kawaiipunk/laipower
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
KawaiiPunk
2020-04-07 13:03:04 +00:00
committed by Gitium
commit 00f842d9bf
1673 changed files with 471161 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
wp-content/mu-plugins/LICENSE.md Normal file
View File

@ -0,0 +1,7 @@
Copyright <YEAR> <COPYRIGHT HOLDER>
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

95
wp-content/mu-plugins/README.md Normal file
View File

@ -0,0 +1,95 @@
# authLDAP
[![Join the chat at https://gitter.im/heiglandreas/authLdap](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/heiglandreas/authLdap?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
Use your existing LDAP as authentication-backend for your wordpress!
[![Build Status](https://travis-ci.org/heiglandreas/authLdap.svg?branch=master)](https://travis-ci.org/heiglandreas/authLdap)
[![WordPress Stats](https://img.shields.io/wordpress/plugin/dt/authldap.svg)](https://wordpress.org/plugins/authldap/stats/)
[![WordPress Version](https://img.shields.io/wordpress/plugin/v/authldap.svg)](https://wordpress.org/plugins/authldap/)
[![WordPress testet](https://img.shields.io/wordpress/v/authldap.svg)](https://wordpress.org/plugins/authldap/)
[![Code Climate](https://codeclimate.com/github/heiglandreas/authLdap/badges/gpa.svg)](https://codeclimate.com/github/heiglandreas/authLdap)
[![Test Coverage](https://codeclimate.com/github/heiglandreas/authLdap/badges/coverage.svg)](https://codeclimate.com/github/heiglandreas/authLdap)
So what are the differences to other Wordpress-LDAP-Authentication-Plugins?
* **Flexible**: You are totaly free in which LDAP-backend to use. Due to the extensive configuration you can
freely decide how to do the authentication of your users. It simply depends on your
filters
* **Independent**: As soon as a user logs in, it is added/updated to the Wordpress' user-database
to allow wordpress to always use the correct data. You only have to administer your users once.
* **Failsafe**: Due to the users being created in Wordpress' User-database they can
also log in when the LDAP-backend currently is gone.
* **Role-Aware**: You can map Wordpress' roles to values of an existing LDAP-attribute.
## How does the plugin work?
Well, as a matter of fact it is rather simple. The plugin verifies, that the user
seeking authentification can bind to the LDAP using the provided password.
If that is so, the user is either created or updated in the wordpress-user-database.
This update includes the provided password (so the wordpress can authenticate users
even without the LDAP), the users name according to the authLDAP-preferences and
the status of the user depending on the groups-settings of the authLDAP-preferences
Writing this plugin would not have been as easy as it has been, without the
wonderfull plugin of Alistair Young from http://www.weblogs.uhi.ac.uk/sm00ay/?p=45
## Configuration
### Usage Settings
* **Enable Authentication via LDAP** Whether you want to enable authLdap for login or not
* **debug authLdap** When you have problems with authentication via LDAP you can enable a debugging mode here.
* **Save entered Password** Decide whether passwords will be cached in your wordpress-installation. **Attention:** Without the cache your users will not be able to log into your site when your LDAP is down!
### Server Settings
* **LDAP Uri** This is the URI where your ldap-backend can be reached. More information are actually on the Configuration page
* **Filter** This is the real McCoy! The filter you define here specifies how a user will be found. Before applying the filter a %s will be replaced with the given username. This means, when a user logs in using foobar as username the following happens:
* **uid=%1$s** check for any LDAP-Entry that has an attribute uid with value foobar
* **(&(objectclass=posixAccount)(|(uid=%1$s)(mail=%1$s)))** check for any LDAP-Entry that has an attribute objectclass with value posixAccout and either a UID- or a mail-attribute with value foobar
This filter is rather powerfull if used wisely.
### Creating Users
* **Name-Attribute** Which Attribute from the LDAP contains the Full or the First name of the user trying to log in. This defaults to name
* **Second Name Attribute** If the above Name-Attribute only contains the First Name of the user you can here specify an Attribute that contains the second name. This field is empty by default
* **User-ID Attribute** This field will be used as login-name for wordpress. Please give the Attribute, that is used to identify the user. This should be the same as you used in the above Filter-Option. This field defaults to uid
* **Mail Attribute** Which Attribute holds the eMail-Address of the user? If more than one eMail-Address are stored in the LDAP, only the first given is used. This field defaults to mail
* **Web-Attribute** If your users have a personal page (URI) stored in the LDAP, it can be provided here. This field is empty by default
### User-Groups for Roles
* **Group-Attribute** This is the attribute that defines the Group-ID that can be matched against the Groups defined further down This field defaults to gidNumber.
* **Group-Filter** Here you can add the filter for selecting groups for the currentlly logged in user The Filter should contain the string %s which will be replaced by the login-name of the currently logged in
## FAQ
<dl>
<dt>Can I change a users password with this plugin?</dt>
<dd>Short Answer: <strong>No</strong>!<br>Long Answer: As the users credentials are not
only used for a wordpress-site when you authenticate against an LDAP but for
many other services also chances are great that there is a centralized place
where password-changes shall be made. We'll later allow inclusion of a link
to such a place but currently it's not available. And as password-hashing and
where to store it requires deeper insight into the LDAP-Server then most users
have and admins are willing to give, password changes are out of scope of this
plugin. If you know exactyl what you do, you might want to have a look at
<a href="https://github.com/heiglandreas/authLdap/issues/54#issuecomment-125851029">
issue 54</a>
wherer a way of adding it is described!
</dd>
<dt>Can I add a user to the LDAP when she creates a user-account on wordpress?</dt>
<dd>Short Answer: <strong>No</strong>!<br>Long Answer: Even though that is technically possible
it's not in the scope of this plugin. As creating a user in an LDAP often involves
an administrative process that has already been implemented in your departments
administration it doesn't make sense to rebuild that - in most cases highly
individual - process in this plugin. If you know exactly what you do, have a look at
<a href="https://github.com/heiglandreas/authLdap/issues/65">issue 65</a>
where <a href="https://github.com/wtfiwtz">wtfiwtz</a> shows how to implement that feature.
</dd>
</dl>

