From 7915ba2de9b73d6859e75b8d52b479d94fd0c977 Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Sat, 31 Oct 2009 13:53:38 -0700
Subject: [PATCH 1/3] 1) Added support for the email attribute on the Ldap_User
 object (references the ldap mail attribute) 2) Added support for the
 avatar_url method. 3) Added a config parameter to the IdentityProvider to
 specifiy the configuration.  This allows the ldap installer to instantiate
 the ldap Identity provider to use in the install and uninstall methods.

---
 modules/ldap/helpers/ldap_installer.php       |  9 ++--
 .../drivers/IdentityProvider/Ldap.php         | 50 ++++++++++++-------
 2 files changed, 35 insertions(+), 24 deletions(-)

diff --git a/modules/ldap/helpers/ldap_installer.php b/modules/ldap/helpers/ldap_installer.php
index cc227960..c68ac6b6 100644
--- a/modules/ldap/helpers/ldap_installer.php
+++ b/modules/ldap/helpers/ldap_installer.php
@@ -21,19 +21,18 @@ class ldap_installer {
   static function install() {
     module::set_version("ldap", 1);
     $root = item::root();
-    foreach (identity::groups() as $group) {
+    $ldap_provider = new IdentityProvider("ldap");
+    foreach ($ldap_provider->groups() as $group) {
       module::event("group_created", $group);
       access::allow($group, "view", $root);
       access::allow($group, "view_full", $root);
     }
-    // Let the admin own everything
-    $admin = identity::admin_user();
-    Database::instance()->query("UPDATE {items} SET owner_id = {$admin->id}");
   }
 
   static function uninstall() {
     // Delete all groups so that we give other modules an opportunity to clean up
-    foreach (identity::groups() as $group) {
+    $ldap_provider = new IdentityProvider("ldap");
+    foreach ($ldap_provider->groups() as $group) {
       module::event("group_deleted", $group);
     }
   }
diff --git a/modules/ldap/libraries/drivers/IdentityProvider/Ldap.php b/modules/ldap/libraries/drivers/IdentityProvider/Ldap.php
index 1342b231..e118d1fc 100644
--- a/modules/ldap/libraries/drivers/IdentityProvider/Ldap.php
+++ b/modules/ldap/libraries/drivers/IdentityProvider/Ldap.php
@@ -45,6 +45,7 @@ class IdentityProvider_Ldap_Driver implements IdentityProvider_Driver {
       self::$_guest_user->guest = true;
       self::$_guest_user->admin = false;
       self::$_guest_user->locale = null;
+      self::$_guest_user->email = null;
       self::$_guest_user->groups = array($this->everybody());
     }
     return self::$_guest_user;
@@ -80,6 +81,9 @@ class IdentityProvider_Ldap_Driver implements IdentityProvider_Driver {
    * @see IdentityProvider_Driver::lookup_user.
    */
   public function lookup_user($id) {
+    if ($id == 0) {
+      return $this->guest();
+    }
     $result = ldap_search(self::$_connection, self::$_params["user_domain"], "uidNumber=$id");
     $entries = ldap_get_entries(self::$_connection, $result);
     if ($entries["count"] > 0) {
@@ -225,35 +229,43 @@ class Ldap_User implements User_Definition {
 
   public function __get($key) {
     switch($key) {
-      case "name":
-        return $this->ldap_entry["uid"][0];
+    case "name":
+      return $this->ldap_entry["uid"][0];
 
-      case "guest":
-        return false;
+    case "guest":
+      return false;
 
-      case "id":
-        return $this->ldap_entry["uidnumber"][0];
+    case "id":
+      return $this->ldap_entry["uidnumber"][0];
 
-      case "groups":
-        return IdentityProvider_Ldap_Driver::groups_for($this);
+    case "groups":
+      return IdentityProvider_Ldap_Driver::groups_for($this);
 
-      case "locale":  // @todo
-        return null;
+    case "locale":  // @todo
+      return null;
 
