Peterbruin has uploaded a new change for review. https://gerrit.wikimedia.org/r/65865
Change subject: Prevent searching for AD groups for no AD LDAP ...................................................................... Prevent searching for AD groups for no AD LDAP Searching non AD LDAP domains for AD groups will result in many entries in the error.log. A new setting has been added to make it easier to differentiate between AD and posix LDAP. Default is AD to make sure currently functionality is not changed and ensure save upgrade. Example usage: $wgLDAPActiveDirectory = array( 'testADLDAPDomain' => true, 'testPosixLDAPDomain' => false ); Change-Id: Id7eb016a3c105fa9e08592f876bd5a8726416b68 --- M LdapAuthentication.php 1 file changed, 6 insertions(+), 3 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/LdapAuthentication refs/changes/65/65865/1 diff --git a/LdapAuthentication.php b/LdapAuthentication.php index 084fe2d..39e7c2c 100644 --- a/LdapAuthentication.php +++ b/LdapAuthentication.php @@ -73,8 +73,9 @@ $wgLDAPAutoAuthUsername = ""; $wgLDAPAutoAuthDomain = ""; $wgPasswordResetRoutes['domain'] = true; +$wgLDAPActiveDirectory = array(); -define( "LDAPAUTHVERSION", "2.0d" ); +define( "LDAPAUTHVERSION", "2.0e" ); /** * Add extension information to Special:Version @@ -466,6 +467,9 @@ case 'AutoAuthDomain': global $wgLDAPAutoAuthDomain; return $wgLDAPAutoAuthDomain; + case 'ActiveDirectory': + global $wgLDAPActiveDirectory; + return self::setOrDefault( $wgLDAPActiveDirectory, $domain, true ); } return ''; } @@ -1694,8 +1698,7 @@ $groups = array( "short" => array(), "dn" => array() ); // AD does not include the primary group in the list of groups, we have to find it ourselves. - // TODO: find a way to only do this search for AD domains. - if ( $dn != "*" ) { + if ( $dn != "*" && $this->getConf('ActiveDirectory')) { $PGfilter = "(&(distinguishedName=$value)(objectclass=user))"; $this->printDebug( "User Filter: $PGfilter", SENSITIVE ); $PGinfo = LdapAuthenticationPlugin::ldap_search( $this->ldapconn, $base, $PGfilter ); -- To view, visit https://gerrit.wikimedia.org/r/65865 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Id7eb016a3c105fa9e08592f876bd5a8726416b68 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/extensions/LdapAuthentication Gerrit-Branch: master Gerrit-Owner: Peterbruin <pe...@bruin.sg> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits