Lines Matching +full:check +full:- +full:pass -(+path:inc +path:lang) -(+path:lib +path:plugins +path:lang) -(+path:lib +path:tpl +path:dokuwiki +path:lang)

27  *   $conf['plugin']['authad']['admin_password']     = 'pass';
41  * @link    http://www.nosq.com/blog/2005/08/ldap-activedirectory-and-dokuwiki/
43  * @author  Jan Schumann <js@schumann-it.com>
86         $this->loadConfig();
89         if (isset($this->conf['additional'])) {
90             $this->conf['additional'] = str_replace(' ', '', $this->conf['additional']);
91             $this->conf['additional'] = explode(',', $this->conf['additional']);
92         } else $this->conf['additional'] = [];
96             if ($this->conf['debug'])
97                 msg("AD Auth: PHP LDAP extension not found.", -1);
98             $this->success = false;
103         if (!empty($INPUT->server->str('REMOTE_USER'))) {
105             if ($this->getConf('sso_charset')) {
106                 $INPUT->server->set(
108                     iconv($this->getConf('sso_charset'), 'UTF-8', $INPUT->server->str('REMOTE_USER'))
110             } elseif (!Clean::isUtf8($INPUT->server->str('REMOTE_USER'))) {
111                 $INPUT->server->set('REMOTE_USER', utf8_encode($INPUT->server->str('REMOTE_USER')));
115             if ($this->conf['sso']) {
116                 $INPUT->server->set('REMOTE_USER', $this->cleanUser($INPUT->server->str('REMOTE_USER')));
120                     $INPUT->set('u', $INPUT->server->str('REMOTE_USER'));
121                     $INPUT->set('p', 'sso_only');
126         // other can do's are changed in $this->_loadServerConfig() base on domain setup
127         $this->cando['modName'] = (bool)$this->conf['update_name'];
128         $this->cando['modMail'] = (bool)$this->conf['update_mail'];
129         $this->cando['getUserCount'] = true;
133      * Load domain config on capability check
142         $domain = $this->getUserDomain($INPUT->server->str('REMOTE_USER'));
143         $this->loadServerConfig($domain);
148      * Check user+password [required auth function]
156      * @param string $pass
159     public function checkPass($user, $pass)
163             $INPUT->server->str('REMOTE_USER') == $user &&
164             $this->conf['sso']
167         $adldap = $this->initAdLdap($this->getUserDomain($user));
171             return $adldap->authenticate($this->getUserName($user), $pass);
200      * @param bool $requireGroups (optional) - ignored, groups are always supplied by this plugin
209         $adldap = $this->initAdLdap($this->getUserDomain($user));
216         $fields = array_merge($fields, $this->conf['additional']);
221         $result = $adldap->user()->info($this->getUserName($user), $fields);
233         $info['lastpwd'] = $result[0]['pwdlastset'][0] / 10_000_000 - 11_644_473_600;
238         foreach ($this->conf['additional'] as $field) {
245         $info['grps'] = $adldap->user()->groups($this->getUserName($user), (bool) $this->opts['recursive_groups']);
249                 $info['grps'][$ndx] = $this->cleanGroup($group);
261         $domain = $this->getUserDomain($user);
262         if ($domain && !in_array("domain-$domain", $info['grps'])) {
263             $info['grps'][] = $this->cleanGroup("domain-$domain");
266         // check expiry time
267         if ($info['expires'] && $this->conf['expirywarn']) {
269                 $expiry = $adldap->user()->passwordExpiry($user);
272                     $info['expiresin'] = round(($info['expiresat'] - time()) / (24 * 60 * 60));
276                         ($INPUT->server->str('REMOTE_USER') == $user) &&
277                         ($info['expiresin'] <= $this->conf['expirywarn']) &&
278                         !$this->msgshown
280                         $msg = sprintf($this->getLang('authpwdexpire'), $info['expiresin']);
281                         if ($this->canDo('modPass')) {
286                         $this->msgshown = true;
341             (!isset($this->conf[$domain]) || !is_array($this->conf[$domain])) &&
342             $this->conf['account_suffix'] !== ''
353      * Most values in LDAP are case-insensitive
363      * Create a Search-String useable by adLDAPUsers::all($includeDescription = false, $search = "*", $sorted = true)
373         $adldapUtils = new adLDAPUtils($this->initAdLdap(null));
376             $result .= ')(displayname=*' . $adldapUtils->ldapSlashes($filter['name']) . '*';
381             $result .= ')(samAccountName=*' . $adldapUtils->ldapSlashes($filter['user']) . '*';
386             $result .= ')(mail=*' . $adldapUtils->ldapSlashes($filter['mail']) . '*';
400         $adldap = $this->initAdLdap(null);
403             return -1;
406             $result = $adldap->user()->all();
408             $searchString = $this->constructSearchString($filter);
409             $result = $adldap->user()->all(false, $searchString);
411                 $this->users = array_fill_keys($result, false);
414                 $usermanager->setLastdisabled(true);
415                 if (!isset($this->grpsusers[$this->filterToString($filter)])) {
