/**
  * @return void
  */
 function fetchGroupInfo($refreshCache = true)
 {
     global $wgAuth;
     global $wgOpenStackManagerLDAPServiceGroupBaseDN;
     global $wgMemc;
     # Load service group entry
     $dn = $wgOpenStackManagerLDAPServiceGroupBaseDN;
     $query = '(cn=' . $this->groupName . ')';
     $key = wfMemcKey('openstackmanager', 'servicegroup', $this->groupName);
     if ($refreshCache) {
         $wgMemc->delete($key);
         $groupInfo = null;
     } else {
         $groupInfo = $wgMemc->get($key);
     }
     if (is_array($groupInfo)) {
         $this->groupInfo = $groupInfo;
     } else {
         $result = LdapAuthenticationPlugin::ldap_search($wgAuth->ldapconn, $dn, $query);
         $this->groupInfo = LdapAuthenticationPlugin::ldap_get_entries($wgAuth->ldapconn, $result);
         $wgMemc->set($key, $this->groupInfo, 3600 * 24);
     }
     if ($this->groupInfo['count'] != "0") {
         $this->groupDN = $this->groupInfo[0]['dn'];
     }
     $this->usersDN = "ou=people" . "," . $wgOpenStackManagerLDAPServiceGroupBaseDN;
 }
 /**
  * Fetch the host from LDAP and initialize the object
  *
  * @return void
  */
 function fetchHostInfo()
 {
     global $wgAuth;
     global $wgOpenStackManagerLDAPInstanceBaseDN;
     $this->ip = $wgAuth->getLdapEscapedString($this->ip);
     $result = LdapAuthenticationPlugin::ldap_search($wgAuth->ldapconn, $wgOpenStackManagerLDAPInstanceBaseDN, '(dc=' . $this->ip . ')');
     $this->hostInfo = LdapAuthenticationPlugin::ldap_get_entries($wgAuth->ldapconn, $result);
     if ($this->hostInfo["count"] == "0") {
         $this->hostInfo = null;
     } else {
         $this->hostDN = $this->hostInfo[0]['dn'];
     }
 }
 /**
  * @return void
  */
 function fetchRoleInfo()
 {
     global $wgAuth;
     $dn = $this->project->projectDN;
     if (!$dn) {
         return;
     }
     $query = '(cn=' . $this->rolename . ')';
     $result = LdapAuthenticationPlugin::ldap_search($wgAuth->ldapconn, $dn, $query);
     $this->roleInfo = LdapAuthenticationPlugin::ldap_get_entries($wgAuth->ldapconn, $result);
     if ($this->roleInfo['count'] != "0") {
         $this->roleDN = $this->roleInfo[0]['dn'];
     }
 }
 /**
  * Fetch the project group from LDAP and initialize the object
  * @return void
  */
 function fetchProjectGroupInfo($refresh = true)
 {
     global $wgAuth;
     global $wgOpenStackManagerLDAPProjectGroupBaseDN;
     if ($this->loaded and !$refresh) {
         return;
     }
     $result = LdapAuthenticationPlugin::ldap_search($wgAuth->ldapconn, $wgOpenStackManagerLDAPProjectGroupBaseDN, '(&(cn=' . $this->getProjectGroupName() . ')(objectclass=groupofnames))');
     $this->projectGroupInfo = LdapAuthenticationPlugin::ldap_get_entries($wgAuth->ldapconn, $result);
     if (!isset($this->projectGroupInfo[0])) {
         $this->loaded = false;
         return;
     }
     $this->projectGroupDN = $this->projectGroupInfo[0]['dn'];
     $this->loaded = true;
 }
 /**
  * Fetch the host from LDAP and initialize the object
  *
  * @return void
  */
 function fetchHostInfo()
 {
     global $wgAuth;
     global $wgOpenStackManagerLDAPInstanceBaseDN;
     if ($this->getDomain()) {
         $fqdn = $this->instancename . '.' . $this->instanceproject . '.' . $this->getDomain()->getFullyQualifiedDomainName();
     } else {
         # No domain means no instance!
         $this->hostInfo = null;
         return;
     }
     $result = LdapAuthenticationPlugin::ldap_search($wgAuth->ldapconn, $wgOpenStackManagerLDAPInstanceBaseDN, '(dc=' . $fqdn . ')');
     $this->hostInfo = LdapAuthenticationPlugin::ldap_get_entries($wgAuth->ldapconn, $result);
     if ($this->hostInfo["count"] == "0") {
         $this->hostInfo = null;
     } else {
         $this->hostDN = $this->hostInfo[0]['dn'];
     }
 }
예제 #6
0
 /**
  * @return void
  */
 function fetchRoleInfo()
 {
     global $wgAuth;
     global $wgOpenStackManagerLDAPGlobalRoles;
     $query = '';
     if ($this->global) {
         if (isset($wgOpenStackManagerLDAPGlobalRoles["{$this->rolename}"])) {
             $dn = $wgOpenStackManagerLDAPGlobalRoles["{$this->rolename}"];
             $query = '(objectclass=groupofnames)';
         } else {
             # This condition would be a bug...
             $dn = '';
         }
     } else {
         $dn = $this->project->projectDN;
         $query = '(cn=' . $this->rolename . ')';
     }
     $result = LdapAuthenticationPlugin::ldap_search($wgAuth->ldapconn, $dn, $query);
     $this->roleInfo = LdapAuthenticationPlugin::ldap_get_entries($wgAuth->ldapconn, $result);
     if ($this->roleInfo['count'] != "0") {
         $this->roleDN = $this->roleInfo[0]['dn'];
     }
 }
	/**
	 * Get all sudo policies
	 *
	 * @static
	 * @return array of OpenStackNovaSudoer
	 */
	static function getAllSudoers() {
		global $wgAuth, $wgOpenStackManagerLDAPSudoerBaseDN;

