Merge pull request #7520 from hregis/develop_ldap
Fix: Set LDAP password when LDAP key changed
This commit is contained in:
Laurent Destailleur
GitHub
commit
4bc7eb0ec1
@ -419,7 +419,7 @@ class Adherent extends CommonObject
|
||||
$this->db->begin();
|
||||
|
||||
$sql = "UPDATE ".MAIN_DB_PREFIX."adherent SET";
|
||||
$sql.= " civility = ".($this->civility_id>0?$this->db->escape($this->civility_id):"null");
|
||||
$sql.= " civility = ".($this->civility_id?"'".$this->db->escape($this->civility_id)."'":"null");
|
||||
$sql.= ", firstname = ".($this->firstname?"'".$this->db->escape($this->firstname)."'":"null");
|
||||
$sql.= ", lastname = ".($this->lastname?"'".$this->db->escape($this->lastname)."'":"null");
|
||||
$sql.= ", login = ".($this->login?"'".$this->db->escape($this->login)."'":"null");
|
||||
@ -1954,49 +1954,100 @@ class Adherent extends CommonObject
|
||||
*
|
||||
* @return array Tableau info des attributs
|
||||
*/
|
||||
function _load_ldap_info()
|
||||
{
|
||||
global $conf,$langs;
|
||||
function _load_ldap_info()
|
||||
{
|
||||
global $conf,$langs;
|
||||
|
||||
$info=array();
|
||||
$info=array();
|
||||
$keymodified=false;
|
||||
|
||||
// Object classes
|
||||
$info["objectclass"]=explode(',',$conf->global->LDAP_MEMBER_OBJECT_CLASS);
|
||||
// Object classes
|
||||
$info["objectclass"]=explode(',',$conf->global->LDAP_MEMBER_OBJECT_CLASS);
|
||||
|
||||
$this->fullname=$this->getFullName($langs);
|
||||
$this->fullname=$this->getFullName($langs);
|
||||
|
||||
// Member
|
||||
if ($this->fullname && ! empty($conf->global->LDAP_MEMBER_FIELD_FULLNAME)) $info[$conf->global->LDAP_MEMBER_FIELD_FULLNAME] = $this->fullname;
|
||||
if ($this->lastname && ! empty($conf->global->LDAP_MEMBER_FIELD_NAME)) $info[$conf->global->LDAP_MEMBER_FIELD_NAME] = $this->lastname;
|
||||
if ($this->firstname && ! empty($conf->global->LDAP_MEMBER_FIELD_FIRSTNAME)) $info[$conf->global->LDAP_MEMBER_FIELD_FIRSTNAME] = $this->firstname;
|
||||
if ($this->login && ! empty($conf->global->LDAP_MEMBER_FIELD_LOGIN)) $info[$conf->global->LDAP_MEMBER_FIELD_LOGIN] = $this->login;
|
||||
if ($this->pass && ! empty($conf->global->LDAP_MEMBER_FIELD_PASSWORD)) $info[$conf->global->LDAP_MEMBER_FIELD_PASSWORD] = $this->pass; // this->pass = mot de passe non crypte
|
||||
if ($this->pass && ! empty($conf->global->LDAP_MEMBER_FIELD_PASSWORD_CRYPTED)) $info[$conf->global->LDAP_MEMBER_FIELD_PASSWORD_CRYPTED] = dol_hash($this->pass, 4); // md5 for OpenLdap TODO add type of encryption
|
||||
if ($this->poste && ! empty($conf->global->LDAP_MEMBER_FIELD_TITLE)) $info[$conf->global->LDAP_MEMBER_FIELD_TITLE] = $this->poste;
|
||||
if ($this->address && ! empty($conf->global->LDAP_MEMBER_FIELD_ADDRESS)) $info[$conf->global->LDAP_MEMBER_FIELD_ADDRESS] = $this->address;
|
||||
if ($this->zip && ! empty($conf->global->LDAP_MEMBER_FIELD_ZIP)) $info[$conf->global->LDAP_MEMBER_FIELD_ZIP] = $this->zip;
|
||||
if ($this->town && ! empty($conf->global->LDAP_MEMBER_FIELD_TOWN)) $info[$conf->global->LDAP_MEMBER_FIELD_TOWN] = $this->town;
|
||||
if ($this->country_code && ! empty($conf->global->LDAP_MEMBER_FIELD_COUNTRY)) $info[$conf->global->LDAP_MEMBER_FIELD_COUNTRY] = $this->country_code;
|
||||
if ($this->email && ! empty($conf->global->LDAP_MEMBER_FIELD_MAIL)) $info[$conf->global->LDAP_MEMBER_FIELD_MAIL] = $this->email;
|
||||
if ($this->skype && ! empty($conf->global->LDAP_MEMBER_FIELD_SKYPE)) $info[$conf->global->LDAP_MEMBER_FIELD_SKYPE] = $this->skype;
