--- cas-module.bak/cas.module	2007-02-22 18:28:06.000000000 +0100
+++ modules/cas/cas.module	2007-02-22 22:13:34.000000000 +0100
@@ -9,6 +9,23 @@
 require_once('CAS/CAS.php');
 
 /**
+* LDAP Auxiliary functions
+*/
+
+function init_ldap()
+{
+  include_once('LDAPInterface.php');
+  $ldap = new LDAPInterface();
+  $ldap->setOption('name', 'ldap');
+  $ldap->setOption('server',  (string)variable_get('cas_ldap_server', ''));
+  $ldap->setOption('port', (int)variable_get('cas_ldap_port', '389'));
+  $ldap->setOption('tls', variable_get('cas_ldap_tls',0));
+  $ldap->setOption('basedn', (string)variable_get('cas_ldap_basedn', ''));
+  $ldap->setOption('user_attr', (string)variable_get('cas_ldap_login_attribute', 'uid'));
+  return $ldap;
+}
+
+/**
 * Implementation of hook_init
 * Traps a page load to see if authentication is required.
 */
@@ -28,6 +45,7 @@
      $server_port      = (int)variable_get('cas_port', '443');
      $server_uri       = (string)variable_get('cas_uri', '');
      $cas_domain       = (string)variable_get('cas_domain','');
+     $cas_useldap      = variable_get('cas_useldap',0);
      $start_session    = (boolean)FALSE; // Drupal takes care of its own session
      cas_save_page();
      phpCAS::client($server_version, $server_cas_server, $server_port, $server_uri, $start_session);
@@ -70,6 +88,15 @@
            $user_default['authname_cas'] = $cas_name;
          if ($cas_domain)
            $user_default['mail'] = $cas_name . '@' . $cas_domain;
+         if ($cas_useldap)
+         {
+           $ldap = init_ldap();
+           $ldap->connect();
+           $cas_ldap_email_attribute = (string)variable_get('cas_ldap_email_attribute','mail');
+           $ldap_entries = $ldap->search($ldap->getOption('basedn'), $ldap->getOption('user_attr').'='.$cas_name, array($cas_ldap_email_attribute));
+           if ($ldap_entries['count']==1)
+             $user_default['mail'] = $ldap_entries[0][$cas_ldap_email_attribute][0];
+         }
          $user = user_save("", $user_default);
          watchdog("user", "new user: $user->name (CAS)", l(t("edit user"), "admin/user/edit/$user->uid"));
          if(($user->uid) && ($user->uid > 0) && $cas_authmap)
@@ -120,7 +147,7 @@
   if ($may_cache) {
     $items[] = array(
       'path' => 'admin/user/cas',
-      'title' => t('cas settings'),
+      'title' => t('CAS settings'),
       'description' => 'Configure central authentication services',
       'callback' => 'drupal_get_form',
       'callback arguments' => 'cas_admin_settings',
@@ -160,6 +187,14 @@
   $form['pages'] = array('#type' => 'fieldset', '#title' => t('Redirection settings'),'#collapsible' => true,    '#collapsed' => true);
   $form['pages']['cas_access'] = array('#type' => 'radios', '#title' => t('Require Cas Login for '), '#default_value' => variable_get('cas_access',0), '#options' => array(t('specific pages'), t('all pages')));
   $form['pages']['cas_pages'] = array('#type' => 'textarea',  '#title' => t('Specific pages'),  '#default_value' => variable_get('cas_pages',''), '#cols' => 40,	'#rows' => 5, '#description' => t("Enter one page per line as Drupal paths. The '*' character is a wildcard. Example paths are '<em>blog</em>' for the blog page and '<em>blog/*</em>' for every personal blog. '<em>&lt;front&gt;</em>' is the front page."));
+  $form['ldap'] = array('#type' => 'fieldset', '#title' => t('LDAP settings'),'#collapsible' => true,    '#collapsed' => true);
+  $form['ldap']['cas_useldap'] = array('#type' => 'checkbox', '#title' => t('Should we extract some user information from an LDAP directory?'), '#default_value' => variable_get('cas_useldap', 0), '#description' => t('Activate this option if you want to extract the user email from an LDAP directory.'));
+  $form['ldap']['cas_ldap_server'] = array('#type' => 'textfield',  '#title' => t('LDAP Server'), '#default_value' => variable_get('cas_ldap_server', ''), '#size' => 30,'#maxlength' => 55, '#description' => t('Location of LDAP directory.'));
+  $form['ldap']['cas_ldap_port'] = array('#type' => 'textfield',  '#title' => t('LDAP Port'), '#default_value' => variable_get('cas_ldap_port', '389'), '#size' => 30, '#maxlength' => 8, '#description' => t('389 is the standard LDAP port; 636 is the standard LDAPS port.'));
+  $form['ldap']['cas_ldap_tls'] = array('#type' => 'checkbox', '#title' => t('Use TLS encryption'), '#default_value' => variable_get('cas_ldap_tls', 0), '#description' => t('Secure LDAP connection using TLS.'));
+  $form['ldap']['cas_ldap_basedn'] = array('#type' => 'textfield',  '#title' => t('Base DN'), '#default_value' => variable_get('cas_ldap_basedn', 'dc=example,dc=org'), '#size' => 30, '#maxlength' => 55, '#description' => t('LDAP base DN.'));
+  $form['ldap']['cas_ldap_login_attribute'] = array('#type' => 'textfield',  '#title' => t('Login attribute'), '#default_value' => variable_get('cas_ldap_login_attribute', 'uid'), '#size' => 30,'#maxlength' => 55, '#description' => t('LDAP entry attribute containing the user login.'));
+  $form['ldap']['cas_ldap_email_attribute'] = array('#type' => 'textfield',  '#title' => t('Email attribute'), '#default_value' => variable_get('cas_ldap_email_attribute', 'mail'), '#size' => 30,'#maxlength' => 55, '#description' => t('LDAP entry attribute containing the email address.'));
   return system_settings_form($form);
 }
 /**
@@ -268,10 +303,26 @@
   switch ($form_id){
     case 'user_edit':
       //make the email field hidden and force the value to the default.
-      if (variable_get('cas_hide_email',0) && variable_get('cas_domain',''))
+      if (variable_get('cas_hide_email',0))
       {
-        $form['account']['mail']['#type']='hidden';
-        $form['account']['mail']['#value']= $form['account']['name']['#default_value'].'@'.variable_get('cas_domain','');
+        if (variable_get('cas_domain',''))
+        {
+          $form['account']['mail']['#type']='hidden';
+          $form['account']['mail']['#value']= $form['account']['name']['#default_value'].'@'.variable_get('cas_domain','');
+        }
+        if (variable_get('cas_useldap',''))
+        {
+          $ldap = init_ldap();
+          $ldap->connect();
+          $cas_ldap_email_attribute = (string)variable_get('cas_ldap_email_attribute','mail');
+          $ldap_entries = $ldap->search($ldap->getOption('basedn'), $ldap->getOption('user_attr').'='.$form['account']['name']['#default_value'], array($cas_ldap_email_attribute));
+          if ($ldap_entries['count']==1 && isset($ldap_entries[0][$cas_ldap_email_attribute][0]))
+          if (trim($cas_ldap_email_attribute][0])!='')
+          {
+            $form['account']['mail']['#type']='hidden';
+            $form['account']['mail']['#value']= $ldap_entries[0][$cas_ldap_email_attribute][0];
+          }
+        }
       }
 
       //Remove the password fields from the form.