		OpenStackNovaLdapConnection::connect();

		$sudoers = array();
		$result = LdapAuthenticationPlugin::ldap_search( $wgAuth->ldapconn, $wgOpenStackManagerLDAPSudoerBaseDN, '(&(cn=*)(objectclass=sudorole))' );
		if ( $result ) {
			$entries = LdapAuthenticationPlugin::ldap_get_entries( $wgAuth->ldapconn, $result );
			if ( $entries ) {
				# First entry is always a count
				array_shift( $entries );
				foreach ( $entries as $entry ) {
					$sudoer = new OpenStackNovaSudoer( $entry['cn'][0] );
					array_push( $sudoers, $sudoer );
				}
			}
		}

		return $sudoers;
	}
 /**
  * Get all sudo policies
  *
  * @param $projectName
  * @return array of OpenStackNovaSudoer
  */
 static function getAllSudoersByProject($projectName)
 {
     global $wgAuth;
     OpenStackNovaLdapConnection::connect();
     $sudoers = array();
     $project = OpenStackNovaProject::getProjectByName($projectName);
     $result = LdapAuthenticationPlugin::ldap_search($wgAuth->ldapconn, $project->getSudoersDN(), '(&(cn=*)(objectclass=sudorole))');
     if ($result) {
         $entries = LdapAuthenticationPlugin::ldap_get_entries($wgAuth->ldapconn, $result);
         if ($entries) {
             # First entry is always a count
             array_shift($entries);
             foreach ($entries as $entry) {
                 $sudoer = new OpenStackNovaSudoer($entry['cn'][0], $project);
                 $sudoers[] = $sudoer;
             }
         }
     }
     return $sudoers;
 }
 /**
  * Search groups for the supplied DN
  *
  * @param string $dn
  * @return array
  */
 private function searchGroups($dn)
 {
     $this->printDebug("Entering searchGroups", NONSENSITIVE);
     $base = $this->getBaseDN(GROUPDN);
     $objectclass = $this->getConf('GroupObjectclass');
     $attribute = $this->getConf('GroupAttribute');
     $nameattribute = $this->getConf('GroupNameAttribute');
     // We actually want to search for * not \2a, ensure we don't escape *
     $value = $dn;
     if ($value != "*") {
         $value = $this->getLdapEscapedString($value);
     }
     $proxyagent = $this->getConf('ProxyAgent');
     if ($proxyagent) {
         // We'll try to bind as the proxyagent as the proxyagent should normally have more
         // rights than the user. If the proxyagent fails to bind, we will still be able
         // to search as the normal user (which is why we don't return on fail).
         $this->printDebug("Binding as the proxyagent", NONSENSITIVE);
         $this->bindAs($proxyagent, $this->getConf('ProxyAgentPassword'));
     }
     $groups = array("short" => array(), "dn" => array());
     // AD does not include the primary group in the list of groups, we have to find it ourselves.
     // TODO: find a way to only do this search for AD domains.
     if ($dn != "*") {
         $PGfilter = "(&(distinguishedName={$value})(objectclass=user))";
         $this->printDebug("User Filter: {$PGfilter}", SENSITIVE);
         $PGinfo = LdapAuthenticationPlugin::ldap_search($this->ldapconn, $base, $PGfilter);
         $PGentries = LdapAuthenticationPlugin::ldap_get_entries($this->ldapconn, $PGinfo);
         if ($PGentries) {
             $Usid = $PGentries[0]['objectsid'][0];
             $PGrid = $PGentries[0]['primarygroupid'][0];
             $PGsid = bin2hex($Usid);
             $PGSID = array();
             for ($i = 0; $i < 56; $i += 2) {
                 $PGSID[] = substr($PGsid, $i, 2);
             }
             $dPGrid = dechex($PGrid);
             $dPGrid = str_pad($dPGrid, 8, '0', STR_PAD_LEFT);
             $PGRID = array();
