Thread:Extension talk:LDAP Authentication/$wgLDAPUseLocal and the template's 'useemail' property

Using LDAPAuthentication on our wiki but also allowing local users and logins (thus having set $wgLDAPUseLocal to true), we noticed that the email field was missing on the UserCreateForm. The email address being required to create a user, the form wouldn't submit successfully, thus preventing new users from signing up.

It took me a while to find that the modifyUITemplate method was changing the template's properties. I thus suggest the following patch to LdapAuthentication.php in order to allow new users to sign up locally:

454  if ( $wgLDAPUseLocal ) { 455     // don't touch the useemail setting 456  } else { 457     $template->set( 'useemail', isset( $wgLDAPMailPassword[$_SESSION['wsDomain']] ) && $wgLDAPMailPassword[$_SESSION['wsDomain']] ); 458  }

However, experimenting with this and another dirty workaround, such as setting $wgLDAPMailPassword in LocalSettings.php, I noticed that the value of $_SESSION['wsDomain'] in our case is 'invaliddomain'. (Thus requiring $wgLDAPMailPassword = array( 'invaliddomain' => true ); to achieve the same result as above.)

I did have "get_class($template) == 'UsercreateTemplate'" in the if statement above in the beginning until I realized that there's no email field at all at the login screen. Which brings me to the conclusion that this testing of $wgLDAPMailPassword[$_SESSION['wsDomain']] in modifyUITemplate makes no sense at all, or does it?

Where it would make sense to test for some conditions would be at the point where a user would request to have a new, temporary password sent to him. Here, one would have to test either
 * whether the user is a local user and password retrieval is enabled at all
 * OR whether the user belongs to a domain, we have write access to ldap and LDAPMailPassword is set to true.

I can see that you cannot hide the "E-mail new password" button before the user has chosen a domain. But even with the above patch applied, the result of that action will still be "Login error Passwords cannot be changed", thus having done no harm at all.

Finally, I have noticed that the UserloginTemplate, on line 102, tests this before displaying the password-reset button: if ( $this->data['useemail'] && $this->data['canreset'] ) {

So wouldn't this be more appropriate:

454     $template->set( 'canreset', isset( $wgLDAPMailPassword[$_SESSION['wsDomain']] ) && $wgLDAPMailPassword[$_SESSION['wsDomain']] );

circumventing all of the above problems? ;) (Though still requiring an exception for the retrieval of local user's passwords!)