1
wp-content/mu-plugins/VERSION Normal file
View File

@ -0,0 +1 @@
2.3.1

28
wp-content/mu-plugins/Vagrantfile vendored Normal file
View File

@ -0,0 +1,28 @@
# -*- mode: ruby -*-
# vi: set ft=ruby :
$install_ldap = <<SCRIPT
export DEBIAN_FRONTEND=noninteractive
apt-get -yq update
apt-get -yq --no-install-suggests --no-install-recommends --force-yes install slapd ldap-utils apparmor-utils
sudo aa-complain /usr/sbin/slapd
SCRIPT
$setup_vagrant_user_environment = <<SCRIPT
if ! grep "cd /vagrant" /home/vagrant/.profile > /dev/null; then
echo "cd /vagrant" >> /home/vagrant/.profile
fi
SCRIPT
Vagrant.configure(2) do |config|
config.vm.box = 'bento/ubuntu-14.04'
config.vm.box_check_update = false
# LDAP port
config.vm.network 'forwarded_port', guest: 3890, host: 3890
config.vm.provision 'shell', inline: $install_ldap
config.vm.provision 'shell', privileged: false, inline: '/vagrant/.ci/OpenLDAP_run.sh', :run => 'always'
config.vm.provision 'shell', privileged: false, inline: '/vagrant/.ci/load_fixtures.sh', :run => 'always'
config.vm.provision 'shell', inline: $setup_vagrant_user_environment
end

95
wp-content/mu-plugins/build.xml Normal file
View File

@ -0,0 +1,95 @@
<?xml version="1.0" encoding="utf-8"?>
<project name="ajaxComments" default="build" basedir=".">
<php expression="include('vendor/autoload.php')"/>
<loadfile property = "version" file = "VERSION">
<filterchain>
<striplinebreaks/>
</filterchain>
</loadfile>
<target name="bumpversion">
<echo>Bumping version to ${version}</echo>
<reflexive>
<fileset dir=".">
<include name="index.php"/>
<include name="authLdap.php"/>
</fileset>
<filterchain>
<replaceregexp>
<regexp pattern="Version:.*" replace="Version: ${version}"/>
</replaceregexp>
</filterchain>
</reflexive>
</target>
<target name="build" depends="bumpversion,deploy.git,deploy.svn"/>
<target name="sync.svn">
<filesync
rsyncPath="rsync"
destinationDir="${project.basedir}/svn/trunk"
sourceDir="${project.basedir}/"
verbose="true"
excludeFile="${project.basedir}/.rsyncIgnore"
/>
</target>
<target name="deploy.svn" depends="sync.svn">
<property override="true" file="${project.basedir}/.svnAccess" prefix="svnaccess" />
<foreach param="dirname" target="svn.addFile">
<fileset dir="${project.basedir}/svn/trunk">
<include name="**/*"/>
</fileset>
</foreach>
<echo message="${svnaccess.username}"/>
<exec outputProperty="committedrevision" executable="svn" dir="${project.basedir}/svn/trunk">
<arg value="commit"/>
<arg value="--username"/>
<arg value="${svnaccess.username}"/>
<arg value="--password"/>
<arg value="${svnaccess.password}"/>
<arg value="--message"/>
<arg value="Bumps version to ${version}"/>
<arg value="--no-auth-cache"/>
<arg value="--quiet"/>
</exec>
<!--svncommit
username="${svnaccess.username}"
password="${svnaccess.password}"
workingcopy="${project.basedir}/svn"
message="Bumps version to ${version}"
nocache="true"
/-->
<echo message="Committed revision: ${committedrevision}"/>
</target>
<target name="svn.addFile">
<trycatch>
<try>
<svninfo workingcopy="${project.basedir}/svn/trunk/${dirname}"/>
</try>
<catch>
<exec command="svn add ${project.basedir}/svn/trunk/${dirname}"/>
<echo>${dirname}</echo>
</catch>
<finally>
</finally>
</trycatch>
<echo>${svn.info}</echo>
</target>
<target name="deploy.git">
<exec executable="git" dir=".">
<arg value="-m"/>
<arg value="Bumps version to ${version}"/>
</exec>
<exec executable="git" dir=".">
<arg value="tag"/>
<arg value="-s"/>
<arg value="-m"/>
<arg value="Version ${version}"/>
<arg value="${version}"/>
</exec>
<exec executable="git" dir=".">
<arg value="push"/>
<arg value="--tags"/>
<arg value="origin"/>
</exec>
</target>
</project>

41
wp-content/mu-plugins/composer.json Normal file
View File

@ -0,0 +1,41 @@
{
"name" : "org_heigl/authLdap",
"type" : "library",
"description": "Enables wordpress-authentication via LDAP",
"keywords": ["ldap","authenticate", "auth", "wordpress"],
"homepage": "http://github.com/heiglandreas/authLdap",
"license": "MIT",
"authors": [{
"name": "Andreas Heigl",
"email": "andreas@heigl.org",
"homepage": "http://andreas.heigl.org",
"role": "Developer"
}],
"require" : {
"php": ">=5.4",
"phing/phing": "^2.16"
},
"require-dev": {
"php-mock/php-mock": "^1.0",
"phpunit/phpunit": "~4.5",
"mockery/mockery": "0.9.*",
"codeclimate/php-test-reporter": "0.1.*",
"squizlabs/php_codesniffer": "~2.3",
"pear/versioncontrol_svn": "^0.5.2",
"pear/pear": "dev-master"
},
"autoload" : {
"classmap" : [
"ldap.php",
"authLdap.php"
],
"psr-4" : {
"Org_Heigl\\AuthLdap\\" : "src/"
}
},
"autoload-dev" : {
"psr-4" : {
"Org_Heigl\\AuthLdapTest\\" : "tests/"
}
}
}