             for ($i = 0; $i < 8; $i += 2) {
                 array_push($PGRID, substr($dPGrid, $i, 2));
             }
             for ($i = 24; $i < 28; $i++) {
                 $PGSID[$i] = array_pop($PGRID);
             }
             $PGsid_string = '';
             foreach ($PGSID as $PGsid_bit) {
                 $PGsid_string .= "\\" . $PGsid_bit;
             }
             $PGfilter = "(&(objectSid={$PGsid_string})(objectclass={$objectclass}))";
             $this->printDebug("Primary Group Filter: {$PGfilter}", SENSITIVE);
             $info = LdapAuthenticationPlugin::ldap_search($this->ldapconn, $base, $PGfilter);
             $PGentries = LdapAuthenticationPlugin::ldap_get_entries($this->ldapconn, $info);
             array_shift($PGentries);
             $dnMember = strtolower($PGentries[0]['dn']);
             $groups["dn"][] = $dnMember;
             // Get short name of group
             $memAttrs = explode(',', strtolower($dnMember));
             if (isset($memAttrs[0])) {
                 $memAttrs = explode('=', $memAttrs[0]);
                 if (isset($memAttrs[0])) {
                     $groups["short"][] = strtolower($memAttrs[1]);
                 }
             }
         }
     }
     $filter = "(&({$attribute}={$value})(objectclass={$objectclass}))";
     $this->printDebug("Search string: {$filter}", SENSITIVE);
     $info = LdapAuthenticationPlugin::ldap_search($this->ldapconn, $base, $filter);
     if (!$info) {
         $this->printDebug("No entries returned from search.", SENSITIVE);
         // Return an array so that other functions
         // don't error out.
         return array("short" => array(), "dn" => array());
     }
     $entries = LdapAuthenticationPlugin::ldap_get_entries($this->ldapconn, $info);
     if ($entries) {
         // We need to shift because the first entry will be a count
         array_shift($entries);
         // Let's get a list of both full dn groups and shortname groups
         foreach ($entries as $entry) {
             $shortMember = strtolower($entry[$nameattribute][0]);
             $dnMember = strtolower($entry['dn']);
             $groups["short"][] = $shortMember;
             $groups["dn"][] = $dnMember;
         }
     }
     $this->printDebug("Returned groups:", SENSITIVE, $groups["dn"]);
     return $groups;
 }
	/**
	 * Hook to add objectclasses and attributes for users that already exist, but have
	 * missing information.
	 *
	 * @static
	 * @param  $auth
	 * @return bool
	 */
	static function LDAPSetNovaInfo( $auth ) {
		global $wgMemc;

		OpenStackNovaLdapConnection::connect();
		$result = LdapAuthenticationPlugin::ldap_read( $auth->ldapconn, $auth->userInfo[0]['dn'], '(objectclass=*)', array( 'secretkey', 'accesskey', 'objectclass' ) );
		$userInfo = LdapAuthenticationPlugin::ldap_get_entries( $auth->ldapconn, $result );
		if ( !isset( $userInfo[0]['accesskey'] ) or !isset( $userInfo[0]['secretkey'] ) ) {
			$objectclasses = $userInfo[0]['objectclass'];
			# First entry is a count
			array_shift( $objectclasses );
			if ( !in_array( 'novauser', $objectclasses ) ) {
				$values['objectclass'] = array();
				# ldap_modify for objectclasses requires the array indexes be sequential.
				# It is stupid, yes.
				foreach ( $objectclasses as $objectclass ) {
					$values['objectclass'][] = $objectclass;
				}
				$values['objectclass'][] = 'novauser';
			}
			$values['accesskey'] = OpenStackNovaUser::uuid4();
			$values['secretkey'] = OpenStackNovaUser::uuid4();
			$values['isnovaadmin'] = 'FALSE';

