Index: openacs-4/packages/auth-ldap/tcl/auth-ldap-procs.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/auth-ldap/tcl/auth-ldap-procs.tcl,v diff -u -r1.6.2.4 -r1.6.2.5 --- openacs-4/packages/auth-ldap/tcl/auth-ldap-procs.tcl 21 Sep 2004 17:56:25 -0000 1.6.2.4 +++ openacs-4/packages/auth-ldap/tcl/auth-ldap-procs.tcl 5 Jan 2005 19:47:51 -0000 1.6.2.5 @@ -71,8 +71,6 @@ } set user_info_impl_id [acs_sc::impl::new_from_spec -spec $spec] - - auth::local_ldap::after_install } ad_proc -private auth::ldap::before_uninstall {} {} { @@ -242,11 +240,39 @@ # Default to failure set result(auth_status) auth_error - # Find the user - set userPassword [auth::ldap::get_user -username $username -parameters $parameters -element "userPassword"] + + # LDAP bind based authentication ? + set ldap_bind_p 0 - if { ![empty_string_p $userPassword] && [auth::ldap::check_password $userPassword $password] } { - set result(auth_status) ok + if {$ldap_bind_p==1} { + + set cn $username + + # The following code splits up the username, given in the form: + # user.sub-domain.domain + # into the according ou statements. This is for demonstration purpose only + + # set ldap_list [split $username "."] + # set ou_elements [lrange $ldap_list 0 [expr [llength $ldap_list] - 2]] + # set cn "[join $ou_elements ",ou="],o=[lindex $ldap_list end]" + + set lh [ns_ldap gethandle] + + if {[ns_ldap bind $lh "cn=$cn" "$password"]} { + set result(auth_status) ok + } + + ns_ldap disconnect $lh + ns_ldap releasehandle $lh + + } else { + + # Find the user + set userPassword [auth::ldap::get_user -username $username -parameters $parameters -element "userPassword"] + + if { ![empty_string_p $userPassword] && [auth::ldap::check_password $userPassword $password] } { + set result(auth_status) ok + } } # We do not check LDAP account status @@ -301,8 +327,8 @@ ad_proc -private auth::ldap::password::ChangePassword { username + old_password new_password - {old_password ""} {parameters {}} {authority_id {}} } { @@ -334,17 +360,15 @@ } } } - + if { ![empty_string_p $dn] && ![empty_string_p $userPassword] } { - if { ![empty_string_p $old_password] || ![auth::ldap::check_password $userPassword $old_password] } { - set result(password_status) old_password_bad - } else { - auth::ldap::set_password -dn $dn -new_password $new_password -parameters $parameters - set result(password_status) ok - } + if { ![auth::ldap::check_password $userPassword $old_password] } { + set result(password_status) old_password_bad + } else { + auth::ldap::set_password -dn $dn -new_password $new_password -parameters $parameters + set result(password_status) ok + } } - - return [array get result] }