From 32c8213e404641e40ea8682795dcfc208f735809 Mon Sep 17 00:00:00 2001
From: Megan Watson <megan@knowledgetree.com>
Date: Mon, 14 Jan 2008 14:27:46 +0000
Subject: [PATCH] KTS-2772 "CLONE -LDAP / Active Directory Authentication incorrect fields returned(SUP-521)" Fixed. Rearranged the attributes retrieved from either directory to match the user's fields correctly.

---
 plugins/ktstandard/ldap/activedirectoryauthenticationprovider.inc.php | 29 +++++++++++++++--------------
 plugins/ktstandard/ldap/ldapauthenticationprovider.inc.php            | 29 +++++++++++++++--------------
 plugins/ktstandard/ldap/ldapbaseauthenticationprovider.inc.php        | 24 ++++++++++++++----------
 templates/ktstandard/authentication/ldapadduser.smarty                |  2 +-
 4 files changed, 45 insertions(+), 39 deletions(-)

diff --git a/plugins/ktstandard/ldap/activedirectoryauthenticationprovider.inc.php b/plugins/ktstandard/ldap/activedirectoryauthenticationprovider.inc.php
index 6de4b6f..3c3e3f6 100644
--- a/plugins/ktstandard/ldap/activedirectoryauthenticationprovider.inc.php
+++ b/plugins/ktstandard/ldap/activedirectoryauthenticationprovider.inc.php
@@ -5,32 +5,32 @@
  * KnowledgeTree Open Source Edition
  * Document Management Made Simple
  * Copyright (C) 2004 - 2007 The Jam Warehouse Software (Pty) Limited
- * 
+ *
  * This program is free software; you can redistribute it and/or modify it under
  * the terms of the GNU General Public License version 3 as published by the
  * Free Software Foundation.
- * 
+ *
  * This program is distributed in the hope that it will be useful, but WITHOUT
  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
  * FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
  * details.
- * 
+ *
  * You should have received a copy of the GNU General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- * 
+ *
  * You can contact The Jam Warehouse Software (Pty) Limited, Unit 1, Tramber Place,
  * Blake Street, Observatory, 7925 South Africa. or email info@knowledgetree.com.
- * 
+ *
  * The interactive user interfaces in modified source and object code versions
  * of this program must display Appropriate Legal Notices, as required under
  * Section 5 of the GNU General Public License version 3.
- * 
+ *
  * In accordance with Section 7(b) of the GNU General Public License version 3,
  * these Appropriate Legal Notices must retain the display of the "Powered by
- * KnowledgeTree" logo and retain the original copyright notice. If the display of the 
+ * KnowledgeTree" logo and retain the original copyright notice. If the display of the
  * logo is not reasonably feasible for technical reasons, the Appropriate Legal Notices
- * must display the words "Powered by KnowledgeTree" and retain the original 
- * copyright notice. 
+ * must display the words "Powered by KnowledgeTree" and retain the original
+ * copyright notice.
  * Contributor( s): ______________________________________
  *
  */
@@ -40,20 +40,21 @@ require_once(KT_LIB_DIR . '/authentication/Authenticator.inc');
 require_once(KT_DIR . '/plugins/ktstandard/ldap/ldapbaseauthenticationprovider.inc.php');
 
 class KTActiveDirectoryAuthenticationProvider extends KTLDAPBaseAuthenticationProvider {
-    var $sNamespace = "ktstandard.authentication.adprovider";      
+    var $sNamespace = 'ktstandard.authentication.adprovider';
 
     var $bGroupSource = true;
 
-    var $sAuthenticatorClass = "KTActiveDirectoryAuthenticator";
-    var $aAttributes = array ("cn", "samaccountname", "givenname", "sn", "userprincipalname", "telephonenumber");
+    var $sAuthenticatorClass = 'KTActiveDirectoryAuthenticator';
+    var $aAttributes = array ('cn', 'samaccountname', 'givenname', 'sn', 'mail', 'telephonenumber', 'userprincipalname');
 
     function KTActiveDirectoryAuthenticationProvider() {
-        $this->sName = _kt("ActiveDirectory authentication provider");
+        $this->sName = _kt('ActiveDirectory authentication provider');
         parent::KTLDAPBaseAuthenticationProvider();
     }
 }
 
 class KTActiveDirectoryAuthenticator extends KTLDAPBaseAuthenticator {
-    var $aAttributes = array ("cn", "samaccountname", "givenname", "sn", "userprincipalname", "telephonenumber");
+    var $aAttributes = array ('cn', 'samaccountname', 'givenname', 'sn', 'mail', 'telephonenumber', 'userprincipalname');
 }
 