67
wp-content/mu-plugins/docker-compose.yml Normal file
View File

@ -0,0 +1,67 @@
version: "3.5"
services:
wp:
# image: authldap:latest
build:
context: dockersetup
dockerfile: Dockerfile_wordpress
ports:
- 80:80 # change ip if required
volumes:
- ./config/php.conf.ini:/usr/local/etc/php/conf.d/conf.ini
- ./wp-app:/var/www/html # Full wordpress project
- .:/var/www/html/wp-content/plugins/authldap # Plugin development
#- ./theme-name/trunk/:/var/www/html/wp-content/themes/theme-name # Theme development
environment:
WORDPRESS_DB_HOST: db
WORDPRESS_DB_NAME: "wordpress"
WORDPRESS_DB_USER: root
WORDPRESS_DB_PASSWORD: "wppasswd"
depends_on:
- db
links:
- db
wpcli:
image: wordpress:cli
volumes:
- ./config/php.conf.ini:/usr/local/etc/php/conf.d/conf.ini
- ./wp-app:/var/www/html
depends_on:
- db
- wp
db:
image: mysql:latest # https://hub.docker.com/_/mysql/ - or mariadb https://hub.docker.com/_/mariadb
ports:
- 3306:3306 # change ip if required
command: [
'--default_authentication_plugin=mysql_native_password',
'--character-set-server=utf8mb4',
'--collation-server=utf8mb4_unicode_ci'
]
volumes:
- ./wp-data:/docker-entrypoint-initdb.d
- db_data:/var/lib/mysql
environment:
MYSQL_DATABASE: "wordpress"
MYSQL_ROOT_PASSWORD: "wppasswd"
openldap:
image: osixia/openldap:latest
# build:
# context: dockersetup
# dockerfile: Dockerfile_ldap
ports:
- 389:389
volumes:
- ./.ci/50-init.ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom/50-bootstrap.ldif
command: "--copy-service --loglevel debug"
restart: always
environment:
LDAP_LOG_LEVEL: "0"
LDAP_TLS: "false"
volumes:
db_data:

9
wp-content/mu-plugins/dockersetup/Dockerfile_wordpress Normal file
View File

@ -0,0 +1,9 @@
FROM wordpress:latest
RUN set -x \
&& apt-get update \
&& apt-get install -y libldap2-dev \
&& rm -rf /var/lib/apt/lists/* \
&& docker-php-ext-configure ldap --with-libdir=lib/x86_64-linux-gnu/ \
&& docker-php-ext-install ldap \
&& apt-get purge -y --auto-remove libldap2-dev

0
wp-content/mu-plugins/dockersetup/ldap/environment Normal file
View File

BIN
wp-content/mu-plugins/langs/wp_mail_smtp-he_IL.mo Normal file
View File

Binary file not shown.

BIN
wp-content/mu-plugins/langs/wp_mail_smtp-ja.mo Normal file
View File

Binary file not shown.

28
wp-content/mu-plugins/phpunit.travis.xml Normal file
View File

@ -0,0 +1,28 @@
<?xml version="1.0" encoding="UTF-8"?>
<phpunit bootstrap="vendor/autoload.php">
<testsuite name="authLdap Test-Suite">
<directory>tests</directory>
</testsuite>
<groups>
<exclude>
<group>disable</group>
</exclude>
</groups>
<listeners>
<listener class="\Mockery\Adapter\Phpunit\TestListener"></listener>
</listeners>
<filter>
<whitelist>
<directory suffix=".php">src</directory>
</whitelist>
</filter>
<logging>
<!--
Adapt these paths to your special needs
-->
<log type="coverage-text" target="php://stdout" showUncoveredFiles="false"/>
<log type="coverage-clover" target="build/logs/clover.xml" />
</logging>
</phpunit>

42
wp-content/mu-plugins/phpunit.xml.dist Normal file
View File

@ -0,0 +1,42 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
Document : phpunit.xml
Created on : 21.09.2010
Author : heiglandreas
-->
<phpunit bootstrap="vendor/autoload.php">
<testsuite name="authLdap Test-Suite">
<directory>tests</directory>
</testsuite>
<groups>
<exclude>
<group>disable</group>
</exclude>
</groups>
<listeners>
<!--listener class="\Mockery\Adapter\Phpunit\TestListener"></listener-->
</listeners>
<filter>
<whitelist>
<directory suffix=".php">src</directory>
</whitelist>
</filter>
<logging>
<log type="coverage-html" target="build/coverage" charset="UTF-8"
yui="true" highlight="false"
lowUpperBound="35" highLowerBound="70" />
<!--log type="coverage-xml" target="../report/coverage.xml"/-->
<!--log type="graphviz" target="../report/logfile.dot"/-->
<!--log type="json" target="../report/logfile.json"/-->
<!--log type="metrics-xml" target="../report/metrics.xml"/-->
<!--log type="plain" target="../report/logfile.txt"/-->
<!--log type="pmd-xml" target="../report/pmd.xml" cpdMinLines="5" cpdMinMatches="70"/-->
<!--log type="tap" target="../report/logfile.tap"/-->
<!--log type="test-xml" target="../report/logfile.xml" logIncompleteSkipped="false"/-->
<!--log type="testdox-html" target="../report/testdox.html"/-->
<!--log type="testdox-text" target="../report/testdox.txt"/-->
</logging>
</phpunit>

