[pmwiki-users] YALP (Yet Another LDAP Patch)

Thomas -Balu- Walter list+pmwiki-users at b-a-l-u.de
Tue Aug 22 09:00:14 CDT 2006

Hi once more,

I've just figured out that you can not have a filter option in your
ldap://-URL which is needed here on campus. 

We have an attribute called "eduPersonScopedAffiliation" (yes, I love
those big names :) that specifies if the person is a student, an
employee, etc and it's department.

So I thought I'd fix this:

Index: scripts/authuser.php
--- scripts/authuser.php        (revision 1507)
+++ scripts/authuser.php        (working copy)
@@ -110,7 +110,7 @@
     if (!preg_match('!(ldaps?://[^/]+)/(.+)$!', $ldap, $match))
     list($z, $url, $path) = $match;
-    list($basedn, $attr, $sub) = explode('?', $path);
+    list($basedn, $attr, $sub, $filter) = explode('?', $path);
     if (!$attr) $attr = 'uid';
     if (!$sub) $sub = 'one';
     $binddn = @$AuthLDAPBindDN;
@@ -119,7 +119,7 @@
     ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
     if (ldap_bind($ds, $binddn, $bindpw)) {
       $fn = ($sub == 'sub') ? 'ldap_search' : 'ldap_list';
-      $sr = $fn($ds, $basedn, "($attr=$id)", array($attr));
+      $sr = $fn($ds, $basedn, "(& ($attr=$id) $filter)", array($attr));
       $x = ldap_get_entries($ds, $sr);
       if ($x['count'] == 1) {
         $dn = $x[0]['dn'];

Now you can specify a filter as the last attribute:

If you don't - everything should work as normal: $filter get's NULL then and
the final query is done with "(& (uid=balu) )" which is a working filter


More information about the pmwiki-users mailing list