|
||||
if ($this->phone && ! empty($conf->global->LDAP_MEMBER_FIELD_PHONE)) $info[$conf->global->LDAP_MEMBER_FIELD_PHONE] = $this->phone;
|
||||
if ($this->phone_perso && ! empty($conf->global->LDAP_MEMBER_FIELD_PHONE_PERSO)) $info[$conf->global->LDAP_MEMBER_FIELD_PHONE_PERSO] = $this->phone_perso;
|
||||
if ($this->phone_mobile && ! empty($conf->global->LDAP_MEMBER_FIELD_MOBILE)) $info[$conf->global->LDAP_MEMBER_FIELD_MOBILE] = $this->phone_mobile;
|
||||
if ($this->fax && ! empty($conf->global->LDAP_MEMBER_FIELD_FAX)) $info[$conf->global->LDAP_MEMBER_FIELD_FAX] = $this->fax;
|
||||
if ($this->note_private && ! empty($conf->global->LDAP_MEMBER_FIELD_DESCRIPTION)) $info[$conf->global->LDAP_MEMBER_FIELD_DESCRIPTION] = $this->note_private;
|
||||
if ($this->note_public && ! empty($conf->global->LDAP_MEMBER_FIELD_NOTE_PUBLIC)) $info[$conf->global->LDAP_MEMBER_FIELD_NOTE_PUBLIC] = $this->note_public;
|
||||
if ($this->birth && ! empty($conf->global->LDAP_MEMBER_FIELD_BIRTHDATE)) $info[$conf->global->LDAP_MEMBER_FIELD_BIRTHDATE] = dol_print_date($this->birth,'dayhourldap');
|
||||
if (isset($this->statut) && ! empty($conf->global->LDAP_FIELD_MEMBER_STATUS)) $info[$conf->global->LDAP_FIELD_MEMBER_STATUS] = $this->statut;
|
||||
if ($this->datefin && ! empty($conf->global->LDAP_FIELD_MEMBER_END_LASTSUBSCRIPTION)) $info[$conf->global->LDAP_FIELD_MEMBER_END_LASTSUBSCRIPTION] = dol_print_date($this->datefin,'dayhourldap');
|
||||
// For avoid ldap error when firstname and lastname are empty
|
||||
if ($this->morphy == 'mor' && empty($this->fullname)) {
|
||||
$this->fullname = $this->societe;
|
||||
$this->lastname = $this->societe;
|
||||
}
|
||||
|
||||
// Subscriptions
|
||||
if ($this->first_subscription_date && ! empty($conf->global->LDAP_FIELD_MEMBER_FIRSTSUBSCRIPTION_DATE)) $info[$conf->global->LDAP_FIELD_MEMBER_FIRSTSUBSCRIPTION_DATE] = dol_print_date($this->first_subscription_date,'dayhourldap');
|
||||
if (isset($this->first_subscription_amount) && ! empty($conf->global->LDAP_FIELD_MEMBER_FIRSTSUBSCRIPTION_AMOUNT)) $info[$conf->global->LDAP_FIELD_MEMBER_FIRSTSUBSCRIPTION_AMOUNT] = $this->first_subscription_amount;
|
||||
if ($this->last_subscription_date && ! empty($conf->global->LDAP_FIELD_MEMBER_LASTSUBSCRIPTION_DATE)) $info[$conf->global->LDAP_FIELD_MEMBER_LASTSUBSCRIPTION_DATE] = dol_print_date($this->last_subscription_date,'dayhourldap');
|
||||
if (isset($this->last_subscription_amount) && ! empty($conf->global->LDAP_FIELD_MEMBER_LASTSUBSCRIPTION_AMOUNT)) $info[$conf->global->LDAP_FIELD_MEMBER_LASTSUBSCRIPTION_AMOUNT] = $this->last_subscription_amount;
|
||||
// Possible LDAP KEY (constname => varname)
|
||||
$ldapkey = array(
|
||||
'LDAP_MEMBER_FIELD_FULLNAME' => 'fullname',
|
||||
'LDAP_MEMBER_FIELD_NAME' => 'lastname',
|
||||
'LDAP_MEMBER_FIELD_LOGIN' => 'login',
|
||||
'LDAP_MEMBER_FIELD_LOGIN_SAMBA' => 'login',
|
||||
'LDAP_MEMBER_FIELD_MAIL' => 'email'
|
||||
);
|
||||
|
||||
return $info;
|
||||
}
|
||||
// Member
|
||||
foreach ($ldapkey as $constname => $varname)
|
||||
{
|
||||
if (! empty($this->$varname) && ! empty($conf->global->$constname))
|
||||
{
|
||||
$info[$conf->global->$constname] = $this->$varname;
|
||||
|
||||
// Check if it is the LDAP key and if its value has been changed
|
||||
if (! empty($conf->global->LDAP_KEY_MEMBERS) && $conf->global->LDAP_KEY_MEMBERS == $conf->global->$constname)
|
||||
{
|
||||
if (! empty($this->oldcopy) && $this->$varname != $this->oldcopy->$varname) $keymodified=true; // For check if LDAP key has been modified
