gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-11-28 10:30:42 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

ldap search can be filtered

Browse Source
This commit is contained in:
Uwe Steinmann 2016-01-19 15:30:54 +01:00
parent e0ae06441e
commit c43c5e64eb
4 changed files with 24 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
conf/settings.xml.template
View File

@ -111,6 +111,7 @@
- URIs are supported, e.g.: ldaps://ldap.host.com - URIs are supported, e.g.: ldaps://ldap.host.com
- port: port of the authentification server - port: port of the authentification server
- baseDN: top level of the LDAP directory tree - baseDN: top level of the LDAP directory tree
- filter: Additional filters which are to be checked
--> -->
<connector <connector
enable = "false" enable = "false"
@ -120,6 +121,7 @@
baseDN = "" baseDN = ""
bindDN="" bindDN=""
bindPw="" bindPw=""
filter=""
> >
</connector> </connector>
<!-- ***** CONNECTOR Microsoft Active Directory ***** <!-- ***** CONNECTOR Microsoft Active Directory *****

3
inc/inc.ClassSettings.php
View File

@ -217,6 +217,7 @@ class Settings { /* {{{ */
var $_ldapBindPw = ""; var $_ldapBindPw = "";
var $_ldapAccountDomainName = ""; var $_ldapAccountDomainName = "";
var $_ldapType = 1; // 0 = ldap; 1 = AD var $_ldapType = 1; // 0 = ldap; 1 = AD
var $_ldapFilter = "";
var $_converters = array(); // list of commands used to convert files to text for Indexer var $_converters = array(); // list of commands used to convert files to text for Indexer
/** /**
@ -422,6 +423,7 @@ class Settings { /* {{{ */
$this->_ldapBindDN = strVal($connectorNode["bindDN"]); $this->_ldapBindDN = strVal($connectorNode["bindDN"]);
$this->_ldapBindPw = strVal($connectorNode["bindPw"]); $this->_ldapBindPw = strVal($connectorNode["bindPw"]);
$this->_ldapType = 0; $this->_ldapType = 0;
$this->_ldapFilter = strVal($connectorNode["filter"]);
} }
else if ($params['enable'] && ($typeConn == "AD")) else if ($params['enable'] && ($typeConn == "AD"))
{ {
@ -431,6 +433,7 @@ class Settings { /* {{{ */
$this->_ldapBindDN = strVal($connectorNode["bindDN"]); $this->_ldapBindDN = strVal($connectorNode["bindDN"]);
$this->_ldapBindPw = strVal($connectorNode["bindPw"]); $this->_ldapBindPw = strVal($connectorNode["bindPw"]);
$this->_ldapType = 1; $this->_ldapType = 1;
$this->_ldapFilter = strVal($connectorNode["filter"]);
$this->_ldapAccountDomainName = strVal($connectorNode["accountDomainName"]); $this->_ldapAccountDomainName = strVal($connectorNode["accountDomainName"]);
} }
} }

2
install/settings.xml.template_install
View File

@ -118,6 +118,7 @@
- URIs are supported, e.g.: ldaps://ldap.host.com - URIs are supported, e.g.: ldaps://ldap.host.com
- port: port of the authentification server - port: port of the authentification server
- baseDN: top level of the LDAP directory tree - baseDN: top level of the LDAP directory tree
- filter: Additional filters which are to be checked
--> -->
<connector <connector
enable = "false" enable = "false"
@ -127,6 +128,7 @@
baseDN = "" baseDN = ""
bindDN="" bindDN=""
bindPw="" bindPw=""
filter=""
> >
</connector> </connector>
<!-- ***** CONNECTOR Microsoft Active Directory ***** <!-- ***** CONNECTOR Microsoft Active Directory *****

12
op/op.Login.php
View File

@ -117,7 +117,11 @@ if (!$user && isset($settings->_ldapHost) && strlen($settings->_ldapHost)>0) {
$dn = false; $dn = false;
/* If bind succeed, then get the dn of for the user */ /* If bind succeed, then get the dn of for the user */
if ($bind) { if ($bind) {
$search = ldap_search($ds, $settings->_ldapBaseDN, $ldapSearchAttribut.$login); if (isset($settings->_ldapFilter) && strlen($settings->_ldapFilter) > 0) {
$search = ldap_search($ds, $settings->_ldapBaseDN, "(&(".$ldapSearchAttribut.$login.")".$settings->_ldapFilter.")");
} else {
$search = ldap_search($ds, $settings->_ldapBaseDN, $ldapSearchAttribut.$login);
}
if (!is_bool($search)) { if (!is_bool($search)) {
$info = ldap_get_entries($ds, $search); $info = ldap_get_entries($ds, $search);
if (!is_bool($info) && $info["count"]>0) { if (!is_bool($info) && $info["count"]>0) {
@ -142,7 +146,11 @@ if (!$user && isset($settings->_ldapHost) && strlen($settings->_ldapHost)>0) {
$user = $dms->getUserByLogin($login); $user = $dms->getUserByLogin($login);
if (is_bool($user) && !$settings->_restricted) { if (is_bool($user) && !$settings->_restricted) {
// Retrieve the user's LDAP information. // Retrieve the user's LDAP information.
$search = ldap_search($ds, $settings->_ldapBaseDN, $ldapSearchAttribut . $login); if (isset($settings->_ldapFilter) && strlen($settings->_ldapFilter) > 0) {
$search = ldap_search($ds, $settings->_ldapBaseDN, "(&(".$ldapSearchAttribut.$login.")".$settings->_ldapFilter.")");
} else {
$search = ldap_search($ds, $settings->_ldapBaseDN, $ldapSearchAttribut.$login);
}
if (!is_bool($search)) { if (!is_bool($search)) {
$info = ldap_get_entries($ds, $search); $info = ldap_get_entries($ds, $search);