In both v9 and v10, both Code Repository and Help state, that (after successfully authorizing the user)
function User_CustomValidate(&$usr, &$pwd) {
....
if ($ldapconn && ldap_bind($ldapconn, $usr, $pwd)) {
$this->setCurrentUserName($usr); // Set the current user name
return TRUE;
}
}
I've come to situation, where I've used different variables for the ldap_bind() call instead of $usr, like:
$usr_domain = $usr . "@domain.addr.net";
ldap_bind($ldapconn, $usr_domain, $pwd);
$this->setCurrentUserName($usr_domain); // Set the current user name
and was finally surprised, that the current user name was missing "@domain.addr.net".
While digging in the code of class cAdvancedSecurity, it turned out, that in function ValidateUser(&$usr, ...), after return from User_CustomValidate(&$usr, ...), the current user name is immediately overwritten once again with
$this->setCurrentUserName($usr); // Load user name
and my modified user name was lost.
Regardless of whether my code was correct or useful, I think that the
$this->setCurrentUserName($usr); // Set the current user name
call (just after a successful ldap_bind()) should be omitted from the example and documentation and it should be stated instead, that the contents of &$usr will be used afterwards to set the authenticated username, shouldn't it?