mirror of
https://git.code.sf.net/p/seeddms/code
synced 2025-03-12 08:55:54 +00:00
Merge branch 'seeddms-5.1.x' into seeddms-6.0.x
This commit is contained in:
Uwe Steinmann
commit
5f00ebd852
|
|
@ -26,7 +26,55 @@ class SeedDMS_LdapAuthentication extends SeedDMS_Authentication {
|
|||
|
||||
var $dms;
|
||||
|
||||
var $settings;
|
||||
var $settings;
|
||||
|
||||
protected function addUser($username, $info) {
|
||||
return $this->dms->addUser($username, null, $info['cn'][0], $info['mail'][0], $settings->_language, $settings->_theme, "", 0);
|
||||
}
|
||||
|
||||
protected function updateUser($user, $info) {
|
||||
if(isset($info['cn'][0]) && ($info['cn'][0] != $user->getFullName())) {
|
||||
$user->setFullName($info['cn'][0]);
|
||||
}
|
||||
if(isset($info['mail'][0]) && ($info['mail'][0] != $user->getEmail())) {
|
||||
$user->setEmail($info['mail'][0]);
|
||||
}
|
||||
}
|
||||
|
||||
protected function syncGroups($user, $ldapgroups) {
|
||||
$groupnames = [];
|
||||
$count = 0;
|
||||
if(isset($ldapgroups['count']))
|
||||
$count = (int) $ldapgroups['count'];
|
||||
for ($i = 0; $i < $count; $i++) {
|
||||
$tmp = ldap_explode_dn($ldapgroups[$i], 1);
|
||||
if (!in_array($tmp[0], $groupnames)) {
|
||||
$groupnames[] = $tmp[0];
|
||||
}
|
||||
}
|
||||
|
||||
/* Remove user from all groups not listed in LDAP */
|
||||
$usergroups = $user->getGroups();
|
||||
foreach($usergroups as $usergroup) {
|
||||
if(!in_array($usergroup->getName(), $groupnames))
|
||||
$user->leaveGroup($usergroup);
|
||||
}
|
||||
|
||||
/* Add new groups and make user a member of it */
|
||||
if($groupnames) {
|
||||
foreach($groupnames as $groupname) {
|
||||
$group = $this->dms->getGroupByName($groupname);
|
||||
if($group) { /* Group already exists, just join it */
|
||||
$user->joinGroup($group);
|
||||
} else { /* Add group and join it */
|
||||
$newgroup = $this->dms->addGroup($groupname, 'Added during LDAP Authentication');
|
||||
if($newgroup) {
|
||||
$user->joinGroup($newgroup);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public function __construct($dms, $settings) { /* {{{ */
|
||||
$this->dms = $dms;
|
||||
|
|
@ -115,35 +163,57 @@ class SeedDMS_LdapAuthentication extends SeedDMS_Authentication {
|
|||
$dn = $tmpDN;
|
||||
}
|
||||
|
||||
/* Now do the actual authentication of the user */
|
||||
$bind = @ldap_bind($ds, $dn, $password);
|
||||
/* Check if user already exists in the database. Return with an error
|
||||
* only if the sql statements fails, but not if no user was found.
|
||||
*/
|
||||
$user = $dms->getUserByLogin($username);
|
||||
if($user === false) {
|
||||
ldap_close($ds);
|
||||
return false;
|
||||
}
|
||||
if ($bind) {
|
||||
// Successfully authenticated. Now check to see if the user exists within
|
||||
// the database. If not, add them in if _restricted is not set,
|
||||
// but do not add their password.
|
||||
if (is_null($user) && !$settings->_restricted) {
|
||||
// Retrieve the user's LDAP information.
|
||||
if (isset($settings->_ldapFilter) && strlen($settings->_ldapFilter) > 0) {
|
||||
$search = ldap_search($ds, $settings->_ldapBaseDN, "(&(".$ldapSearchAttribut.$username.")".$settings->_ldapFilter.")");
|
||||
} else {
|
||||
$search = ldap_search($ds, $settings->_ldapBaseDN, $ldapSearchAttribut.$username);
|
||||
}
|
||||
|
||||
if (!is_bool($search)) {
|
||||
$info = ldap_get_entries($ds, $search);
|
||||
/* Now do the actual authentication of the user */
|
||||
$bind = @ldap_bind($ds, $dn, $password);
|
||||
if (!$bind) {
|
||||
ldap_close($ds);
|
||||
return false;
|
||||
}
|
||||
|
||||
if (!is_bool($info) && $info["count"]==1 && $info[0]["count"]>0) {
|
||||
$user = $dms->addUser($username, null, $info[0]['cn'][0], $info[0]['mail'][0], $settings->_language, $settings->_theme, "", 3);
|
||||
// Successfully authenticated. Now check to see if the user exists within
|
||||
// the database. If not, add them in if _restricted is not set,
|
||||
// but do not add their password.
