1 files changed, 48 insertions, 0 deletions

diff --git a/extensions/LDAPGroups/lib/Auth/Verify/LDAP.pm b/extensions/LDAPGroups/lib/Auth/Verify/LDAP.pm
new file mode 100644
index 0000000..4cbc072
--- /dev/null
+++ b/extensions/LDAPGroups/lib/Auth/Verify/LDAP.pm
@@ -0,0 +1,48 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# This Source Code Form is "Incompatible With Secondary Licenses", as
+# defined by the Mozilla Public License, v. 2.0.
+
+package Bugzilla::Extension::LDAPGroups::Auth::Verify::LDAP;
+use strict;
+use parent qw(Bugzilla::Auth::Verify::LDAP);
+
+use Bugzilla::Error qw(ThrowCodeError);
+
+use Net::LDAP::Util qw(escape_filter_value);
+
+
+sub check_credentials {
+    my ($self, $params) = @_;
+    $params = $self->SUPER::check_credentials($params);
+    return $params if $params->{failure};
+    my $ldap_group_dns = $self->_ldap_member_of_groups($params->{bz_username});
+    $params->{ldap_group_dns} = $ldap_group_dns if scalar @$ldap_group_dns;
+    return $params;
+}
+
+sub _ldap_member_of_groups {
+    my ($self, $uid) = @_;
+
+    $uid = escape_filter_value($uid);
+    my $uid_attr = Bugzilla->params->{"LDAPuidattribute"};
+    my $base_dn = Bugzilla->params->{"LDAPBaseDN"};
+    my $dn_result = $self->ldap->search(( base   => $base_dn,
+                                          scope  => 'sub',
+                                          filter => "$uid_attr=$uid" ),
+                                        attrs => ['memberof']);
+
+    if ($dn_result->code) {
+        ThrowCodeError('ldap_search_error',
+            { errstr => $dn_result->error, username => $uid });
+    }
+
+    my @ldap_group_dns;
+    push @ldap_group_dns, $_->get_value('memberof') for $dn_result->entries;
+
+    return \@ldap_group_dns;
+}
+
+1;