|
||||
}
|
||||
}
|
||||
}
|
||||
if ($this->firstname && ! empty($conf->global->LDAP_MEMBER_FIELD_FIRSTNAME)) $info[$conf->global->LDAP_MEMBER_FIELD_FIRSTNAME] = $this->firstname;
|
||||
if ($this->poste && ! empty($conf->global->LDAP_MEMBER_FIELD_TITLE)) $info[$conf->global->LDAP_MEMBER_FIELD_TITLE] = $this->poste;
|
||||
if ($this->societe && ! empty($conf->global->LDAP_MEMBER_FIELD_COMPANY)) $info[$conf->global->LDAP_MEMBER_FIELD_COMPANY] = $this->societe;
|
||||
if ($this->address && ! empty($conf->global->LDAP_MEMBER_FIELD_ADDRESS)) $info[$conf->global->LDAP_MEMBER_FIELD_ADDRESS] = $this->address;
|
||||
if ($this->zip && ! empty($conf->global->LDAP_MEMBER_FIELD_ZIP)) $info[$conf->global->LDAP_MEMBER_FIELD_ZIP] = $this->zip;
|
||||
if ($this->town && ! empty($conf->global->LDAP_MEMBER_FIELD_TOWN)) $info[$conf->global->LDAP_MEMBER_FIELD_TOWN] = $this->town;
|
||||
if ($this->country_code && ! empty($conf->global->LDAP_MEMBER_FIELD_COUNTRY)) $info[$conf->global->LDAP_MEMBER_FIELD_COUNTRY] = $this->country_code;
|
||||
if ($this->skype && ! empty($conf->global->LDAP_MEMBER_FIELD_SKYPE)) $info[$conf->global->LDAP_MEMBER_FIELD_SKYPE] = $this->skype;
|
||||
if ($this->phone && ! empty($conf->global->LDAP_MEMBER_FIELD_PHONE)) $info[$conf->global->LDAP_MEMBER_FIELD_PHONE] = $this->phone;
|
||||
if ($this->phone_perso && ! empty($conf->global->LDAP_MEMBER_FIELD_PHONE_PERSO)) $info[$conf->global->LDAP_MEMBER_FIELD_PHONE_PERSO] = $this->phone_perso;
|
||||
if ($this->phone_mobile && ! empty($conf->global->LDAP_MEMBER_FIELD_MOBILE)) $info[$conf->global->LDAP_MEMBER_FIELD_MOBILE] = $this->phone_mobile;
|
||||
if ($this->fax && ! empty($conf->global->LDAP_MEMBER_FIELD_FAX)) $info[$conf->global->LDAP_MEMBER_FIELD_FAX] = $this->fax;
|
||||
if ($this->note_private && ! empty($conf->global->LDAP_MEMBER_FIELD_DESCRIPTION)) $info[$conf->global->LDAP_MEMBER_FIELD_DESCRIPTION] = $this->note_private;
|
||||
if ($this->note_public && ! empty($conf->global->LDAP_MEMBER_FIELD_NOTE_PUBLIC)) $info[$conf->global->LDAP_MEMBER_FIELD_NOTE_PUBLIC] = $this->note_public;
|
||||
if ($this->birth && ! empty($conf->global->LDAP_MEMBER_FIELD_BIRTHDATE)) $info[$conf->global->LDAP_MEMBER_FIELD_BIRTHDATE] = dol_print_date($this->birth,'dayhourldap');
|
||||
if (isset($this->statut) && ! empty($conf->global->LDAP_FIELD_MEMBER_STATUS)) $info[$conf->global->LDAP_FIELD_MEMBER_STATUS] = $this->statut;
|
||||
if ($this->datefin && ! empty($conf->global->LDAP_FIELD_MEMBER_END_LASTSUBSCRIPTION)) $info[$conf->global->LDAP_FIELD_MEMBER_END_LASTSUBSCRIPTION] = dol_print_date($this->datefin,'dayhourldap');
|
||||
|
||||
// When password is modified
|
||||
if (! empty($this->pass))
|
||||
{
|
||||
if (! empty($conf->global->LDAP_MEMBER_FIELD_PASSWORD)) $info[$conf->global->LDAP_MEMBER_FIELD_PASSWORD] = $this->pass; // this->pass = mot de passe non crypte
|
||||
if (! empty($conf->global->LDAP_MEMBER_FIELD_PASSWORD_CRYPTED)) $info[$conf->global->LDAP_MEMBER_FIELD_PASSWORD_CRYPTED] = dol_hash($this->pass, 4); // Create OpenLDAP MD5 password (TODO add type of encryption)
|
||||
}
|
||||
// Set LDAP password if possible
|
||||
else if ($conf->global->LDAP_SERVER_PROTOCOLVERSION !== '3') // If ldap key is modified and LDAPv3 we use ldap_rename function for avoid lose encrypt password
|
||||
{
|
||||
if (! empty($conf->global->DATABASE_PWD_ENCRYPTED))
|
||||
{
|
||||
// Just for the default MD5 !
