mirror of
https://git.code.sf.net/p/seeddms/code
synced 2025-03-12 08:55:54 +00:00
clean up and test ldap code
This commit is contained in:
Uwe Steinmann
parent
92554f64aa
commit
41469a4570
|
|
@ -69,37 +69,40 @@ if ((!isset($pwd) || strlen($pwd)==0) && ($login != $guestUser->getLogin())) {
|
|||
// LDAP Sign In
|
||||
//
|
||||
|
||||
/* new code by doudoux - TO BE TESTED */
|
||||
if (isset($settings->_ldapBaseDN)) {
|
||||
$ldapSearchAttribut = "uid=";
|
||||
$tmpDN = "uid=".$login.",".$settings->_ldapBaseDN;
|
||||
}
|
||||
|
||||
if (isset($settings->_ldapType))
|
||||
{
|
||||
if ($settings->_ldapType==1)
|
||||
{
|
||||
$ldapSearchAttribut = "sAMAccountName=";
|
||||
$tmpDN = $login.'@'.$settings->_ldapAccountDomainName;
|
||||
}
|
||||
}
|
||||
/* end of new code */
|
||||
|
||||
|
||||
/* Initialy set $user to false. It will contain a valid user record
|
||||
* if authentication against ldap succeeds.
|
||||
* _ldapHost will only have a value if the ldap connector has been enabled
|
||||
*/
|
||||
$user = false;
|
||||
if (isset($settings->_ldapHost) && strlen($settings->_ldapHost)>0) {
|
||||
if (isset($settings->_ldapPort) && is_int($settings->_ldapPort)) {
|
||||
$ds = ldap_connect($settings->_ldapHost, $settings->_ldapPort);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
$ds = ldap_connect($settings->_ldapHost);
|
||||
}
|
||||
|
||||
if (!is_bool($ds)) {
|
||||
/* Check if ldap base dn is set, and use ldap server if it is */
|
||||
if (isset($settings->_ldapBaseDN)) {
|
||||
$ldapSearchAttribut = "uid=";
|
||||
$tmpDN = "uid=".$login.",".$settings->_ldapBaseDN;
|
||||
}
|
||||
|
||||
/* Active directory has a different base dn */
|
||||
if (isset($settings->_ldapType)) {
|
||||
if ($settings->_ldapType==1) {
|
||||
$ldapSearchAttribut = "sAMAccountName=";
|
||||
$tmpDN = $login.'@'.$settings->_ldapAccountDomainName;
|
||||
}
|
||||
}
|
||||
|
||||
// Ensure that the LDAP connection is set to use version 3 protocol.
|
||||
// Required for most authentication methods, including SASL.
|
||||
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
|
||||
|
||||
// try an authenticated/anonymous bind first. If it succeeds, get the DN for the user.
|
||||
// try an authenticated/anonymous bind first.
|
||||
// If it succeeds, get the DN for the user and use it for an authentication
|
||||
// with the users password.
|
||||
$bind = false;
|
||||
if (isset($settings->_ldapBindDN)) {
|
||||
$bind = @ldap_bind($ds, $settings->_ldapBindDN, $settings->_ldapBindPw);
|
||||
|
|
@ -107,55 +110,34 @@ if (isset($settings->_ldapHost) && strlen($settings->_ldapHost)>0) {
|
|||
$bind = @ldap_bind($ds);
|
||||
}
|
||||
$dn = false;
|
||||
|
||||
/* new code by doudoux - TO BE TESTED */
|
||||
if ($bind) {
|
||||
$search = ldap_search($ds, $settings->_ldapBaseDN, $ldapSearchAttribut.$login);
|
||||
if (!is_bool($search)) {
|
||||
$info = ldap_get_entries($ds, $search);
|
||||
if (!is_bool($info) && $info["count"]>0) {
|
||||
$dn = $info[0]['dn'];
|
||||
}
|
||||
}
|
||||
}
|
||||
/* end of new code */
|
||||
|
||||
/* old code */
|
||||
if ($bind) {
|
||||
$search = ldap_search($ds, $settings->_ldapBaseDN, "uid=".$login);
|
||||
/* If bind succeed, then get the dn of for the user */
|
||||
if ($bind) {
|
||||
$search = ldap_search($ds, $settings->_ldapBaseDN, $ldapSearchAttribut.$login);
|
||||
if (!is_bool($search)) {
|
||||
$info = ldap_get_entries($ds, $search);
|
||||
if (!is_bool($info) && $info["count"]>0) {
|
||||
$dn = $info[0]['dn'];
|
||||
}
|
||||
}
|
||||
}
|
||||
/* end of old code */
|
||||
}
|
||||
|
||||
|
||||
/* If the previous bind failed, try it with the users creditionals
|
||||
* by simply setting $dn to a default string
|
||||
*/
|
||||
if (is_bool($dn)) {
|
||||
// This is the fallback position, in case the anonymous bind does not
|
||||
// succeed.
|
||||
|
||||
/* new code by doudoux - TO BE TESTED */
|
||||
$dn = $tmpDN;
|
||||
/* old code */
|
||||
//$dn = "uid=".$login.",".$settings->_ldapBaseDN;
|
||||
|
||||
}
|
||||
|
||||
/* No do the actual authentication of the user */
|
||||
$bind = @ldap_bind($ds, $dn, $pwd);
|
||||
if ($bind) {
|
||||
// Successfully authenticated. Now check to see if the user exists within
|
||||
// the database. If not, add them in, but do not add their password.
|
||||
// the database. If not, add them in if _restricted is not set,
|
||||
// but do not add their password.
|
||||
$user = $dms->getUserByLogin($login);
|
||||
if (is_bool($user) && !$settings->_restricted) {
|
||||
// Retrieve the user's LDAP information.
|
||||
|
||||
|
||||
/* new code by doudoux - TO BE TESTED */
|
||||
$search = ldap_search($ds, $settings->_ldapBaseDN, $ldapSearchAttribut . $login);
|
||||
/* old code */
|
||||
//$search = ldap_search($ds, $dn, "uid=".$login);
|
||||
|
||||
if (!is_bool($search)) {
|
||||
$info = ldap_get_entries($ds, $search);
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user