From 25cb1ea149d75f0eda599d7b4287b701b74831ca Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Tue, 4 Jul 2006 15:29:56 +0000 Subject: [PATCH] =?UTF-8?q?D=E9but=20ajout=20gestion=20utilisateurs=20ldap?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- htdocs/lib/authldap.lib.php | 97 ++++++++++++++++++++++--------------- htdocs/main.inc.php | 9 ++-- htdocs/user/fiche.php | 18 +++---- 3 files changed, 71 insertions(+), 53 deletions(-) diff --git a/htdocs/lib/authldap.lib.php b/htdocs/lib/authldap.lib.php index a1326e35bd4..ee14afaa430 100644 --- a/htdocs/lib/authldap.lib.php +++ b/htdocs/lib/authldap.lib.php @@ -80,6 +80,20 @@ class AuthLdap { * Message texte de l'erreur */ var $ldapErrorText; + + + //Fetch user + var $name; + var $firstname; + var $login; + var $phone; + var $fax; + var $mail; + var $mobile; + + var $uacf; + var $pwdlastset; + // 1.2 Private properties ---------------------------------------------------- /** @@ -94,26 +108,32 @@ class AuthLdap { /** * Constructor- creates a new instance of the authentication class * - * @param string the ldap server to connect to - * @param string the base dn - * @param string the server type- current supports OpenLdap and ActiveDirectory - * @param string the domain to use when authenticating against Active Directory - * @param string the username to authenticate with when searching if anonymous binding is not supported - * @param string the password to authenticate with when searching if anonymous binding is not supported */ function AuthLdap () { global $conf; + //Server $this->server = array($conf->global->LDAP_SERVER_HOST, $conf->global->LDAP_SERVER_HOST_SLAVE); - $this->serverPort = $conf->global->LDAP_SERVER_PORT; + $this->serverPort = $conf->global->LDAP_SERVER_PORT; $this->ldapProtocolVersion = $conf->global->LDAP_SERVER_PROTOCOLVERSION; - $this->dn = $conf->global->LDAP_SERVER_DN; - $this->serverType = $conf->global->LDAP_SERVER_TYPE; - $this->domain = $sDomain; - $this->searchUser = $conf->global->LDAP_ADMIN_DN; - $this->searchPassword = $conf->global->LDAP_ADMIN_PASS; - $this->people = $conf->global->LDAP_USER_DN; - $this->groups = $conf->global->LDAP_GROUP_DN; + $this->dn = $conf->global->LDAP_SERVER_DN; + $this->serverType = $conf->global->LDAP_SERVER_TYPE; + $this->domain = $sDomain; //Todo: ajouter en base + $this->searchUser = $conf->global->LDAP_ADMIN_DN; + $this->searchPassword = $conf->global->LDAP_ADMIN_PASS; + $this->people = $conf->global->LDAP_USER_DN; + $this->groups = $conf->global->LDAP_GROUP_DN; + $this->filter = $conf->global->LDAP_FILTER_CONNECTION; + + //Users + $this->attr_login = $conf->global->LDAP_FIELD_LOGIN; //unix + $this->attr_sambalogin = $conf->global->LDAP_FIELD_LOGIN_SAMBA; //samba, activedirectory + $this->attr_name = $conf->global->LDAP_FIELD_NAME; + $this->attr_firstname = $conf->global->LDAP_FIELD_FIRSTNAME; + $this->attr_mail = $conf->global->LDAP_FIELD_MAIL; + $this->attr_phone = $conf->global->LDAP_FIELD_PHONE; + $this->attr_fax = $conf->global->LDAP_FIELD_FAX; + $this->attr_mobile = $conf->global->LDAP_FIELD_MOBILE; } // 2.1 Connection handling methods ------------------------------------------- @@ -410,15 +430,12 @@ class AuthLdap { * results are returned (eg:- multiple email addresses) */ function getAttribute ( $uname,$attribute) { - - // builds the appropriate dn, based on whether $this->people and/or $this->group is set - //$checkDn = $this->setDn( true); - $checkDn = $this->people; + $results[0] = $attribute; $filtre = $this->getUserIdentifier()."=$uname"; // We need to search for this user in order to get their entry. - $this->result = @ldap_search( $this->connection,$checkDn,$filtre,$results); + $this->result = @ldap_search( $this->connection,$this->people,$filtre,$results); $info = ldap_get_entries( $this->connection, $this->result); // Only one entry should ever be returned (no user will have the same uid) @@ -473,12 +490,6 @@ class AuthLdap { * users. The $attributeArray variable contains the required user detail field names */ function getUsers( $search, $attributeArray) { - - global $conf; - - // builds the appropriate dn, based on whether $this->people and/or $this->group is set - //$checkDn = $this->setDn( true); - $checkDn = $conf->global->LDAP_USER_DN; // Perform the search and get the entry handles @@ -487,9 +498,9 @@ class AuthLdap { $this->authBind($this->searchUser, $this->searchPassword); } - $filter = '('.$conf->global->LDAP_FILTER_CONNECTION.'('.$this->getUserIdentifier().'='.$search.'))'; + $filter = '('.$this->filter.'('.$this->getUserIdentifier().'='.$search.'))'; - $this->result = @ldap_search( $this->connection, $checkDn, $filter); + $this->result = @ldap_search( $this->connection, $this->People, $filter); if (!$this->result) { @@ -543,13 +554,10 @@ class AuthLdap { */ function getObjectSid($ldapUser) { - global $conf; - $criteria = $this->getUserIdentifier()."