|
||||
if (empty($conf->global->MAIN_SECURITY_HASH_ALGO))
|
||||
{
|
||||
if ($this->pass_indatabase_crypted && ! empty($conf->global->LDAP_MEMBER_FIELD_PASSWORD_CRYPTED)) {
|
||||
$info[$conf->global->LDAP_MEMBER_FIELD_PASSWORD_CRYPTED] = dol_hash($this->pass_indatabase_crypted, 5); // Create OpenLDAP MD5 password from Dolibarr MD5 password
|
||||
}
|
||||
}
|
||||
}
|
||||
// Use $this->pass_indatabase value if exists
|
||||
else if (! empty($this->pass_indatabase))
|
||||
{
|
||||
if (! empty($conf->global->LDAP_MEMBER_FIELD_PASSWORD)) $info[$conf->global->LDAP_MEMBER_FIELD_PASSWORD] = $this->pass_indatabase; // $this->pass_indatabase = mot de passe non crypte
|
||||
if (! empty($conf->global->LDAP_MEMBER_FIELD_PASSWORD_CRYPTED)) $info[$conf->global->LDAP_MEMBER_FIELD_PASSWORD_CRYPTED] = dol_hash($this->pass_indatabase, 4); // md5 for OpenLdap TODO add type of encryption
|
||||
}
|
||||
}
|
||||
|
||||
// Subscriptions
|
||||
if ($this->first_subscription_date && ! empty($conf->global->LDAP_FIELD_MEMBER_FIRSTSUBSCRIPTION_DATE)) $info[$conf->global->LDAP_FIELD_MEMBER_FIRSTSUBSCRIPTION_DATE] = dol_print_date($this->first_subscription_date,'dayhourldap');
|
||||
if (isset($this->first_subscription_amount) && ! empty($conf->global->LDAP_FIELD_MEMBER_FIRSTSUBSCRIPTION_AMOUNT)) $info[$conf->global->LDAP_FIELD_MEMBER_FIRSTSUBSCRIPTION_AMOUNT] = $this->first_subscription_amount;
|
||||
if ($this->last_subscription_date && ! empty($conf->global->LDAP_FIELD_MEMBER_LASTSUBSCRIPTION_DATE)) $info[$conf->global->LDAP_FIELD_MEMBER_LASTSUBSCRIPTION_DATE] = dol_print_date($this->last_subscription_date,'dayhourldap');
|
||||
if (isset($this->last_subscription_amount) && ! empty($conf->global->LDAP_FIELD_MEMBER_LASTSUBSCRIPTION_AMOUNT)) $info[$conf->global->LDAP_FIELD_MEMBER_LASTSUBSCRIPTION_AMOUNT] = $this->last_subscription_amount;
|
||||
|
||||
return $info;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
|
||||
@ -59,26 +59,23 @@ if (! $result)
|
||||
|
||||
if ($action == 'dolibarr2ldap')
|
||||
{
|
||||
$db->begin();
|
||||
|
||||
$ldap=new Ldap();
|
||||
$result=$ldap->connect_bind();
|
||||
|
||||
$info=$object->_load_ldap_info();
|
||||
$dn=$object->_load_ldap_dn($info);
|
||||
$olddn=$dn; // We can say that old dn = dn as we force synchro
|
||||
|
||||
$result=$ldap->update($dn,$info,$user,$olddn);
|
||||
|
||||
if ($result >= 0)
|
||||
if ($result > 0)
|
||||
{
|
||||
setEventMessages($langs->trans("MemberSynchronized"), null, 'mesgs');
|
||||
$db->commit();
|
||||
$info=$object->_load_ldap_info();
|
||||
$dn=$object->_load_ldap_dn($info);
|
||||
$olddn=$dn; // We can say that old dn = dn as we force synchro
|
||||
|
||||
$result=$ldap->update($dn,$info,$user,$olddn);
|
||||
}
|
||||
else
|
||||
{
|
||||
|
||||
if ($result >= 0) {
|
||||