|
||||
if (!$settings->_restricted) {
|
||||
// Retrieve the user's LDAP information.
|
||||
if (isset($settings->_ldapFilter) && strlen($settings->_ldapFilter) > 0) {
|
||||
$search = ldap_search($ds, $settings->_ldapBaseDN, "(&(".$ldapSearchAttribut.$username.")".$settings->_ldapFilter.")");
|
||||
} else {
|
||||
$search = ldap_search($ds, $settings->_ldapBaseDN, $ldapSearchAttribut.$username);
|
||||
}
|
||||
|
||||
if (!is_bool($search)) {
|
||||
$info = ldap_get_entries($ds, $search);
|
||||
|
||||
if (!is_bool($info) && $info["count"]==1 && $info[0]["count"]>0) {
|
||||
if (is_null($user)) {
|
||||
$user = $this->addUser($username, $info[0]);
|
||||
} else {
|
||||
$this->updateUser($user, $info[0]);
|
||||
}
|
||||
/*
|
||||
$this->syncGroups($user, [
|
||||
'count'=>4,
|
||||
0=>'CN=vergussmaschine_networkfolder,OU=groups,OU=sanube,DC=SALLABERGER,DC=local',
|
||||
1=>'CN=Limesurvey,OU=groups,OU=sanube,DC=SALLABERGER,DC=local',
|
||||
2=>'CN=Altium365,OU=groups,OU=sanube,DC=SALLABERGER,DC=local',
|
||||
3=>'CN=Domain Admins,OU=groups,OU=sanube,DC=SALLABERGER,DC=local'
|
||||
]
|
||||
);
|
||||
*/
|
||||
if(!empty($settings->_ldapGroupField) && !empty($info[0][$settings->_ldapGroupField])) {
|
||||
$this->syncGroups($user, $info[0][$settings->_ldapGroupField]);
|
||||
}
|
||||
}
|
||||
}
|
||||
} elseif($user) {
|
||||
$user = false;
|
||||
}
|
||||
ldap_close($ds);
|
||||
|
||||
|
|
|
|||
|
|
@ -373,6 +373,9 @@ class Settings { /* {{{ */
|
|||
// Used only by AD <username>@_ldapAccountDomainName will be used for a bind
|
||||
// when the user is validated
|
||||
var $_ldapAccountDomainName = "";
|
||||
// Name of the ldap field containing the groups of the user, e.g. memeberOf
|
||||
// This field must contain the DN of the groups
|
||||
var $_ldapGroupField = "";
|
||||
// Type of Ldap server: 0 = ldap; 1 = AD
|
||||
var $_ldapType = 1;
|
||||
// Additional filter when searching for the user. If not set, the user will be searched
|
||||
|
|
@ -704,6 +707,7 @@ class Settings { /* {{{ */
|
|||
$this->_ldapBindPw = strVal($connectorNode["bindPw"]);
|
||||
$this->_ldapType = 0;
|
||||
$this->_ldapFilter = strVal($connectorNode["filter"]);
|
||||
$this->_ldapGroupField = strVal($connectorNode["groupField"]);
|
||||
}
|
||||
else if ($params['enable'] && ($typeConn == "AD"))
|
||||
{
|
||||
|
|
@ -715,6 +719,7 @@ class Settings { /* {{{ */
|
|||
$this->_ldapType = 1;
|
||||
$this->_ldapFilter = strVal($connectorNode["filter"]);
|
||||
$this->_ldapAccountDomainName = strVal($connectorNode["accountDomainName"]);
|
||||
$this->_ldapGroupField = strVal($connectorNode["groupField"]);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -140,6 +140,7 @@ class SeedDMS_View_Info extends SeedDMS_Theme_Style {
|
|||
echo "<th>".getMLText("directory_check_result")."</th>\n";
|
||||
echo "</tr>\n</thead>\n<tbody>\n";
|
||||
check_result('directory_check_ext_exists', is_dir($settings->_rootDir."/ext"));
|
||||
check_result('directory_check_ext_below_docroot', is_dir($_SERVER['DOCUMENT_ROOT']."/ext"));
|
||||
check_result('directory_check_ext_writable', is_writable($settings->_rootDir."/ext"));
|
||||
check_result('directory_check_data_exists', is_dir($settings->_contentDir));
|
||||
check_result('directory_check_data_writable', is_writable($settings->_contentDir));
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user