gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-10-31 05:11:27 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

clean up and test ldap code

Browse Source
This commit is contained in:
Uwe Steinmann 2014-02-01 21:52:45 +01:00
parent 92554f64aa
commit 41469a4570
1 changed files with 34 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

82
op/op.Login.php
View File

@ -69,37 +69,40 @@ if ((!isset($pwd) || strlen($pwd)==0) && ($login != $guestUser->getLogin())) {
// LDAP Sign In // LDAP Sign In
// //
/* new code by doudoux - TO BE TESTED */ /* Initialy set $user to false. It will contain a valid user record
if (isset($settings->_ldapBaseDN)) { * if authentication against ldap succeeds.
$ldapSearchAttribut = "uid="; * _ldapHost will only have a value if the ldap connector has been enabled
$tmpDN = "uid=".$login.",".$settings->_ldapBaseDN; */
}
if (isset($settings->_ldapType))
{
if ($settings->_ldapType==1)
{
$ldapSearchAttribut = "sAMAccountName=";
$tmpDN = $login.'@'.$settings->_ldapAccountDomainName;
}
}
/* end of new code */
$user = false; $user = false;
if (isset($settings->_ldapHost) && strlen($settings->_ldapHost)>0) { if (isset($settings->_ldapHost) && strlen($settings->_ldapHost)>0) {
if (isset($settings->_ldapPort) && is_int($settings->_ldapPort)) { if (isset($settings->_ldapPort) && is_int($settings->_ldapPort)) {
$ds = ldap_connect($settings->_ldapHost, $settings->_ldapPort); $ds = ldap_connect($settings->_ldapHost, $settings->_ldapPort);
} } else {
else {
$ds = ldap_connect($settings->_ldapHost); $ds = ldap_connect($settings->_ldapHost);
} }
if (!is_bool($ds)) { if (!is_bool($ds)) {
/* Check if ldap base dn is set, and use ldap server if it is */
if (isset($settings->_ldapBaseDN)) {
$ldapSearchAttribut = "uid=";
$tmpDN = "uid=".$login.",".$settings->_ldapBaseDN;
}
/* Active directory has a different base dn */
if (isset($settings->_ldapType)) {
if ($settings->_ldapType==1) {
$ldapSearchAttribut = "sAMAccountName=";
$tmpDN = $login.'@'.$settings->_ldapAccountDomainName;
}
}
// Ensure that the LDAP connection is set to use version 3 protocol. // Ensure that the LDAP connection is set to use version 3 protocol.
// Required for most authentication methods, including SASL. // Required for most authentication methods, including SASL.
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
// try an authenticated/anonymous bind first. If it succeeds, get the DN for the user. // try an authenticated/anonymous bind first.
// If it succeeds, get the DN for the user and use it for an authentication
// with the users password.
$bind = false; $bind = false;
if (isset($settings->_ldapBindDN)) { if (isset($settings->_ldapBindDN)) {
$bind = @ldap_bind($ds, $settings->_ldapBindDN, $settings->_ldapBindPw); $bind = @ldap_bind($ds, $settings->_ldapBindDN, $settings->_ldapBindPw);
@ -107,22 +110,9 @@ if (isset($settings->_ldapHost) && strlen($settings->_ldapHost)>0) {
$bind = @ldap_bind($ds); $bind = @ldap_bind($ds);
} }
$dn = false; $dn = false;
/* If bind succeed, then get the dn of for the user */
/* new code by doudoux - TO BE TESTED */
if ($bind) {
$search = ldap_search($ds, $settings->_ldapBaseDN, $ldapSearchAttribut.$login);
if (!is_bool($search)) {
$info = ldap_get_entries($ds, $search);
if (!is_bool($info) && $info["count"]>0) {
$dn = $info[0]['dn'];
}
}
}
/* end of new code */
/* old code */
if ($bind) { if ($bind) {
$search = ldap_search($ds, $settings->_ldapBaseDN, "uid=".$login); $search = ldap_search($ds, $settings->_ldapBaseDN, $ldapSearchAttribut.$login);
if (!is_bool($search)) { if (!is_bool($search)) {
$info = ldap_get_entries($ds, $search); $info = ldap_get_entries($ds, $search);
if (!is_bool($info) && $info["count"]>0) { if (!is_bool($info) && $info["count"]>0) {
@ -130,32 +120,24 @@ if (isset($settings->_ldapHost) && strlen($settings->_ldapHost)>0) {
} }
} }
} }
/* end of old code */
/* If the previous bind failed, try it with the users creditionals
* by simply setting $dn to a default string
*/
if (is_bool($dn)) { if (is_bool($dn)) {
// This is the fallback position, in case the anonymous bind does not
// succeed.
/* new code by doudoux - TO BE TESTED */
$dn = $tmpDN; $dn = $tmpDN;
/* old code */
//$dn = "uid=".$login.",".$settings->_ldapBaseDN;
} }
/* No do the actual authentication of the user */
$bind = @ldap_bind($ds, $dn, $pwd); $bind = @ldap_bind($ds, $dn, $pwd);
if ($bind) { if ($bind) {
// Successfully authenticated. Now check to see if the user exists within // Successfully authenticated. Now check to see if the user exists within
// the database. If not, add them in, but do not add their password. // the database. If not, add them in if _restricted is not set,
// but do not add their password.
$user = $dms->getUserByLogin($login); $user = $dms->getUserByLogin($login);
if (is_bool($user) && !$settings->_restricted) { if (is_bool($user) && !$settings->_restricted) {
// Retrieve the user's LDAP information. // Retrieve the user's LDAP information.
/* new code by doudoux - TO BE TESTED */
$search = ldap_search($ds, $settings->_ldapBaseDN, $ldapSearchAttribut . $login); $search = ldap_search($ds, $settings->_ldapBaseDN, $ldapSearchAttribut . $login);
/* old code */
//$search = ldap_search($ds, $dn, "uid=".$login);
if (!is_bool($search)) { if (!is_bool($search)) {
$info = ldap_get_entries($ds, $search); $info = ldap_get_entries($ds, $search);