=$ldapUser"; $justthese = array("objectsid"); - $checkDn = $conf->global->LDAP_USER_DN; - $ldapSearchResult = ldap_search($this->connection, $checkDn, $criteria, $justthese); + $ldapSearchResult = ldap_search($this->connection, $this->people, $criteria, $justthese); $entry = ldap_first_entry($this->connection, $ldapSearchResult); $ldapBinary = ldap_get_values_len ($this->connection, $entry, "objectsid"); @@ -619,7 +627,6 @@ class AuthLdap { * \param $user : utilisateur ldap */ function fetch( $user) { - global $conf; // Perform the search and get the entry handles @@ -627,10 +634,11 @@ class AuthLdap { if ($this->serverType == "activedirectory") { $this->authBind($this->searchUser, $this->searchPassword); } - $checkDn = $this->people; - $filter = '('.$conf->global->LDAP_FILTER_CONNECTION.'('.$this->getUserIdentifier().'='.$user.'))'; + $userIdentifier = $this->getUserIdentifier(); - $this->result = @ldap_search( $this->connection, $checkDn, $filter); + $filter = '('.$this->filter.'('.$userIdentifier.'='.$user.'))'; + + $this->result = @ldap_search( $this->connection, $this->people, $filter); $result = @ldap_get_entries( $this->connection, $this->result); @@ -641,8 +649,18 @@ class AuthLdap { } else { - //ldap_free_result($this->result); - return $result; + $this->name = utf8_decode($result[0][$this->attr_name][0]); + $this->firstname = utf8_decode($result[0][$this->attr_firstname][0]); + $this->login = utf8_decode($result[0][$userIdentifier][0]); + $this->phone = utf8_decode($result[0][$this->attr_phone][0]); + $this->fax = utf8_decode($result[0][$this->attr_fax][0]); + $this->mail = utf8_decode($result[0][$this->attr_mail][0]); + $this->mobile = utf8_decode($result[0][$this->attr_mobile][0]); + + $this->uacf = $this->parseUACF(utf8_decode($result[0]["useraccountcontrol"][0])); + $this->pwdlastset = utf8_decode($result[0]["pwdlastset"][0]); + + ldap_free_result($this->result); } } @@ -678,11 +696,10 @@ class AuthLdap { * Returns the correct user identifier to use, based on the ldap server type */ function getUserIdentifier() { - global $conf; if ($this->serverType == "activedirectory") { - return $conf->global->LDAP_FIELD_LOGIN_SAMBA; + return $this->attr_sambalogin; } else { - return $conf->global->LDAP_FIELD_LOGIN; + return $this->attr_login; } } diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index 38ec7f00ccd..0f5870e7c8b 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -69,6 +69,7 @@ $bc[1]="class=\"pair\""; // plusieurs modes sont indiqués. // Exemple: array('http','dolibarr'); // Exemple: array('ldap'); +//$authmode=array('ldap'); $authmode=array('http','dolibarr'); if (isset($dolibarr_auto_user)) $authmode=array('auto'); @@ -167,12 +168,12 @@ if (! session_id() && ! isset($_SESSION["dol_user"]) && ! isset($_SESSION["dol_ 'basedn' => $conf->global->LDAP_SERVER_DN, 'binddn' => $conf->global->LDAP_ADMIN_DN, 'bindpw' => $conf->global->LDAP_ADMIN_PASS, - 'userattr' => $conf->global->LDAP_FIELD_LOGIN_SAMBA, + //'userattr' => $conf->global->LDAP_FIELD_LOGIN_SAMBA, + 'userattr' => 'samAccountName', 'userfilter' => '(objectClass=user)', ); - - $aDol = new DOLIAuth("DB", $params, "loginfunction"); - $aDol->setSessionName("DOLSESSID_".$dolibarr_main_db_name); + + $aDol = new DOLIAuth("LDAP", $params, "loginfunction"); $aDol->start(); $result = $aDol->getAuth(); // Si deja logue avec succes, renvoie vrai, sinon effectue un redirect sur page loginfunction et renvoie false if ($result) diff --git a/htdocs/user/fiche.php b/htdocs/user/fiche.php index 5f3ffb5af43..3cd06d892d7 100644 --- a/htdocs/user/fiche.php +++ b/htdocs/user/fiche.php @@ -351,10 +351,10 @@ if (($action == 'create') || ($action == 'adduserldap')) /* * ajout utilisateur ldap */ - if ($conf->ldap->enabled) - { - if ($conf->global->LDAP_SERVER_HOST && $conf->global->LDAP_ADMIN_DN && $conf->global->LDAP_ADMIN_PASS) - { +// if ($conf->ldap->enabled) +// { +// if ($conf->global->LDAP_SERVER_HOST && $conf->global->LDAP_ADMIN_DN && $conf->global->LDAP_ADMIN_PASS) +// { $name = $conf->global->LDAP_FIELD_NAME; $firstname = $conf->global->LDAP_FIELD_FIRSTNAME; $mail = $conf->global->LDAP_FIELD_MAIL; @@ -430,8 +430,8 @@ if (($action == 'create') || ($action == 'adduserldap')) print $ldap->ldapErrorCode; print $ldap->ldapErrorText; } - } - } + //} +//} print '
'; print ''; @@ -605,16 +605,16 @@ else $message .= $ldap->ldapErrorCode." - ".$ldap->ldapErrorText; } } + //On vérifie les options du compte - $control = $ldap->parseUACF(utf8_decode($entries[0]["useraccountcontrol"][0])); - foreach ($control as $key => $statut) + foreach ($ldap->uacf as $key => $statut) { if ($key == 65536) { $passDoNotExpire = $langs->trans("LdapUacf_".$statut); } } - if (utf8_decode($entries[0]["pwdlastset"][0]) == 0 && utf8_decode($entries[0]["pwdlastset"][0]) != "") + if ($ldap->pwdlastset == 0 && $ldap->pwdlastset != "") { $userChangePassNextLogon = $langs->trans("UserMustChangePassNextLogon"); }