111
wp-content/mu-plugins/readme.txt Normal file
View File

@ -0,0 +1,111 @@
=== authLdap ===
Contributors: heiglandreas
Tags: ldap, auth, authentication, active directory, AD, openLDAP, Open Directory
Requires at least: 2.5.0
Tested up to: 5.2.0
Requires PHP: 5.6
Stable tag: trunk
License: MIT
License URI: https://opensource.org/licenses/MIT
Use your existing LDAP flexible as authentication backend for WordPress
== Description ==
Use your existing LDAP as authentication-backend for your wordpress!
So what are the differences to other Wordpress-LDAP-Authentication-Plugins?
* Flexible: You are totaly free in which LDAP-backend to use. Due to the extensive configuration you can freely decide how to do the authentication of your users. It simply depends on your filters
* Independent: As soon as a user logs in, it is added/updated to the Wordpress' user-database to allow wordpress to always use the correct data. You only have to administer your users once.
* Failsafe: Due to the users being created in Wordpress' User-database they can also log in when the LDAP-backend currently is gone.
* Role-Aware: You can map Wordpress' roles to values of an existing LDAP-attribute.
For more Information on the configuration have a look at https://github.com/heiglandreas/authLdap
== Installation ==
1. Upload the extracted folder `authLdap` to the `/wp-content/plugins/` directory
2. Activate the plugin through the 'Plugins' menu in WordPress
3. Configure the Plugin via the 'authLdap'-Configuration-Page.
== Frequently Asked Questions ==
= Where can I find more Informations about the plugin? =
Go to https://github.com/heiglandreas/authLdap
= Where can I report issues with the plugin? =
Please use the issuetracker at https://github.com/heiglandreas/authLdap/issues
== Changelog ==
= 2.3.0 =
* Allow to not overwrite existing WordPress-Users with LDAP-Users as that can be a security issue.
= 2.1.0 =
* Add search-base for groups. This might come in handy for multisite-instances
= 2.0.0 =
* This new release adds Multi-Site support. It will no longer be possible to use this plugin just in one subsite of a multisite installation!
* Adds a warning screen to the config-section when no LDAPextension could be found
* Fixes an issue with the max-length of the username
= 1.5.1 =
* Fixes an issue with escaped backslashes and quotes
= 1.5.0 =
* Allows parts of the LDAP-URI to be URLEncoded
* Drops support for PHP 5.4
= 1.4.20 =
* Allows multiple LDAP-servers to be queried (given that they use the same attributes)
* Fixes issue with URL-Encoded informations (see https://github.com/heiglandreas/authLdap/issues/108)
= 1.4.19 =
* Adds support for TLS
= 1.4.14 =
* Update to showing password-fields check (thanks to @chaplina)
= 1.4.13 =
* Removed generation of default email-address (thanks to @henryk)
* Fixes password-hashing when caching passwords (thanks to @litinoveweedle)
* Removes the possibility to reset a password for LDAP-based users (thanks to @chaplina)
* Removes the password-change-Email from 4.3 on (thanks to @litinoveweedle)
* Fixes double authentication-attempt (that resulted in failed authentication) (thanks to @litinoveweedle)
= 1.4.10 =
* Cleanup by removing deprecated code
* Fixes issues with undefined variables
* Enables internal option-versioning
* Setting users nickname initially to the realname instead of the uid
* Fixes display of password-change possibility in users profile-page
= 1.4.9 =
* Fixed an issue with changing display name on every login
* Use proper way of looking up user-roles in setups w/o DB-prefix
= 1.4.8 =
* Updated version string
= 1.4.7 =
* Use default user to retrieve group menberships and not logging in user.
* return the UID from the LDAP instead of the value given by the user
* remove unnecessary checkbox
* Adds a testsuite
* Fixes PSR2 violations
[…]
= 1.2.1 =
* Fixed an issue with group-ids
* Moved the code to GitHub (https://github.com/heiglandreas/authLdap)
= 1.1.0 =
* Changed the login-process. Now users that are not allowed to login due to
missing group-memberships are not created within your blog as was the standard
until Version 1.0.3 - Thanks to alex@tayts.com
* Changed the default mail-address that is created when no mail-address can be
retrieved from the LDAP from me@example.com to $username@example.com so that
a new user can be created even though the mail address already exists in your
blog - Also thanks to alex@tayts.com
* Added support for WordPress-Table-prefixes as the capabilities of a user
are interlany stored in a field that is named "$tablePrefix_capabilities" -
again thanks to alex@tayts.com and also to sim0n of silicium.mine.nu

BIN
wp-content/mu-plugins/screenshot-1.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 219 KiB

BIN
wp-content/mu-plugins/screenshot-2.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 201 KiB

BIN
wp-content/mu-plugins/screenshot-3.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 124 KiB

BIN
wp-content/mu-plugins/screenshot-4.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 50 KiB

87
wp-content/mu-plugins/src/LdapList.php Normal file
View File

@ -0,0 +1,87 @@
<?php
/**
* Copyright (c) Andreas Heigl<andreas@heigl.org>
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*
* @author Andreas Heigl<andreas@heigl.org>
* @copyright Andreas Heigl
* @license http://www.opensource.org/licenses/mit-license.php MIT-License
* @since 07.07.2016
* @link http://github.com/heiglandreas/authLDAP
*/
namespace Org_Heigl\AuthLdap;
class LdapList
{
/**
* @var \LDAP[]
*/
protected $items = [];
public function addLdap(LDAP $ldap)
{
$this->items[] = $ldap;
}
public function authenticate($username, $password, $filter = '(uid=%s)')
{
foreach ($this->items as $key => $item) {
if (! $item->authenticate($username, $password, $filter)) {
unset ($this->items[$key]);
continue;
}
return true;
}
return false;
}
public function bind()
{
$allFailed = true;
foreach ($this->items as $key => $item) {
try {
$item->bind();
} catch (\Exception $e) {
unset($this->items[$key]);
continue;
}
$allFailed = false;
}
if ($allFailed) {
throw new AuthLDAP_Exception('No bind successfull');
}
return true;
}
public function search($filter, $attributes = array('uid'), $base = '')
{
foreach ($this->items as $item) {
try {
$result = $item->search($filter, $attributes, $base);
return $result;
} catch (Exception $e) {
throw $e;
}
}
throw new \AuthLDAP_Exception('No Results found');
}
}

