From 246e8f67c598664741954aa2cbb4cfeafea7ef85 Mon Sep 17 00:00:00 2001
From: Jean-Philippe Lang <jp_lang@yahoo.fr>
Date: Sun, 6 Apr 2008 17:29:09 +0000
Subject: [PATCH] Redmine.pm support for LDAP authentication (patch by Liwiusz
 Ociepa). Closes #879, #918.

git-svn-id: http://redmine.rubyforge.org/svn/trunk@1335 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 extra/svn/Redmine.pm | 31 ++++++++++++++++++++++++++-----
 1 file changed, 26 insertions(+), 5 deletions(-)

diff --git a/extra/svn/Redmine.pm b/extra/svn/Redmine.pm
index b76622e3d..f4c5abc6b 100644
--- a/extra/svn/Redmine.pm
+++ b/extra/svn/Redmine.pm
@@ -90,6 +90,7 @@ use strict;
 
 use DBI;
 use Digest::SHA1;
+use Authen::Simple::LDAP;
 
 use Apache2::Module;
 use Apache2::Access;
@@ -140,7 +141,7 @@ sub is_public_project {
 
     my $dbh = connect_database($r);
     my $sth = $dbh->prepare(
-	"SELECT * FROM projects WHERE projects.identifier=? and projects.is_public=true;"
+        "SELECT * FROM projects WHERE projects.identifier=? and projects.is_public=true;"
     );
 
     $sth->execute($project_id);
@@ -176,17 +177,37 @@ sub is_member {
   my $pass_digest = Digest::SHA1::sha1_hex($redmine_pass);
 
   my $sth = $dbh->prepare(
-      "SELECT hashed_password FROM members, projects, users WHERE projects.id=members.project_id AND users.id=members.user_id AND users.status=1 AND login=? AND identifier=?;"
+      "SELECT hashed_password, auth_source_id FROM members, projects, users WHERE projects.id=members.project_id AND users.id=members.user_id AND users.status=1 AND login=? AND identifier=?;"
   );
   $sth->execute($redmine_user, $project_id);
 
   my $ret;
   while (my @row = $sth->fetchrow_array) {
-      if ($row[0] eq $pass_digest) {
-	  $ret = 1;
-	  last;
+      unless ($row[1]) {
+          if ($row[0] eq $pass_digest) {
+              $ret = 1;
+              last;
+          }
+      } else {
+          my $sthldap = $dbh->prepare(
+              "SELECT host,port,account,account_password,base_dn,attr_login from auth_sources WHERE id = ?;"
+          );
+          $sthldap->execute($row[1]);
+          while (my @rowldap = $sthldap->fetchrow_array) {
+            my $ldap = Authen::Simple::LDAP->new(
+	        host 	=>	$rowldap[0],
+		port	=>	$rowldap[1],
+		basedn	=>	$rowldap[4],
+		binddn	=>	$rowldap[2] ? $rowldap[2] : "",
+		bindpw	=>	$rowldap[3] ? $rowldap[3] : "",
+		filter	=>	"(".$rowldap[5]."=%s)"
+	    );
+	    $ret = 1 if ($ldap->authenticate($redmine_user, $redmine_pass));
+          }
+          $sthldap->finish();
       }
   }
+  $sth->finish();
   $dbh->disconnect();
 
   $ret;
-- 
GitLab