diff --git a/config/config.php.example b/config/config.php.example
index 6f2d5d9..e375d27 100644
--- a/config/config.php.example
+++ b/config/config.php.example
@@ -400,6 +400,12 @@ $servers->setValue('server','name','My LDAP Server');
setup. */
// $servers->setValue('login','class',array());
+/* If login_attr was set to 'dn', it is possible to specify a template string to
+ build the DN from. Use '%s' where user input should be inserted. A user may
+ still enter the complete DN. In this case the template will not be used. */
+// $servers->setValue('login','bind_dn_template',null);
+# $servers->setValue('login','bind_dn_template','cn=%s,ou=people,dc=example,dc=com');
+
/* If you specified something different from 'dn', for example 'uid', as the
login_attr above, you can optionally specify here to fall back to
authentication with dn.
diff --git a/htdocs/login_form.php b/htdocs/login_form.php
index 91c252c..b6a36b9 100644
--- a/htdocs/login_form.php
+++ b/htdocs/login_form.php
@@ -80,7 +80,7 @@ if ($app['server']->getAuthType() == 'http') {
printf('
',
$app['server']->getValue('login','attr',false) == 'dn' ? $app['server']->getValue('login','bind_id') : '');
diff --git a/lib/ds.php b/lib/ds.php
index e7f4589..4b27227 100644
--- a/lib/ds.php
+++ b/lib/ds.php
@@ -574,6 +574,10 @@ class Datastore {
'desc'=>'User Login ID to bind to this DS',
'default'=>null);
+ $this->default->login['bind_dn_template'] = array(
+ 'desc'=>'Template string for user login DN to bind to this DS. Use \'%s\' where user input should be inserted.',
+ 'default'=>null);
+
$this->default->login['bind_pass'] = array(
'desc'=>'User Login Password to bind to this DS',
'default'=>null);
diff --git a/lib/ds_ldap.php b/lib/ds_ldap.php
index de80066..4352414 100644
--- a/lib/ds_ldap.php
+++ b/lib/ds_ldap.php
@@ -255,7 +255,7 @@ class ldap extends DS {
if (! is_null($user)) {
# If login,attr is set to DN, then user should be a DN
if (($this->getValue('login','attr') == 'dn') || $method != 'user')
- $userDN = $user;
+ $userDN = $this->getValue('login', 'bind_dn_template') ? $this->fillDNTemplate($user) : $user;
else
$userDN = $this->getLoginID($user,'login');
@@ -512,6 +512,15 @@ class ldap extends DS {
return $this->getBaseDN();
}
+ private function fillDNTemplate($user) {
+ foreach($this->getLoginBaseDN() as $base)
+ if(substr_compare($user, $base, -strlen($base)) === 0)
+ return $user; // $user already passed as DN
+
+ // fill template
+ return sprintf($this->getValue('login', 'bind_dn_template'), preg_replace('/([,\\\\#+<>;"=])/', '\\\\$1', $user));
+ }
+
/**
* Return the login classes that a user must have to login
*/
diff --git a/locale/de_DE/LC_MESSAGES/messages.mo b/locale/de_DE/LC_MESSAGES/messages.mo
index c683d73..0ae7fc2 100644
Binary files a/locale/de_DE/LC_MESSAGES/messages.mo and b/locale/de_DE/LC_MESSAGES/messages.mo differ