			$success = LdapAuthenticationPlugin::ldap_modify( $auth->ldapconn, $auth->userdn, $values );
			if ( $success ) {
				$key = wfMemcKey( 'ldapauthentication', 'userinfo', $auth->userdn );
				$wgMemc->delete( $key );
				$auth->printDebug( "Successfully modified the user's nova attributes", NONSENSITIVE );
				return true;
			} else {
				$auth->printDebug( "Failed to modify the user's nova attributes.", NONSENSITIVE );
				# Always return true, other hooks should still run, even if this fails
				return true;
			}
		} else {
			$auth->printDebug( "User has accesskey and secretkey set.", NONSENSITIVE );
			return true;
		}
	}
 static function AbortNewAccount($user, &$message)
 {
     global $wgRequest;
     global $wgAuth;
     global $wgUser;
     $shellaccountname = $wgRequest->getText('shellaccountname');
     if (!preg_match("/^[a-z][a-z0-9\\-_]*\$/", $shellaccountname)) {
         $wgAuth->printDebug("Invalid shell name {$shellaccountname}", NONSENSITIVE);
         $message = wfMessage('openstackmanager-shellaccountvalidationfail')->parse();
         return false;
     }
     $base = USERDN;
     $result = LdapAuthenticationPlugin::ldap_search($wgAuth->ldapconn, $base, "(uid={$shellaccountname})");
     if ($result) {
         $entries = LdapAuthenticationPlugin::ldap_get_entries($wgAuth->ldapconn, $result);
         if ((int) $entries['count'] > 0) {
             $wgAuth->printDebug("User {$shellaccountname} already exists.", NONSENSITIVE);
             $message = wfMessage('openstackmanager-shellaccountexists')->parse();
             return false;
         }
     }
     if (class_exists('TitleBlacklist')) {
         return TitleBlacklistHooks::acceptNewUserName($shellaccountname, $wgUser, $message, $override = false, $log = true);
     } else {
         return true;
     }
 }
예제 #12
0
 /**
  * Pulls all projects from LDAP and adds them as MediaWiki namespaces. Also adds
  * associated talk namespaces. This function must be called from LocalSettings.
  *
  * @static
  * @return void
  */
 static function addNamespaces()
 {
     global $wgAuth;
     global $wgOpenStackManagerLDAPProjectBaseDN;
     global $wgExtraNamespaces;
     OpenStackNovaLdapConnection::connect();
     $result = LdapAuthenticationPlugin::ldap_search($wgAuth->ldapconn, $wgOpenStackManagerLDAPProjectBaseDN, 'owner=*');
     $entries = LdapAuthenticationPlugin::ldap_get_entries($wgAuth->ldapconn, $result);
     if ($entries) {
         array_shift($entries);
         foreach ($entries as $entry) {
             $id = (int) $entry['gidnumber'][0];
             $talkid = $id + 1;
             $name = ucwords($entry['cn'][0]);
             $wgAuth->printDebug("Adding namespace {$name}", NONSENSITIVE);
             $wgExtraNamespaces[$id] = $name;
             $wgExtraNamespaces[$talkid] = $name . '_talk';
         }
     } else {
         $wgAuth->printDebug("Failed to find projects", NONSENSITIVE);
     }
 }
 public function execute()
 {
     global $wgOpenStackManagerLDAPUsername;
     global $wgAuth;
     $user = new OpenStackNovaUser($wgOpenStackManagerLDAPUsername);
     $projects = OpenStackNovaProject::getAllProjects();
     $failedSync = false;
     $attempt_count = 0;
     $synced_count = 0;
     $failed_count = 0;
     /**
      * @var $project OpenStackNovaProject
      */
     foreach ($projects as $project) {
         // actually load the project info from ldap
         // (getAllProjects() doesn't do this)
         $project->fetchProjectInfo();