-      case "admin":
-        return in_array($this->ldap_entry["uid"][0],
-                        IdentityProvider_Ldap_Driver::$_params["admins"]);
+    case "admin":
+      return in_array($this->ldap_entry["uid"][0],
+                      IdentityProvider_Ldap_Driver::$_params["admins"]);
 
-      case "dn":
-        return $this->ldap_entry["dn"];
+    case "email":
+      return $this->ldap_entry["mail"];
 
-      case "url":  // @todo
-        return null;
+    case "dn":
+      return $this->ldap_entry["dn"];
 
-      default:
-        throw new Exception("@todo UNKNOWN_KEY ($key)");
+    case "url":  // @todo
+      return null;
+
+    default:
+      throw new Exception("@todo UNKNOWN_KEY ($key)");
     }
   }
+
+  public function avatar_url($size=80, $default=null) {
+    return sprintf("http://www.gravatar.com/avatar/%s.jpg?s=%d&r=pg%s",
+                   md5($this->email), $size, $default ? "&d=" . urlencode($default) : "");
+  }
 }
 
 class Ldap_Group implements Group_Definition {

From 9963d59e3bc704bc499eace8e0849b3d6001b40b Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Sat, 31 Oct 2009 14:31:18 -0700
Subject: [PATCH 2/3] Ignore any exceptions or errors on the ldap_bind...
 assume they are password related and just return false as an invalid
 password.  Fixes ticket #864.

---
 modules/ldap/libraries/drivers/IdentityProvider/Ldap.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/ldap/libraries/drivers/IdentityProvider/Ldap.php b/modules/ldap/libraries/drivers/IdentityProvider/Ldap.php
index e118d1fc..1f82b56f 100644
--- a/modules/ldap/libraries/drivers/IdentityProvider/Ldap.php
+++ b/modules/ldap/libraries/drivers/IdentityProvider/Ldap.php
@@ -71,7 +71,7 @@ class IdentityProvider_Ldap_Driver implements IdentityProvider_Driver {
   public function is_correct_password($user, $password) {
     $connection = ldap_connect(self::$_params["url"]);
     ldap_set_option($connection, LDAP_OPT_PROTOCOL_VERSION, 3);
-    $lbind = ldap_bind($connection, $user->dn, $password);
+    $lbind = @ldap_bind($connection, $user->dn, $password);
     ldap_unbind($connection);
 
     return ($lbind) ? true : false;

From 3d82eb19f2e341b75d84173b9dab9eb1a10c4a68 Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Sat, 31 Oct 2009 14:34:33 -0700
Subject: [PATCH 3/3] delete the unused ldap.php config file and rename the
 gallery.ldif to gallery_sample.ldif to clearly indicate that it is not
 required and only a sample.

---
 .../{gallery.ldif => gallery_sample.ldif}     |  0
 modules/ldap/config/ldap.php                  | 28 -------------------
 2 files changed, 28 deletions(-)
 rename modules/ldap/config/{gallery.ldif => gallery_sample.ldif} (100%)
 delete mode 100644 modules/ldap/config/ldap.php

diff --git a/modules/ldap/config/gallery.ldif b/modules/ldap/config/gallery_sample.ldif
similarity index 100%
rename from modules/ldap/config/gallery.ldif
rename to modules/ldap/config/gallery_sample.ldif
diff --git a/modules/ldap/config/ldap.php b/modules/ldap/config/ldap.php
deleted file mode 100644
index 07eda591..00000000
--- a/modules/ldap/config/ldap.php
+++ /dev/null
@@ -1,28 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.");
-/**
- * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2009 Bharat Mediratta
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at
- * your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
- */
-$config = array(
-  "groups" => array("eng", "google", "prebuild", "guest"),
-  "everybody_group" => "guest",
-  "registered_users_group" => "google",
-  "admins" => array("mediratta"),
-  "url" => "ldaps://ldap.corp.google.com/",
-  "group_domain" => "ou=Posix,ou=Groups,dc=google,dc=com",
-  "user_domain" => "ou=People,dc=google,dc=com",
-);