I've got a follow-up patch that takes care of the loose-ends from the first patch. In particular, we needed to connect to the LDAP connection using an LDAP URL (specifying host, port and tls options seperately too cumbersome, URL's being the de-facto method these days), and bind using a DN that is not part of the 'people' OU.
This time, I've prepared and tested it against a fresh GO trunk checkout to make integration easier. In summary...
* Ability to connect to SSL-based LDAP servers (add URL-based config parameters)
* Backwards-compatible for instances still configured using old LDAP config parameters.
* Ability to bind to the LDAP server using any DN (replace user/pass config with 'binddn' and 'bindpw').
* Backwards-compatible with old config params.
* Refactor main functionality of 'before_login' hook into smaller functions, for simplicity/readability. Add comments.
* Simplify 'add', 'modify' and 'delete' methods on LDAP class. Duplicated code unnecessary, as caller should really have connected first anyway.
* Add a simple 'get_connection()' method, allowing calling modules (e.g. LDAP address book or directory management modules) to get an LDAP handle without duplicating code between them.
* Create 'ldap_create_groupoffice_account' configuration parameter, so GO accounts are only created from successful LDAP authentications if explicitly configured to be.
* Create 'ldap_disable_password_update' configuration parameter, to allow the user to disable the (often undesirable) behaviour of LDAP passwords getting copied into GroupOffice's database. IMHO, it should probably really be disabled by default and configurable explicitly (?).
* Create 'ldap_create_mailboxes_for_email_domain' to explicitly enable the attempt to create mailboxes in conjunction with the imapauth module.
Also attached, updated source for the following wiki page to cover new configuration parameters.
http://www.group-office.com/wiki/IMAP_o ... entication
Please accept these patches with our best regards.
Agent Design Ltd