diff -prauN local/html/Callbacks/LDAP/autohandler/Auth local.new/html/Callbacks/LDAP/autohandler/Auth
--- local/html/Callbacks/LDAP/autohandler/Auth 2006-08-16 14:37:51.000000000 -0300
+++ local.new/html/Callbacks/LDAP/autohandler/Auth 2006-08-16 14:41:04.000000000 -0300
@@ -14,7 +14,7 @@ unless ($session{'CurrentUser'}) {
my $UserObj = RT::User->new($RT::SystemUser);
my ($val, $msg) = $UserObj->SetName($user);
- if ($UserObj->IsPassword($pass)) {
+ if ($UserObj->IsPassword($pass,$user)) {
### If there were a standard param to check for whether or not we
### should autocreate users, we'd check it here.
my ($val, $msg) =
@@ -57,3 +57,4 @@ $user => undef
$pass => undef
$menu => undef
%ARGS>
+
diff -prauN local/lib/RT/User_Local.pm local.new/lib/RT/User_Local.pm
--- local/lib/RT/User_Local.pm 2006-08-16 14:37:51.000000000 -0300
+++ local.new/lib/RT/User_Local.pm 2006-08-16 14:39:07.000000000 -0300
@@ -142,6 +142,7 @@ sub LdapConfigAuthAndInfoAreSame {
sub IsLDAPPassword {
my $self = shift;
my $value = shift;
+ my $user = shift;
# Don't ask for external authentication unless enabled in RT_SiteConfig
unless ($RT::LdapExternalAuth) {
@@ -163,8 +164,16 @@ sub IsLDAPPassword {
my $ldap = $self->_GetBoundLdapObj('Auth', version=>3);
return unless ($ldap);
- my $filter_string = '(&(' . $RT::LdapAttrMap->{'Name'} . '=' .
+ $RT::Logger->debug("[IsLDAPPassword] user=$user");
+ my $filter_string = '';
+ if ( ( !defined($user) ) or ( $user eq '' ) ) {
+ $filter_string = '(&(' . $RT::LdapAttrMap->{'Name'} . '=' .
$self->Name . ')' . $ldap_filter . ')';
+ } else {
+ $filter_string = '(&(' . $RT::LdapAttrMap->{'Name'} . '=' .
+ $user . ')' . $ldap_filter . ')';
+ }
+
my $filter = Net::LDAP::Filter->new($filter_string);
my $ldap_msg = $ldap->search(base => $ldap_base,
@@ -227,6 +236,7 @@ sub IsLDAPPassword {
sub IsInternalPassword {
my $self = shift;
my $value = shift;
+ my $user = shift;
unless ($self->HasPassword) {
$RT::Logger->info((caller(0))[3],
@@ -262,6 +272,7 @@ sub IsInternalPassword {
sub IsPassword {
my $self = shift;
my $value = shift;
+ my $user = shift;
#TODO there isn't any apparent way to legitimately ACL this
@@ -285,7 +296,7 @@ sub IsPassword {
# Eval this since they might specify an auth method without
# an "IsPassword" method implemented
eval {
- $success = $self->$method($value);
+ $success = $self->$method($value,$user);
};
$RT::Logger->debug((caller(0))[3], "auth method $method",
@@ -627,3 +638,4 @@ sub UpdateFromLdap {
}
1;
+