134
wp-content/mu-plugins/tests/LDAPBaseTest.php Normal file
View File

@ -0,0 +1,134 @@
<?php
/**
* Copyright (c) 2016-2016} Andreas Heigl<andreas@heigl.org>
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*
* @author Andreas Heigl<andreas@heigl.org>
* @copyright 2016-2016 Andreas Heigl
* @license http://www.opensource.org/licenses/mit-license.php MIT-License
* @version 0.0
* @since 07.06.2016
* @link http://github.com/heiglandreas/authLDAP
*/
namespace Org_Heigl\AuthLdapTest;
use Org_Heigl\AuthLdap\LDAP;
use Org_Heigl\AuthLdap\LdapList;
use phpmock\spy\Spy;
use PHPUnit_Framework_TestCase;
class LDAPBaseTest extends PHPUnit_Framework_TestCase
{
public function setUp()
{
$this->ldap_connect_spy = new Spy('Org_Heigl\AuthLdap', 'ldap_connect');
$this->ldap_connect_spy->enable();
}
public function tearDown()
{
$this->ldap_connect_spy->disable();
}
/** @dataProvider bindingWithPasswordProvider */
public function testThatBindingWithPasswordWorks($user, $password, $filter, $uri)
{
$ldap = new LDAP($uri);
$this->assertTrue($ldap->authenticate($user, $password, $filter));
}
public function bindingWithPasswordProvider()
{
return [
['user3', 'user!"', 'uid=%s', 'ldap://cn=Manager,dc=example,dc=com:insecure@127.0.0.1:3890/dc=example,dc=com'],
['Manager', 'insecure', 'cn=%s', 'ldap://cn=Manager,dc=example,dc=com:insecure@127.0.0.1:3890/dc=example,dc=com'],
['user1', 'user1', 'uid=%s', 'ldap://cn=Manager,dc=example,dc=com:insecure@127.0.0.1:3890/dc=example,dc=com'],
['user 4', 'user!"', 'uid=%s', 'ldap://cn=Manager,dc=example,dc=com:insecure@127.0.0.1:3890/dc=example,dc=com'],
['user 5', 'user!"', 'uid=%s', 'ldap://cn=Manager,dc=example,dc=com:insecure@127.0.0.1:3890/dc=test%20space,dc=example,dc=com'],
];
}
/**
* @param $uri
* @dataProvider initialBindingToLdapServerWorksProvider
*/
public function testThatInitialBindingWorks($uri)
{
$ldap = new LDAP($uri);
$this->assertInstanceof(LDAP::class, $ldap->bind());
}
/**
* @param $uri
* @dataProvider initialBindingToLdapServerWorksProvider
*/
public function testThatInitialBindingToMultipleLdapsWorks($uri)
{
$list = new LdapList();
$list->addLDAP(new LDAP($uri));
$this->assertTrue($list->bind());
}
public function initialBindingToLdapServerWorksProvider()
{
return [
['ldap://uid=user%205,dc=test%20space,dc=example,dc=com:user!"@localhost:3890/dc=test%20space,dc=example,dc=com'],
];
}
/** @dataProvider bindingWithPasswordProvider */
public function testThatBindingWithAddedSlashesFailsWorks($user, $password, $filter)
{
$newpassword = addslashes($password);
$ldap = new LDAP('ldap://cn=Manager,dc=example,dc=com:insecure@127.0.0.1:3890/dc=example,dc=com');
if ($newpassword === $password) {
$this->assertTrue($ldap->authenticate($user, $password, $filter));
} else {
$this->assertFalse($ldap->authenticate($user, $newpassword, $filter));
}
}
/** @dataProvider serchingForGroupsProvider */
public function testThatSearchingForGoupsWorks($filter, $user, $groups)
{
// (&(objectCategory=group)(member=<USER_DN>))
$ldap = new LDAP('ldap://cn=Manager,dc=example,dc=com:insecure@127.0.0.1:3890/dc=example,dc=com');
$ldap->bind();
$this->assertContains($groups, $ldap->search(sprintf($filter, $user), ['cn'])[0]);
}
public function serchingForGroupsProvider()
{
return [
[
'(&(objectclass=groupOfUniqueNames)(uniqueMember=%s))',
'uid=user 4,dc=example,dc=com',
['count' => 1, 0 => 'group4'],
],
];
}
public function testThatSettingLDAPSActuallyGivesTheCorrectPort()
{
$ldap = new LDAP('ldaps://cn=Manager,dc=example,dc=com:insecure@127.0.0.1/dc=example,dc=com');
$ldap->connect();
$this->assertEquals('ldaps://127.0.0.1:636', $this->ldap_connect_spy->getInvocations()[0]->getArguments()[0]);
}
}

66
wp-content/mu-plugins/tests/LDAPListBaseTest.php Normal file
View File

@ -0,0 +1,66 @@
<?php
/**
* Copyright (c) 2016-2016} Andreas Heigl<andreas@heigl.org>
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*
* @author Andreas Heigl<andreas@heigl.org>
* @copyright 2016-2016 Andreas Heigl
* @license http://www.opensource.org/licenses/mit-license.php MIT-License
* @version 0.0
* @since 07.06.2016
* @link http://github.com/heiglandreas/authLDAP
*/
namespace Org_Heigl\AuthLdapTest;
use Org_Heigl\AuthLdap\LDAP;
use PHPUnit_Framework_TestCase;
class LDAPListBaseTest extends PHPUnit_Framework_TestCase
{
/** @dataProvider bindingWithPasswordProvider */
public function testThatBindingWithPasswordWorks($user, $password, $filter)
{
require_once __DIR__ . '/../src/LdapList.php';
$ldaplist = new \Org_Heigl\AuthLdap\LdapList();
$ldaplist->addLdap(new LDAP('ldap://cn=Manager,dc=example,dc=com:insecure@127.0.0.1:3890/dc=example,dc=com'));
$this->assertTrue($ldaplist->authenticate($user, $password, $filter));
}
public function bindingWithPasswordProvider()
{
return [
['user3', 'user!"', 'uid=%s'],
['Manager', 'insecure', 'cn=%s'],
['user1', 'user1', 'uid=%s'],
];
}
/** @dataProvider bindingWithPasswordProvider */
public function testThatBindingWithAddedSlashesFailsWorks($user, $password, $filter)
{
$newpassword = addslashes($password);
require_once __DIR__ . '/../src/LdapList.php';
$ldaplist = new \Org_Heigl\AuthLdap\LdapList();
$ldaplist->addLdap(new LDAP('ldap://cn=Manager,dc=example,dc=com:insecure@127.0.0.1:3890/dc=example,dc=com'));
if ($newpassword === $password) {
$this->assertTrue($ldaplist->authenticate($user, $password, $filter));
} else {
$this->assertFalse($ldaplist->authenticate($user, $newpassword, $filter));
}
}
}