+?>
\ No newline at end of file
diff --git a/plugins/ktstandard/ldap/ldapauthenticationprovider.inc.php b/plugins/ktstandard/ldap/ldapauthenticationprovider.inc.php
index 776c491..b780b21 100644
--- a/plugins/ktstandard/ldap/ldapauthenticationprovider.inc.php
+++ b/plugins/ktstandard/ldap/ldapauthenticationprovider.inc.php
@@ -5,32 +5,32 @@
  * KnowledgeTree Open Source Edition
  * Document Management Made Simple
  * Copyright (C) 2004 - 2007 The Jam Warehouse Software (Pty) Limited
- * 
+ *
  * This program is free software; you can redistribute it and/or modify it under
  * the terms of the GNU General Public License version 3 as published by the
  * Free Software Foundation.
- * 
+ *
  * This program is distributed in the hope that it will be useful, but WITHOUT
  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
  * FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
  * details.
- * 
+ *
  * You should have received a copy of the GNU General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- * 
+ *
  * You can contact The Jam Warehouse Software (Pty) Limited, Unit 1, Tramber Place,
  * Blake Street, Observatory, 7925 South Africa. or email info@knowledgetree.com.
- * 
+ *
  * The interactive user interfaces in modified source and object code versions
  * of this program must display Appropriate Legal Notices, as required under
  * Section 5 of the GNU General Public License version 3.
- * 
+ *
  * In accordance with Section 7(b) of the GNU General Public License version 3,
  * these Appropriate Legal Notices must retain the display of the "Powered by
- * KnowledgeTree" logo and retain the original copyright notice. If the display of the 
+ * KnowledgeTree" logo and retain the original copyright notice. If the display of the
  * logo is not reasonably feasible for technical reasons, the Appropriate Legal Notices
- * must display the words "Powered by KnowledgeTree" and retain the original 
- * copyright notice. 
+ * must display the words "Powered by KnowledgeTree" and retain the original
+ * copyright notice.
  * Contributor( s): ______________________________________
  *
  */
@@ -41,19 +41,20 @@ require_once('Net/LDAP.php');
 require_once(KT_DIR . '/plugins/ktstandard/ldap/ldapbaseauthenticationprovider.inc.php');
 
 class KTLDAPAuthenticationProvider extends KTLDAPBaseAuthenticationProvider {
-    var $sNamespace = "ktstandard.authentication.ldapprovider";
+    var $sNamespace = 'ktstandard.authentication.ldapprovider';
 
-    var $aAttributes = array ("cn", "uid", "givenname", "sn", "mail", "mobile");
-    var $sAuthenticatorClass = "KTLDAPAuthenticator";
+    var $aAttributes = array ('cn', 'samaccountname', 'givenname', 'sn', 'mail', 'mobile', 'userprincipalname', 'uid');
+    var $sAuthenticatorClass = 'KTLDAPAuthenticator';
 
     function KTLDAPAuthenticationProvider() {
-        $this->sName = _kt("LDAP authentication provider");
+        $this->sName = _kt('LDAP authentication provider');
         parent::KTLDAPBaseAuthenticationProvider();
     }
 
 }
 
 class KTLDAPAuthenticator extends KTLDAPBaseAuthenticator {
-    var $aAttributes = array ("cn", "uid", "givenname", "sn", "mail", "mobile");
+    var $aAttributes = array ('cn', 'samaccountname', 'givenname', 'sn', 'mail', 'mobile', 'userprincipalname', 'uid');
 }
 
