gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-03-12 08:55:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge branch 'seeddms-5.1.x' into seeddms-6.0.x

Browse Source
This commit is contained in:
Uwe Steinmann 2023-08-18 08:00:12 +02:00
commit 5f00ebd852
3 changed files with 96 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

110
inc/inc.ClassLdapAuthentication.php
View File

@ -26,7 +26,55 @@ class SeedDMS_LdapAuthentication extends SeedDMS_Authentication {
var $dms; var $dms;
var $settings; var $settings;
protected function addUser($username, $info) {
return $this->dms->addUser($username, null, $info['cn'][0], $info['mail'][0], $settings->_language, $settings->_theme, "", 0);
}
protected function updateUser($user, $info) {
if(isset($info['cn'][0]) && ($info['cn'][0] != $user->getFullName())) {
$user->setFullName($info['cn'][0]);
}
if(isset($info['mail'][0]) && ($info['mail'][0] != $user->getEmail())) {
$user->setEmail($info['mail'][0]);
}
}
protected function syncGroups($user, $ldapgroups) {
$groupnames = [];
$count = 0;
if(isset($ldapgroups['count']))
$count = (int) $ldapgroups['count'];
for ($i = 0; $i < $count; $i++) {
$tmp = ldap_explode_dn($ldapgroups[$i], 1);
if (!in_array($tmp[0], $groupnames)) {
$groupnames[] = $tmp[0];
}
}
/* Remove user from all groups not listed in LDAP */
$usergroups = $user->getGroups();
foreach($usergroups as $usergroup) {
if(!in_array($usergroup->getName(), $groupnames))
$user->leaveGroup($usergroup);
}
/* Add new groups and make user a member of it */
if($groupnames) {
foreach($groupnames as $groupname) {
$group = $this->dms->getGroupByName($groupname);
if($group) { /* Group already exists, just join it */
$user->joinGroup($group);
} else { /* Add group and join it */
$newgroup = $this->dms->addGroup($groupname, 'Added during LDAP Authentication');
if($newgroup) {
$user->joinGroup($newgroup);
}
}
}
}
}
public function __construct($dms, $settings) { /* {{{ */ public function __construct($dms, $settings) { /* {{{ */
$this->dms = $dms; $this->dms = $dms;
@ -115,35 +163,57 @@ class SeedDMS_LdapAuthentication extends SeedDMS_Authentication {
$dn = $tmpDN; $dn = $tmpDN;
} }
/* Now do the actual authentication of the user */ /* Check if user already exists in the database. Return with an error
$bind = @ldap_bind($ds, $dn, $password); * only if the sql statements fails, but not if no user was found.
*/
$user = $dms->getUserByLogin($username); $user = $dms->getUserByLogin($username);
if($user === false) { if($user === false) {
ldap_close($ds); ldap_close($ds);
return false; return false;
} }
if ($bind) {
// Successfully authenticated. Now check to see if the user exists within
// the database. If not, add them in if _restricted is not set,
// but do not add their password.
if (is_null($user) && !$settings->_restricted) {
// Retrieve the user's LDAP information.
if (isset($settings->_ldapFilter) && strlen($settings->_ldapFilter) > 0) {
$search = ldap_search($ds, $settings->_ldapBaseDN, "(&(".$ldapSearchAttribut.$username.")".$settings->_ldapFilter.")");
} else {
$search = ldap_search($ds, $settings->_ldapBaseDN, $ldapSearchAttribut.$username);
}
if (!is_bool($search)) { /* Now do the actual authentication of the user */
$info = ldap_get_entries($ds, $search); $bind = @ldap_bind($ds, $dn, $password);
if (!$bind) {
ldap_close($ds);
return false;
}
if (!is_bool($info) && $info["count"]==1 && $info[0]["count"]>0) { // Successfully authenticated. Now check to see if the user exists within
$user = $dms->addUser($username, null, $info[0]['cn'][0], $info[0]['mail'][0], $settings->_language, $settings->_theme, "", 3); // the database. If not, add them in if _restricted is not set,
// but do not add their password.
if (!$settings->_restricted) {
// Retrieve the user's LDAP information.
if (isset($settings->_ldapFilter) && strlen($settings->_ldapFilter) > 0) {
$search = ldap_search($ds, $settings->_ldapBaseDN, "(&(".$ldapSearchAttribut.$username.")".$settings->_ldapFilter.")");
} else {
$search = ldap_search($ds, $settings->_ldapBaseDN, $ldapSearchAttribut.$username);
}
if (!is_bool($search)) {
$info = ldap_get_entries($ds, $search);
if (!is_bool($info) && $info["count"]==1 && $info[0]["count"]>0) {
if (is_null($user)) {
$user = $this->addUser($username, $info[0]);
} else {
$this->updateUser($user, $info[0]);
}
/*
$this->syncGroups($user, [
'count'=>4,
0=>'CN=vergussmaschine_networkfolder,OU=groups,OU=sanube,DC=SALLABERGER,DC=local',
1=>'CN=Limesurvey,OU=groups,OU=sanube,DC=SALLABERGER,DC=local',
2=>'CN=Altium365,OU=groups,OU=sanube,DC=SALLABERGER,DC=local',
3=>'CN=Domain Admins,OU=groups,OU=sanube,DC=SALLABERGER,DC=local'
]
);
*/
if(!empty($settings->_ldapGroupField) && !empty($info[0][$settings->_ldapGroupField])) {
$this->syncGroups($user, $info[0][$settings->_ldapGroupField]);
} }
} }
} }
} elseif($user) {
$user = false;
} }
ldap_close($ds); ldap_close($ds);