         $projectName = $project->getProjectName();
         $oldServiceGroupOUDN = 'ou=groups,' . $project->getProjectDN();
         $oldServiceUserOUDN = 'ou=people,' . $project->getProjectDN();
         $result = LdapAuthenticationPlugin::ldap_search($wgAuth->ldapconn, $oldServiceGroupOUDN, '(objectclass=groupofnames)');
         if ($result) {
             $this->serviceGroups = array();
             $groupList = LdapAuthenticationPlugin::ldap_get_entries($wgAuth->ldapconn, $result);
             if (isset($groupList)) {
                 array_shift($groupList);
                 foreach ($groupList as $groupEntry) {
                     $deleteme = "cn=" . $groupEntry['cn'][0] . "," . $oldServiceGroupOUDN;
                     print "needs deleting: " . $deleteme . "...";
                     $attempt_count++;
                     $success = LdapAuthenticationPlugin::ldap_delete($wgAuth->ldapconn, $deleteme);
                     if ($success) {
                         $synced_count++;
                         print "done.\n";
                     } else {
                         $failed_count++;
                         print "FAILED\n";
                     }
                 }
             }
         }
         $result = LdapAuthenticationPlugin::ldap_search($wgAuth->ldapconn, $oldServiceUserOUDN, '(objectclass=person)');
         if ($result) {
             $this->serviceGroups = array();
             $groupList = LdapAuthenticationPlugin::ldap_get_entries($wgAuth->ldapconn, $result);
             if (isset($groupList)) {
                 array_shift($groupList);
                 foreach ($groupList as $groupEntry) {
                     $deleteme = "uid=" . $groupEntry['cn'][0] . "," . $oldServiceUserOUDN;
                     print "user needs deleting: " . $deleteme . "...";
                     $attempt_count++;
                     $success = LdapAuthenticationPlugin::ldap_delete($wgAuth->ldapconn, $deleteme);
                     if ($success) {
                         $synced_count++;
                         print "done.\n";
                     } else {
                         $failed_count++;
                         print "FAILED\n";
                     }
                 }
             }
         }
         $deleteme = $oldServiceGroupOUDN;
         print "ou needs deleting: " . $deleteme . "...";
         $attempt_count++;
         $success = LdapAuthenticationPlugin::ldap_delete($wgAuth->ldapconn, $deleteme);
         if ($success) {
             $synced_count++;
             print "done.\n";
         } else {
             $failed_count++;
             print "FAILED\n";
         }
         $deleteme = $oldServiceUserOUDN;
         print "ou needs deleting: " . $deleteme . "...";
         $attempt_count++;
         $success = LdapAuthenticationPlugin::ldap_delete($wgAuth->ldapconn, $deleteme);
         if ($success) {
             $synced_count++;
             print "done.\n";
         } else {
             $failed_count++;
             print "FAILED\n";
         }
     }
     $this->output("{$attempt_count} items needed cleanup. {$synced_count} removed, {$failed_count} failed.\n");
     $this->output("Done.\n");
     return $failed_count == 0;
 }
	/**
	 * Deletes a domain based on the domain's short name. Will fail to
	 * delete the domain if any host entries still exist in the domain.
	 *
	 * @static
	 * @param  $domainname
	 * @return bool
	 */
	static function deleteDomain( $domainname ) {
		global $wgAuth;