183
wp-content/mu-plugins/tests/LdapTest.php Normal file
View File

@ -0,0 +1,183 @@
<?php
/**
* $Id: LdapTest.php 292156 2010-09-21 19:32:01Z heiglandreas $
*
* authLdap - Authenticate Wordpress against an LDAP-Backend.
* Copyright (c) 2008 Andreas Heigl<andreas@heigl.org>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
* This file tests the basic LDAP-Tasks
*
* @category authLdap
* @package authLdap
* @subpackage UnitTests
* @author Andreas Heigl<andreas@heigl.org>
* @copyright 2010 Andreas Heigl<andreas@heigl.org>
* @license GPL
* @since 21.09.2010
*/
namespace Org_Heigl\AuthLdapTest;
use PHPUnit_Framework_TestCase;
use Org_Heigl\AuthLdap\LDAP;
class LdapTest extends PHPUnit_Framework_TestCase
{
/**
*
* @dataProvider dpInstantiateLdapClass
* @param array $expected
* @param array $given
*/
public function testInstantiateLdapClass($expected, $given)
{
$ldap = new LDAP($expected[0], $expected[1]);
foreach ($given as $key => $value) {
$this -> assertAttributeEquals($value, '_' . $key, $ldap);
}
}
/**
* @dataProvider dpExceptionsWhenInstantiatingLdapClass
* @expectedException Exception
* @param array $expected
*/
public function testExceptionsWhenInstantiatingLdapClass($expected)
{
new LDAP($expected);
}
public function dpInstantiateLdapClass()
{
return array (
array (
array ('ldap://uid=jondoe,cn=users,cn=example,c=org:secret@ldap.example.org/cn=example,c=org', true),
array (
'username' => 'uid=jondoe,cn=users,cn=example,c=org',
'password' => 'secret',
'server' => 'ldap.example.org',
'baseDn' => 'cn=example,c=org',
'debug' => true
)
),
array (
array ('ldap://uid=jondoe,cn=users,cn=example,c=org@ldap.example.org/cn=example,c=org', true),
array (
'username' => 'uid=jondoe,cn=users,cn=example,c=org',
'password' => '',
'server' => 'ldap.example.org',
'baseDn' => 'cn=example,c=org',
'debug' => true
)
),
array(
array ('ldap://ldap.example.org/cn=example,c=org', true),
array (
'username' => 'anonymous',
'password' => '',
'server' => 'ldap.example.org',
'baseDn' => 'cn=example,c=org',
'debug' => true
)
),
// array(
// array ('ldap://ldap.example.org', true),
// array (
// 'username' => 'anonymous',
// 'password' => '',
// 'server' => 'ldap.example.org',
// 'baseDn' => '',
// 'debug' => true
// )
// ),
array(
array ('ldap://uid=jondoe,cn=users,cn=example,c=org:secret@ldap.example.org/cn=example,c=org', false),
array (
'username' => 'uid=jondoe,cn=users,cn=example,c=org',
'password' => 'secret',
'server' => 'ldap.example.org',
'baseDn' => 'cn=example,c=org',
'debug' => false
)
),
array(
array ('ldap://ldap.example.org/cn=test%20example,c=org', false),
array (
'username' => 'anonymous',
'password' => '',
'server' => 'ldap.example.org',
'baseDn' => 'cn=test example,c=org',
'debug' => false
)
),
);
}
public function dpExceptionsWhenInstantiatingLdapClass()
{
return array (
array('ldap://ldap.example.org'),
array('ldap://foo:bar@/cn=example,c=org'),
array('http://ldap.example.org'),
array('fooBar'),
array('ldap://ldap.example.org/'),
array('()123üäö'),
);
}
public function testThatGroupMappingWorks()
{
$groups = [
'count' => 1,
0 => [
'dn' => 'dn-1',
'count' => 1,
0 => 'group',
'group' => [
'count' => 2,
0 => '7310T270:Překladatelství:čeština - angličtina@ff.cuni.cz',
1 => '7310T033:Český jazyk a literatura@ff.cuni.cz',
]
]
];
$grp = array();
for ($i = 0; $i < $groups ['count']; $i++) {
for ($k = 0; $k < $groups[$i][strtolower('group')]['count']; $k++) {
$grp[] = $groups[$i][strtolower('group')][$k];
}
}
$this->assertEquals([
'7310T270:Překladatelství:čeština - angličtina@ff.cuni.cz',
'7310T033:Český jazyk a literatura@ff.cuni.cz',
], $grp);
$role = '';
foreach (['testrole' => '7310T031:Český jazyk a literatura@ff.cuni.cz,7310T033:Český jazyk a literatura@ff.cuni.cz'] as $key => $val) {
$currentGroup = explode(',', $val);
// Remove whitespaces around the group-ID
$currentGroup = array_map('trim', $currentGroup);
if (0 < count(array_intersect($currentGroup, $grp))) {
$role = $key;
break;
}
}
$this->assertEquals('testrole', $role);
}
}

