Allows you to search LDAP directories for values (like telephone numbers) from within your page.
Compatible with DokuWiki
2006-11-06
Allows you to search LDAP directories for values (like telephone numbers) from within your page.
Download and install the plugin using the Plugin Manager using the following URL. Refer to Plugins on how to install plugins manually.
Its pretty simple to do a standalone LDAP call. The syntax is as follows
[ldapsearch <ldapurl>]
The regex for ldapurl matches on, but it conforms the LDAP URL standards out there (I think)
ldap:\/\/([\w\.-_]+):([0-9]+)\/([^\?]*)\?([^\?]*)\?(base|one|sub)\?([^\]]+)
For example :
[ldapsearch ldap://ldapserver.baselineit.net:389/ou=AddressBook,dc=baselineit,dc=net?telephoneNumber,mail,homephone?sub?(givenName=a*)]
You can now setup named searches in the config section. To setup this up go to the config section and setup the following criteria name, host, port, basedn, binddn, bindpassword, scope, attributes and whether the user can override these settings.
if you setup a named search as BASELINEIT, your local.conf would look something like this
$conf['plugin']['ldapsearch']['name'] = 'BASELINEIT'; $conf['plugin']['ldapsearch']['hostname'] = 'localhost'; $conf['plugin']['ldapsearch']['port'] = '389'; $conf['plugin']['ldapsearch']['basedn'] = 'ou=AddressBook,dc=baselineit,dc=net'; $conf['plugin']['ldapsearch']['attributes'] = 'telephoneNumber'; $conf['plugin']['ldapsearch']['scope'] = 'one'; $conf['plugin']['ldapsearch']['allow_overrides'] = 1;
Then in your code,
[ldapsearch search=BASELINEIT filter=(&(givenName=Joe)(sn=Bloggs)) attributes=mail]
Post 2009-06-01, the following also works
[ldapsearch search="BASELINEIT" filter="(&(givenName=Joe)(sn=Bloggs))" attributes="mail"]
That would return you Joe Bloggs' mail address (overriding the config param attributes=telephoneNumber). The following can be specified as parameters
Now as you can clearly see, there is a massive potential security threat here. If you setup your LDAP access with the supervisor binddn and password (then you're an idiot) and then set allow_override, a person can poke around your entire LDAP db as root by overriding basedn, scope and other bits, so be wary of that.
In addition to this, you can specify multiple searchable LDAP services by doing the following
$conf['plugin']['ldapsearch']['name'] = 'BASELINEIT|anotherone'; $conf['plugin']['ldapsearch']['hostname'] = 'localhost|somewhere.else.com'; $conf['plugin']['ldapsearch']['port'] = '389|389'; $conf['plugin']['ldapsearch']['basedn'] = 'ou=AddressBook,dc=baselineit,dc=net|ou=AddressBook,dc=somewhere,dc=else,dc=com'; $conf['plugin']['ldapsearch']['attributes'] = 'telephoneNumber|'; $conf['plugin']['ldapsearch']['scope'] = 'one|sub'; $conf['plugin']['ldapsearch']['allow_overrides'] = 1;
Which is called anotherone and will search the LDAP services at somewhere.else.com:389 subtree of ou=AddressBook,dc=somewhere,dc=else,dc=com and the attribute isn't set, which means you will need to set it in the page.
Nice plugin, but I found the following problems :
conf/default.php and conf/metadata.php have short PHP open tag (<?). This does not work on may servers (mine for example) I had to change the first line of those file from :<?
to
<?php
syntax.php is wrong. in function handle, replace this line :$urlSyntax = 'ldap:\/\/([\w\.-_]+):([0-9]+)\/([^\?]*)\?([^\?]*)\?(base|one|sub)\?([^\]]+)';
with this line :
$urlSyntax = 'ldap:\/\/([-\w.]+):([0-9]+)\/([^\?]*)\?([^\?]*)\?(base|one|sub)\?([^\]]+)';
build_ldapsearch_conf in file syntax.php. remove or comment out the last line of the function that readsprint_r($this->ldapsearch_conf);
pass by reference has been deprecated for a long time
PHP Warning: Call-time pass-by-reference has been deprecated in /usr/share/dokuwiki/lib/plugins/ldapsearch/syntax.php on line 56
here's my patch to fix it
— Elan Ruusamäe 2010-09-10 14:51
Author : This is fixed
— KlausE