		OpenStackNovaLdapConnection::connect();

		$domain = new OpenStackNovaDomain( $domainname );
		if ( ! $domain ) {
			$wgAuth->printDebug( "Domain $domainname does not exist", NONSENSITIVE );
			return false;
		}
		$dn = $domain->domainDN;

		# Domains can have records as sub entries. If sub-entries exist, fail.
		$result = LdapAuthenticationPlugin::ldap_list( $wgAuth->ldapconn, $dn, 'objectclass=*' );
		$hosts = LdapAuthenticationPlugin::ldap_get_entries( $wgAuth->ldapconn, $result );
		if ( $hosts['count'] != "0" ) {
			$wgAuth->printDebug( "Failed to delete domain $domainname, since it had sub entries", NONSENSITIVE );
			return false;
		}

		$success = LdapAuthenticationPlugin::ldap_delete( $wgAuth->ldapconn, $dn );
		if ( $success ) {
			$wgAuth->printDebug( "Successfully deleted domain $domainname", NONSENSITIVE );
			return true;
		} else {
			$wgAuth->printDebug( "Failed to delete domain $domainname, since it had sub entries", NONSENSITIVE );
			return false;
		}
	}
	/**
	 * Get all host entries in the specified domain. Returns an empty array
	 * if no entries are found.
	 *
	 * @static
	 * @param  $domain OpenStackNovaDomain
	 * @return array
	 */
	static function getAllHosts( $domain ) {
		global $wgAuth;

		OpenStackNovaLdapConnection::connect();

		$hosts = array();
		$result = LdapAuthenticationPlugin::ldap_search( $wgAuth->ldapconn, $domain->domainDN, '(dc=*)' );
		if ( $result ) {
			$entries = LdapAuthenticationPlugin::ldap_get_entries( $wgAuth->ldapconn, $result );
			if ( $entries ) {
				# First entry is always a count
				array_shift( $entries );
				foreach ( $entries as $entry ) {
					$hosts[] = new OpenStackNovaHost( $entry['dc'][0], $domain );
				}
			}
		}

		return $hosts;
	}
 /**
  * Deletes a project based on project name. This function will also delete all roles
  * associated with the project.
  *
  * @param  $projectname String
  * @return bool
  */
 static function deleteProject($projectname)
 {
     global $wgAuth;
     OpenStackNovaLdapConnection::connect();
     $project = new OpenStackNovaProject($projectname);
     if (!$project) {
         return false;
     }
     $dn = $project->projectDN;
     # Projects can have roles as sub-entries, we need to delete them first
     $result = LdapAuthenticationPlugin::ldap_list($wgAuth->ldapconn, $dn, 'objectclass=*');
     $roles = LdapAuthenticationPlugin::ldap_get_entries($wgAuth->ldapconn, $result);
     array_shift($roles);
     foreach ($roles as $role) {
         $roledn = $role['dn'];
         $success = LdapAuthenticationPlugin::ldap_delete($wgAuth->ldapconn, $roledn);
         if ($success) {
             $wgAuth->printDebug("Successfully deleted role {$roledn}", NONSENSITIVE);
         } else {
             $wgAuth->printDebug("Failed to delete role {$roledn}", NONSENSITIVE);
         }
     }
     # Projects can have a separate group entry.  If so, delete it now.
     if (OpenStackNovaProject::useProjectGroup()) {
         OpenStackNovaProjectGroup::deleteProjectGroup($projectname);
     }
     # Projects have a sudo OU and sudoers entries below that OU, we must delete them first
     $sudoers = OpenStackNovaSudoer::getAllSudoersByProject($project->getProjectName());
     foreach ($sudoers as $sudoer) {
         $success = OpenStackNovaSudoer::deleteSudoer($sudoer->getSudoerName(), $project->getProjectName());
         if ($success) {
             $wgAuth->printDebug("Successfully deleted sudoer " . $sudoer->getSudoerName(), NONSENSITIVE);
         } else {
             $wgAuth->printDebug("Failed to delete sudoer " . $sudoer->getSudoerName(), NONSENSITIVE);
         }
     }
     $success = LdapAuthenticationPlugin::ldap_delete($wgAuth->ldapconn, $project->getSudoersDN());
     if ($success) {
         $wgAuth->printDebug("Successfully deleted sudoers OU " . $project->getSudoersDN(), NONSENSITIVE);
     } else {
         $wgAuth->printDebug("Failed to delete sudoers OU " . $project->getSudoersDN(), NONSENSITIVE);
     }
     # And, we need to clean up service groups.
     $servicegroups = $project->getServiceGroups();
     foreach ($servicegroups as $group) {
         $groupName = $group->groupName;
         $success = OpenStackNovaServiceGroup::deleteServiceGroup($groupName, $project);
         if ($success) {
             $wgAuth->printDebug("Successfully deleted service group " . $groupName, NONSENSITIVE);
         } else {
             $wgAuth->printDebug("Failed to delete servie group " . $groupName, NONSENSITIVE);
         }
     }
     $success = LdapAuthenticationPlugin::ldap_delete($wgAuth->ldapconn, $dn);
     if ($success) {
         $wgAuth->printDebug("Successfully deleted project {$projectname}", NONSENSITIVE);
         return true;
     } else {
         $wgAuth->printDebug("Failed to delete project {$projectname}", NONSENSITIVE);
         return false;
     }
 }