420
wp-content/mu-plugins/view/admin.phtml Normal file
View File

@ -0,0 +1,420 @@
<?php
/**
* Copyright (c)2014-2014 heiglandreas
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIBILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*
* @category
* @author Andreas Heigl<andreas@heigl.org>
* @copyright ©2014-2014 Andreas Heigl
* @license http://www.opesource.org/licenses/mit-license.php MIT-License
* @version 0.0
* @since 19.12.14
* @link https://github.com/heiglandreas/authLdap
*/
?><div class="wrap">
<?php if (! extension_loaded('ldap')) : ?>
<div class="error"><strong>Caveat:</strong> The LDAP-extension is not loaded!
Without that extension it is not possible to query an LDAP-Server! Please have a look
at <a href="http://php.net/manual/install.php">the PHP-Installation page</a>
</div>
<?php endif ?>
<h2>AuthLDAP Options</h2>
<form method="post" id="authLDAP_options" action="<?php echo $action;?>">
<h3 class="title">General Usage of authLDAP</h3>
<fieldset class="options">
<table class="form-table">
<tr>
<th>
<label for="authLDAPAuth">Enable Authentication via LDAP?</label>
</th>
<td>
<input type="checkbox" name="authLDAPAuth" id="authLDAPAuth" value="1"<?php echo $tChecked; ?>/>
</td>
</tr>
<tr>
<th>
<label for="authLDAPDebug">Debug AuthLDAP?</label>
</th>
<td>
<input type="checkbox" name="authLDAPDebug" id="authLDAPDebug" value="1"<?php echo $tDebugChecked; ?>/>
</td>
</tr>
<tr>
<th>
<label for="authLDAPDoNotOverwriteNonLdapUsers">Do not authenticate existing WordPress-Users</label>
</th>
<td>
<input type="checkbox" name="authLDAPDoNotOverwriteNonLdapUsers" id="authLDAPDoNotOverwriteNonLdapUsers" value="1"<?php echo $tDoNotOverwriteNonLdapUsers; ?>/>
<p class="description">
Shall we prohibit authenticating already in WordPress created users using LDAP? If you enable this, LDAP-Users with the same user-ID
as existing WordPress-Users can no longer take over the WordPress-Users account. This also means that LDAP-Users with the same User-ID as existing
WordPress-Users will <strong>not</strong> be able to authenticate anymore! Accounts that have been taken over already will not be affected by this setting.
</p>
<p class="description">This should only be checked if you know what you are doing!</p>
</td>
</tr>
<tr>
<th>
<label for="authLDAPCachePW">Save entered passwords in the wordpress user table?</label>
</th>
<td>
<input type="checkbox" name="authLDAPCachePW" id="authLDAPCachePW" value="1"<?php echo $tPWChecked; ?>/>
</td>
</tr>
<tr>
<th>
<label for="authLDAPGroupEnable">Map LDAP Groups to wordpress Roles?</label>
</th>
<td>
<input type="checkbox" name="authLDAPGroupEnable" id="authLDAPGroupEnable" value="1"<?php echo $tGroupChecked; ?>/>
<p class="description">
Search LDAP for user's groups and map to Wordpress Roles.
</p>
</td>
</tr>
</table>
</fieldset>
<h3 class="title">General Server Settings</h3>
<fieldset class="options">
<table class="form-table">
<tr>
<th>
<label for="authLDAPURI">LDAP URI</label>
</th>
<td>
<input type="text" name="authLDAPURI" id="authLDAPURI" placeholder="LDAP-URI"
class="regular-text" value="<?php echo $authLDAPURI; ?>"/>
<p class="description">
The <abbr title="Uniform Ressource Identifier">URI</abbr>
for connecting to the LDAP-Server. This usualy takes the form
<var>&lt;scheme&gt;://&lt;user&gt;:&lt;password&gt;@&lt;server&gt;/&lt;path&gt;</var>
according to RFC 1738.</p>
<p class="description">
In this case it schould be something like
<var>ldap://uid=adminuser,dc=example,c=com:secret@ldap.example.com/dc=basePath,dc=example,c=com</var>.
</p>
<p class="description">
If your LDAP accepts anonymous login, you can ommit the user and
password-Part of the URI
</p>
</td>
</tr>
<tr>
<th>
<label for="authLDAPURISeparator">LDAP URI-Separator</label>
</th>
<td>
<input type="text" name="authLDAPURISeparator" id="authLDAPURISeparator" placeholder="LDAP-URI Separator"
class="regular-text" value="<?php echo $authLDAPURISeparator; ?>"/>
<p class="description">
A separator that separates multiple LDAP-URIs from one another.
You can use that feature to try to authenticate against multiple LDAP-Servers
as long as they all have the same attribute-settings. The first LDAP-Server the user can
authenticate against will be used to handle the user.
</td>
</tr>
<tr>
<th>
<label for="authLDAPStartTLS" class="description">StartTLS</label>
</th>
<td>
<input type="checkbox" name="authLDAPStartTLS" id="authLDAPStartTLS" value="1"<?php echo $tStartTLSChecked; ?>/>
<p class="description">
Use StartTLS for encryption of ldap connections. This setting is not to be used in combination with ldaps connections (ldap:// only).
</p>
</td>
<tr>
<th scope="row">
<label for="authLDAPFilter" class="description">Filter</label>
</th>
<td>
<input type="text" name="authLDAPFilter" id="authLDAPFilter" placeholder="(uid=%s)"
class="regular-text" value="<?php echo $authLDAPFilter; ?>"/>
<p class="description">
Please provide a valid filter that can be used for querying the
<abbr title="Lightweight Directory Access Protocol">LDAP</abbr>
for the correct user. For more information on this
feature have a look at <a href="http://andreas.heigl.org/cat/dev/wp/authldap">http://andreas.heigl.org/cat/dev/wp/authldap</a>
</p>
<p class="description">
This field <strong>should</strong> include the string <code>%s</code>
that will be replaced with the username provided during log-in
</p>
<p class="description">
If you leave this field empty it defaults to <strong>(uid=%s)</strong>
</p>
</td>
</tr>
</table>
</fieldset>
<h3 class="title">Settings for creating new Users</h3>
<fieldset class="options">
<table class="form-table">
<tr>
<th scope="row">
<label for="authLDAPNameAttr">Name-Attribute</label>
</th>
<td>
<input type="text" name="authLDAPNameAttr" id="authLDAPNameAttr" placeholder="name"
class="regular-text" value="<?php echo $authLDAPNameAttr; ?>"/><br />
<p class="description">
Which Attribute from the LDAP contains the Full or the First name
of the user trying to log in.
</p>
<p class="description">
This defaults to <strong>name</strong>
</p>
</td>
</tr>
<tr>
<th scope="row">
<label for="authLDAPSecName">Second Name Attribute</label>
</th>
<td>
<input type="text" name="authLDAPSecName" id="authLDAPSecName" placeholder=""
class="regular-text" value="<?php echo $authLDAPSecName; ?>" />
<p class="description">
If the above Name-Attribute only contains the First Name of the
user you can here specify an Attribute that contains the second name.
</p>
<p class="description">
This field is empty by default
