+++ /dev/null
-
-This patch from AllianceTec modifies the users_ldap authentication backend,
-and fixes caching problems for the HTTP login module (in the core). It has
-not yet been applied because the ewiki_auth() interface is going to get
-overhauled considerably anyhow.
-
- cd .../ewiki-R1.0Nx/
- patch -p1 < .../auth_ldap.patch
-
-
---- ewiki-R1.02a+dev3/ewiki.php 2004-09-29 14:14:48.000000000 -0500
-+++ at_patches/ewiki.php 2005-03-01 10:42:45.883229728 -0600
-@@ -3232,7 +3232,7 @@
- $ok = true;
- $ewiki_errmsg="";
-
--#echo "_a($id,dat,$action,$ring,$request_auth)<br />\n";
-+#echo "_a($id,$data,$action,$ring,$request_auth)<br />\n";
-
- if (EWIKI_PROTECTED_MODE) {
-
-@@ -3337,6 +3337,13 @@
- if ($username || $password) {
- ewiki_log("_auth_userdb: wrong password supplied for user '$username', not verified against any userdb", 3);
- $ewiki_errmsg = "wrong username and/or password";
-+ // Alliance Technologies addition
-+ #-- If the ewiki_auth_query_http plugin is loaded, we need the following to prevent the HTTP auth from being cached by the browser
-+ if ($ewiki_plugins["auth_query"][0] == "ewiki_auth_query_http") {
-+ header('HTTP/1.1 401 Authentication Required');
-+ header('Status: 401 Authentication Required');
-+ header('WWW-Authenticate: Basic realm="Login incorrect"');
-+ }
- # ewiki_auth($uu, $uu, $uu, $uu, 2);
- }
- return(false);
-@@ -3962,4 +3969,4 @@
-
-
-
--</script>
-\ No newline at end of file
-+</script>
-
---- ewiki-R1.02a+dev3/plugins/auth/users_ldap.php 2003-12-01 11:14:05.000000000 -0600
-+++ at_patches/users_ldap.php 2005-03-01 10:42:46.022208600 -0600
-@@ -4,45 +4,63 @@
- Check username and password by connecting to LDAP server.
- */
-
--
--#-- config
--define("EWIKI_LDAP_SERVER", "ldap.example.com");
--define("EWIKI_LDAP_RDN", 'cn=$USER,ou=users,dc=example,dc=com');
--define("EWIKI_LDAP_FILTER", ""); // sn=* ???
--define("EWIKI_LDAP_RING", 2);
--
--
- #-- glue
- $ewiki_plugins["auth_userdb"][] = "ewiki_auth_userdb_ldap";
-
--
--
--function ewiki_auth_userdb_ldap($username, $password=NULL) {
--
-- #-- connect
-- if ($conn = ldap_connect(EWIKI_LDAP_SERVER)) {
--
-- #-- vars
-- $rdn = preg_replace('/[$%_]+\{USER\}|[$%]+USER[$%]?/i', $username, EWIKI_LDAP_RDN);
-- $search = EWIKI_LDAP_SEARCH;
--
-- #-- bind to domain
-- if (ldap_bind($conn, $rdn, $password)) {
--
-- #-- connected == authenticated
-- if (!$search || ldap_count_entries($conn, ldap_search($conn, $rdn, $search)) ) {
--
-- ldap_close($conn);
--
-- #-- return password array() as true value for userdb plugins
-- return(array($password, EWIKI_LDAP_RING));
-- }
--
-- }
--
-- ldap_close($conn);
-- }
-- return(false);
-+function ewiki_auth_userdb_ldap($username, $password) {
-+// Modified for Alliance Technologies
-+ //return(array($password, EWIKI_LDAP_RING)); // Added by Josh on 2005-02-25 to disable edirectory check for PM
-+
-+ #-- connect
-+ if ($conn = ldap_connect(EWIKI_LDAP_SERVER)) {
-+ // -- Begin Alliance Technologies Add
-+ // TODO: make this conditionalized
-+ if (!ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3)) {
-+ fatal_error("Failed to set LDAP Protocol version to 3, TLS not supported.");
-+ }
-+ if (!ldap_start_tls($conn)) {
-+ fatal_error("Ldap_start_tls failed");
-+ }
-+ // -- End Alliance Technologies Add
-+
-+ #-- vars
-+ $rdn = preg_replace('/[$%_]+\{USER\}|[$%]+USER[$%]?/i', $username, EWIKI_LDAP_RDN);
-+ // -- Alliance Technologies - Changed SEARCH to FILTER
-+ $search = EWIKI_LDAP_FILTER;
-+
-+ #-- bind to domain
-+ error_reporting(E_ERROR);
-+ if (ldap_bind($conn, $rdn, $password)) {
-+ #-- connected == authenticated
-+ if ($rdn == 'cn=morej,o=alliance') {
-+ ldap_close($conn);
-+ return(array($password, EWIKI_LDAP_ADMIN_RING));
-+ }
-+ if (!$search || ldap_count_entries($conn, ldap_search($conn, $rdn, $search)) ) {
-+ ldap_close($conn);
-+ #-- return password array() as true value for userdb plugins
-+ return(array($password, EWIKI_LDAP_RING));
-+ }
-+ } elseif ($rdn) {
-+ //Failure
-+ return(false);
-+ header('HTTP/1.1 401 Authentication Required');
-+ header('Status: 401 Authentication Required');
-+ header('WWW-Authenticate: Basic realm="Login incorrect"');
-+ $redir = 'http://' . $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"] ;
-+ $redir = ereg_replace('=.+/','=',$redir);
-+ #header("Location: $redir");
-+
-+ echo('<pre>');
-+ var_dump($_SERVER);
-+ echo('</pre>');
-+ die();
-+ }
-+ error_reporting(E_ALL & ~E_NOTICE);
-+
-+ ldap_close($conn);
-+ }
-+return(false);
- }
-
--?>
-\ No newline at end of file
-+?>
-