416                     $this->fillGroupUserArray($filter, $usermanager->getStart() + 3 * $usermanager->getPagesize());
418                     count($this->grpsusers[$this->filterToString($filter)]) <
419                     $usermanager->getStart() + 3 * $usermanager->getPagesize()
421                     $this->fillGroupUserArray(
423                         $usermanager->getStart() +
424                         3 * $usermanager->getPagesize() -
425                         count($this->grpsusers[$this->filterToString($filter)])
428                 $result = $this->grpsusers[$this->filterToString($filter)];
432                 $usermanager->setLastdisabled(false);
453             $result .= 'user-' . $filter['user'];
456             $result .= 'name-' . $filter['name'];
459             $result .= 'mail-' . $filter['mail'];
462             $result .= 'grps-' . $filter['grps'];
469      * to a certain group and save them to a object-wide array. If the array
478         if (isset($this->grpsusers[$this->filterToString($filter)])) {
479             $actualstart = count($this->grpsusers[$this->filterToString($filter)]);
481             $this->grpsusers[$this->filterToString($filter)] = [];
487         $this->constructPattern($filter);
488         foreach ($this->users as $user => &$info) {
493                 $info = $this->getUserData($user);
495             if ($this->filter($user, $info)) {
496                 $this->grpsusers[$this->filterToString($filter)][$user] = $info;
515         $adldap = $this->initAdLdap(null);
518         //if (!$this->users) {
520             $result = $adldap->user()->all(false, $this->constructSearchString($filter));
522             $this->users = array_fill_keys($result, false);
532             $usermanager->setLastdisabled(false);
533             $this->constructPattern($filter);
534             foreach ($this->users as $user => &$info) {
539                     $info = $this->getUserData($user);
547             $usermanager->setLastdisabled(true);
549                 !isset($this->grpsusers[$this->filterToString($filter)]) ||
550                 count($this->grpsusers[$this->filterToString($filter)]) < ($start + $limit)
552                 if (!isset($this->grpsusers[$this->filterToString($filter)])) {
553                     $this->grpsusers[$this->filterToString($filter)] = [];
556                 $this->fillGroupUserArray(
558                     $start + $limit - count($this->grpsusers[$this->filterToString($filter)]) + 1
561             if (!$this->grpsusers[$this->filterToString($filter)]) return [];
562             foreach ($this->grpsusers[$this->filterToString($filter)] as $user => &$info) {
583         $adldap = $this->initAdLdap($this->getUserDomain($user));
585             msg($this->getLang('connectfail'), -1);
590         if (isset($changes['pass'])) {
592                 $return = $adldap->user()->password($this->getUserName($user), $changes['pass']);
594                 if ($this->conf['debug']) msg('AD Auth: ' . $e->getMessage(), -1);
597             if (!$return) msg($this->getLang('passchangefail'), -1);
614                 $return &= $adldap->user()->modify($this->getUserName($user), $adchanges);
616                 if ($this->conf['debug']) msg('AD Auth: ' . $e->getMessage(), -1);
619             if (!$return) msg($this->getLang('userchangefail'), -1);
628      * When you pass null as domain, it will reuse any existing domain.
637         if (is_null($domain) && is_array($this->opts)) {
638             $domain = $this->opts['domain'];
641         $this->opts = $this->loadServerConfig((string) $domain);
642         if (isset($this->adldap[$domain])) return $this->adldap[$domain];
646             $this->adldap[$domain] = new adLDAP($this->opts);
647             return $this->adldap[$domain];
649             if ($this->conf['debug']) {
650                 msg('AD Auth: ' . $e->getMessage(), -1);
652             $this->success         = false;
653             $this->adldap[$domain] = null;
680         if ($this->conf['account_suffix'] !== '') {
695         $opts = $this->conf;
700         if ($domain && is_array($this->conf[$domain] ?? '')) foreach ($this->conf[$domain] as $key => $val) {
720             $this->cando['modPass'] = true;
722             $this->cando['modPass'] = false;
725         // adLDAP expects empty user/pass as NULL, we're less strict FS#2781
731             $this->cando['getUsers'] = true;
733             $this->cando['getUsers'] = false;
749         if (empty($this->conf['account_suffix'])) return $domains; // not configured yet
752         $domains[''] = ltrim($this->conf['account_suffix'], '@');
755         foreach ($this->conf as $key => $val) {
766      * Check provided user and userinfo for matching patterns
768      * The patterns are set up with $this->_constructPattern()
778         foreach ($this->pattern as $item => $pattern) {
791      * Create a pattern for $this->_filter()
799         $this->pattern = [];
801             $this->pattern[$item] = '/' . str_replace('/', '\/', $pattern) . '/i'; // allow regex characters