+?>
\ No newline at end of file
diff --git a/plugins/ktstandard/ldap/ldapbaseauthenticationprovider.inc.php b/plugins/ktstandard/ldap/ldapbaseauthenticationprovider.inc.php
index de27ca5..30f247e 100644
--- a/plugins/ktstandard/ldap/ldapbaseauthenticationprovider.inc.php
+++ b/plugins/ktstandard/ldap/ldapbaseauthenticationprovider.inc.php
@@ -39,11 +39,11 @@ require_once(KT_LIB_DIR . '/authentication/authenticationprovider.inc.php');
 require_once(KT_LIB_DIR . '/authentication/Authenticator.inc');
 
 class KTLDAPBaseAuthenticationProvider extends KTAuthenticationProvider {
-    var $sName = "LDAP authentication provider";
-    var $sNamespace = "ktstandard.authentication.ldapprovider";
+    var $sName = 'LDAP authentication provider';
+    var $sNamespace = 'ktstandard.authentication.ldapprovider';
 
-    var $aAttributes = array ("cn", "uid", "givenname", "sn", "mail", "mobile");
-    var $aMembershipAttributes = array ("memberOf");
+    var $aAttributes = array ('cn', 'samaccountname', 'givenname', 'sn', 'mail', 'mobile', 'userprincipalname', 'uid');
+    var $aMembershipAttributes = array ('memberOf');
 
     // {{{ KTLDAPBaseAuthenticationProvider
     function KTLDAPBaseAuthenticationProvider() {
@@ -281,10 +281,13 @@ class KTLDAPBaseAuthenticationProvider extends KTAuthenticationProvider {
         $this->oValidator->notError($aResults);
 
         $sUserName = $aResults[$this->aAttributes[1]];
-        // With LDAP, if the 'uid' is null then try using the 'givenname' instead.
-        // See activedirectoryauthenticationprovider.inc.php and ldapauthenticationprovider.inc.php for details.
-        if($this->sAuthenticatorClass == "KTLDAPAuthenticator" && empty($sUserName)) {
-            $sUserName = strtolower($aResults[$this->aAttributes[2]]);
+
+        // If the SAMAccountName is empty then use the UserPrincipalName (UPN) to find the username.
+        // The UPN is normally the username @ the internet domain
+        if(empty($sUserName)) {
+            $sUpn = $aResults[$this->aAttributes[6]];
+            $aUpn = explode('@', $sUpn);
+            $sUserName = $aUpn[0];
         }
 
         $fields = array();
@@ -447,12 +450,12 @@ class KTLDAPBaseAuthenticationProvider extends KTAuthenticationProvider {
                     }
                     $aSearchDNs[$k] = "'".$aSearchResults[$k]['dn']."'";
                 }
-                
+
                 $sDNs = implode(',', $aSearchDNs);
                 $query = "SELECT id, authentication_details_s1 AS dn FROM users
                     WHERE authentication_details_s1 IN ($sDNs)";
                 $aCurUsers = DBUtil::getResultArray($query);
-                
+
                 // If the user has already been added, then remove from the list
                 if(!PEAR::isError($aCurUsers) && !empty($aCurUsers)){
                     foreach($aCurUsers as $item){
@@ -961,3 +964,4 @@ class KTLDAPBaseAuthenticator extends Authenticator {
     }
 }
 
+?>
\ No newline at end of file
diff --git a/templates/ktstandard/authentication/ldapadduser.smarty b/templates/ktstandard/authentication/ldapadduser.smarty
index 8b055d2..502e114 100644
--- a/templates/ktstandard/authentication/ldapadduser.smarty
+++ b/templates/ktstandard/authentication/ldapadduser.smarty
@@ -10,7 +10,7 @@
       <input type="hidden" name="dn" value="{$dn}" />
       <input type="hidden" name="samaccountname" value="{$samaccountname}" />
       <div class="form_actions">
-         <input type="submit" name="submit[create]" value="{i18n}create user{/i18n}" />
+         <input type="submit" name="submit[create]" value="{i18n}Create user{/i18n}" />
          <input type="submit" name="kt_cancel[]" value="{i18n}Cancel{/i18n}" />
       </div>
    </fieldset>
--
libgit2 0.21.4