</p>
</td>
</tr>
<tr>
<th scope="row">
<label for="authLDAPUidAttr">User-ID Attribute</label>
</th>
<td>
<input type="text" name="authLDAPUidAttr" id="authLDAPUidAttr" placeholder="uid"
class="regular-text" value="<?php echo $authLDAPUidAttr; ?>" />
<p class="description">
Please give the Attribute, that is used to identify the user. This
should be the same as you used in the above <em>Filter</em>-Option
</p>
<p class="description">
This field defaults to <strong>uid</strong>
</p>
</td>
</tr>
<tr>
<th scope="row">
<label for="authLDAPMailAttr">Mail Attribute</label>
</th>
<td>
<input type="text" name="authLDAPMailAttr" id="authLDAPMailAttr" placeholder="mail"
class="regular-text" value="<?php echo $authLDAPMailAttr; ?>" />
<p class="description">
Which Attribute holds the eMail-Address of the user?
</p>
<p class="description">
If more than one eMail-Address are stored in the LDAP, only the first given is used
</p>
<p class="description">
This field defaults to <strong>mail</strong>
</p>
</td>
</tr>
<tr>
<th scope="row">
<label for="authLDAPWebAttr">Web-Attribute</label>
</th>
<td>
<input type="text" name="authLDAPWebAttr" id="authLDAPWebAttr" placeholder=""
class="regular-text" value="<?php echo $authLDAPWebAttr; ?>" />
<p class="description">
If your users have a personal page (URI) stored in the LDAP, it can
be provided here.
</p>
<p class="description">
This field is empty by default
</p>
</td>
</tr>
<tr>
<th scope="row">
<label for="authLDAPDefaultRole">Default Role</label>
</th>
<td>
<select name="authLDAPDefaultRole" id="authLDAPDefaultRole">
<option value="" <?php echo ( $authLDAPDefaultRole == '' ? 'selected="selected"' : '' ); ?>>
None (deny access)
</option>
<?php foreach ($roles->get_names() as $group => $vals) : ?>
<option value="<?php echo $group; ?>" <?php echo ( $authLDAPDefaultRole == $group ? 'selected="selected"' : '' ); ?>>
<?php echo $vals; ?>
</option>
<?php endforeach; ?>
</select>
<p class="description">
Here you can select the default role for users.
If you enable LDAP Groups below, they will take precedence over the Default Role.
</p>
<p class="description">
Existing users will retain their roles unless overriden by LDAP Groups below.
</p>
</td>
</tr>
</table>
</fieldset>
<div id="authldaprolemapping">
<h3 class="title">Groups for Roles</h3>
<fieldset class="options">
<table class="form-table">
<tr>
<th>
<label for="authLDAPGroupOverUser">LDAP Groups override role of existing users?</label>
</th>
<td>
<input type="checkbox" name="authLDAPGroupOverUser" id="authLDAPGroupOverUser" value="1"<?php echo $tGroupOverUserChecked; ?>/>
<p class="description">
If role determined by LDAP Group differs from existing Wordpress User's role, use LDAP Group.
</p>
</td>
</tr>
<tr>
<th scope="row">
<label for="authLDAPGroupBase">Group-Base</label>
</th>
<td>
<input type="text" name="authLDAPGroupBase" id="authLDAPGroupBase" placeholder=""
class="regular-text" value="<?php echo $authLDAPGroupBase; ?>" />
<p class="description">
This is the base dn to lookup groups.
</p>
<p class="description">
If empty the base dn of the LDAP URI will be used
</p>
</td>
</tr>
<tr>
<th scope="row">
<label for="authLDAPGroupAttr">Group-Attribute</label>
</th>
<td>
<input type="text" name="authLDAPGroupAttr" id="authLDAPGroupAttr" placeholder="gidNumber"
class="regular-text" value="<?php echo $authLDAPGroupAttr; ?>" />
<p class="description">
This is the attribute that defines the Group-ID that can be matched
against the Groups defined further down
</p>
<p class="description">
This field defaults to <strong>gidNumber</strong>
</p>
</td>
</tr>
<tr>
<th scope="row">
<label for="authLDAPGroupSeparator">Group-Separator</label>
</th>
<td>
<input type="text" name="authLDAPGroupSeparator" id="authLDAPGroupSeparator" placeholder=","
class="regular-text" value="<?php echo $authLDAPGroupSeparator; ?>" />
<p class="description">
This attribute defines the separator used for the Group-IDs listed in the
Groups defined further down. This is useful if the value of Group-Attribute
listed above can contain a comma (for example, when using the memberof attribute)
</p>
<p class="description">
This field defaults to <strong>, (comma)</strong>
</p>
</td>
</tr>
<tr>
<th scope="row">
<label for="authLDAPGroupFilter">Group-Filter</label>
</th>
<td>
<input type="text" name="authLDAPGroupFilter" id="authLDAPGroupFilter"
placeholder="(&amp;(objectClass=posixGroup)(memberUid=%s))"
class="regular-text" value="<?php echo $authLDAPGroupFilter; ?>" />
<p class="description">
Here you can add the filter for selecting groups for ther
currentlly logged in user
</p>
<p class="description">
The Filter should contain the string <code>%s</code> which will be replaced by
the login-name of the currently logged in user
</p>
<p class="description">
Alternatively the string <code>%dn%</code> will be replaced by the
DN of the currently logged in user. This can be helpfull if
group-memberships are defined with DNs rather than UIDs
</p>
<p class="description">This field defaults to
<strong>(&amp;(objectClass=posixGroup)(memberUid=%s))</strong>
</p>
</td>
</tr>
</table>
</fieldset>
<h3 class="title">Role - group mapping</h3>
<fieldset class="options">
<table class="form-table">
<?php
foreach ($roles->get_names() as $group => $vals) :
$aGroup=$authLDAPGroups[$group]; ?>
<tr>
<th scope="row">
<label for="authLDAPGroups[<?php echo $group; ?>]">
<?php echo $vals; ?>
</label>
</th>
<td>
<input type="text" name="authLDAPGroups[<?php echo $group; ?>]" id="authLDAPGroups[<?php echo $group; ?>]"
value="<?php echo $aGroup; ?>" />
<p class="description">What LDAP-Groups shall be matched to the <?php echo $vals; ?>-Role?</p>
<p class="description">Please provide a coma-separated list of values</p>
<p class="description">This field is empty by default</p>
</td>
</tr>
<?php endforeach; ?>
</table>
</fieldset>
</div>
<fieldset class="buttons">
<p class="submit">
<input type="submit" name="ldapOptionsSave" class="button button-primary" value="Save Changes" />
</p>
</fieldset>
</form>
</div>
<script type="text/javascript">
elem = document.getElementById('authLDAPGroupEnable');
if(! elem.checked) {
document.getElementById('authldaprolemapping').setAttribute('style', 'display:none;');
}
elem.addEventListener('change', function(e){
if(! e.target.checked) {
document.getElementById('authldaprolemapping').setAttribute('style', 'display:none;');
} else {
document.getElementById('authldaprolemapping').removeAttribute('style');
}
});
</script>