi@splitbrain.org>

added bulk data retrieval


# 5a3b9122 27-Mar-2020 Andreas Gohr <andi@splitbrain.org>

added group reading


# 1078ec26 27-Mar-2020 Andreas Gohr <andi@splitbrain.org>

first working login with active directory


# 79f39653 26-Mar-2020 Andreas Gohr <andi@splitbrain.org>

wizard generated