5
inc/inc.ClassSettings.php
View File

@ -373,6 +373,9 @@ class Settings { /* {{{ */
// Used only by AD <username>@_ldapAccountDomainName will be used for a bind // Used only by AD <username>@_ldapAccountDomainName will be used for a bind
// when the user is validated // when the user is validated
var $_ldapAccountDomainName = ""; var $_ldapAccountDomainName = "";
// Name of the ldap field containing the groups of the user, e.g. memeberOf
// This field must contain the DN of the groups
var $_ldapGroupField = "";
// Type of Ldap server: 0 = ldap; 1 = AD // Type of Ldap server: 0 = ldap; 1 = AD
var $_ldapType = 1; var $_ldapType = 1;
// Additional filter when searching for the user. If not set, the user will be searched // Additional filter when searching for the user. If not set, the user will be searched
@ -704,6 +707,7 @@ class Settings { /* {{{ */
$this->_ldapBindPw = strVal($connectorNode["bindPw"]); $this->_ldapBindPw = strVal($connectorNode["bindPw"]);
$this->_ldapType = 0; $this->_ldapType = 0;
$this->_ldapFilter = strVal($connectorNode["filter"]); $this->_ldapFilter = strVal($connectorNode["filter"]);
$this->_ldapGroupField = strVal($connectorNode["groupField"]);
} }
else if ($params['enable'] && ($typeConn == "AD")) else if ($params['enable'] && ($typeConn == "AD"))
{ {
@ -715,6 +719,7 @@ class Settings { /* {{{ */
$this->_ldapType = 1; $this->_ldapType = 1;
$this->_ldapFilter = strVal($connectorNode["filter"]); $this->_ldapFilter = strVal($connectorNode["filter"]);
$this->_ldapAccountDomainName = strVal($connectorNode["accountDomainName"]); $this->_ldapAccountDomainName = strVal($connectorNode["accountDomainName"]);
$this->_ldapGroupField = strVal($connectorNode["groupField"]);
} }
} }

1
views/bootstrap/class.Info.php
View File

@ -140,6 +140,7 @@ class SeedDMS_View_Info extends SeedDMS_Theme_Style {
echo "<th>".getMLText("directory_check_result")."</th>\n"; echo "<th>".getMLText("directory_check_result")."</th>\n";
echo "</tr>\n</thead>\n<tbody>\n"; echo "</tr>\n</thead>\n<tbody>\n";
check_result('directory_check_ext_exists', is_dir($settings->_rootDir."/ext")); check_result('directory_check_ext_exists', is_dir($settings->_rootDir."/ext"));
check_result('directory_check_ext_below_docroot', is_dir($_SERVER['DOCUMENT_ROOT']."/ext"));
check_result('directory_check_ext_writable', is_writable($settings->_rootDir."/ext")); check_result('directory_check_ext_writable', is_writable($settings->_rootDir."/ext"));
check_result('directory_check_data_exists', is_dir($settings->_contentDir)); check_result('directory_check_data_exists', is_dir($settings->_contentDir));
check_result('directory_check_data_writable', is_writable($settings->_contentDir)); check_result('directory_check_data_writable', is_writable($settings->_contentDir));