setEventMessages($langs->trans("MemberSynchronized"), null, 'mesgs');
|
||||
}
|
||||
else {
|
||||
setEventMessages($ldap->errors, $ldap->error, 'errors');
|
||||
$db->rollback();
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -1,10 +1,10 @@
|
||||
<?php
|
||||
/* Copyright (C) 2004 Rodolphe Quiedeville <rodolphe@quiedeville.org>
|
||||
* Copyright (C) 2004 Sebastien Di Cintio <sdicintio@ressource-toi.org>
|
||||
* Copyright (C) 2004 Benoit Mortier <benoit.mortier@opensides.be>
|
||||
* Copyright (C) 2005 Regis Houssin <regis.houssin@capnetworks.com>
|
||||
* Copyright (C) 2006-2008 Laurent Destailleur <eldy@users.sourceforge.net>
|
||||
* Copyright (C) 2011-2013 Juanjo Menent <jmenent@2byte.es>
|
||||
/* Copyright (C) 2004 Rodolphe Quiedeville <rodolphe@quiedeville.org>
|
||||
* Copyright (C) 2004 Sebastien Di Cintio <sdicintio@ressource-toi.org>
|
||||
* Copyright (C) 2004 Benoit Mortier <benoit.mortier@opensides.be>
|
||||
* Copyright (C) 2005-2017 Regis Houssin <regis.houssin@capnetworks.com>
|
||||
* Copyright (C) 2006-2008 Laurent Destailleur <eldy@users.sourceforge.net>
|
||||
* Copyright (C) 2011-2013 Juanjo Menent <jmenent@2byte.es>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
@ -68,6 +68,7 @@ if ($action == 'setvalue' && $user->admin)
|
||||
if (! dolibarr_set_const($db, 'LDAP_MEMBER_FIELD_MOBILE',GETPOST("fieldmobile"),'chaine',0,'',$conf->entity)) $error++;
|
||||
if (! dolibarr_set_const($db, 'LDAP_MEMBER_FIELD_SKYPE',GETPOST("fieldskype"),'chaine',0,'',$conf->entity)) $error++;
|
||||
if (! dolibarr_set_const($db, 'LDAP_MEMBER_FIELD_FAX',GETPOST("fieldfax"),'chaine',0,'',$conf->entity)) $error++;
|
||||
if (! dolibarr_set_const($db, 'LDAP_MEMBER_FIELD_COMPANY',GETPOST("fieldcompany"),'chaine',0,'',$conf->entity)) $error++;
|
||||
if (! dolibarr_set_const($db, 'LDAP_MEMBER_FIELD_ADDRESS',GETPOST("fieldaddress"),'chaine',0,'',$conf->entity)) $error++;
|
||||
if (! dolibarr_set_const($db, 'LDAP_MEMBER_FIELD_ZIP',GETPOST("fieldzip"),'chaine',0,'',$conf->entity)) $error++;
|
||||
if (! dolibarr_set_const($db, 'LDAP_MEMBER_FIELD_TOWN',GETPOST("fieldtown"),'chaine',0,'',$conf->entity)) $error++;
|
||||
@ -282,6 +283,14 @@ print '</td><td>'.$langs->trans("LDAPFieldFaxExample").'</td>';
|
||||
print '<td align="right"> </td>';
|
||||
print '</tr>';
|
||||
|
||||
// Company
|
||||
|
||||
print '<tr class="oddeven"><td>'.$langs->trans("LDAPFieldCompany").'</td><td>';
|
||||
print '<input size="25" type="text" name="fieldcompany" value="'.$conf->global->LDAP_MEMBER_FIELD_COMPANY.'">';
|
||||
print '</td><td>'.$langs->trans("LDAPFieldCompanyExample").'</td>';
|
||||
print '<td align="right"> </td>';
|
||||
print '</tr>';
|
||||
|
||||
// Address
|
||||
|
||||
print '<tr class="oddeven"><td>'.$langs->trans("LDAPFieldAddress").'</td><td>';
|
||||
|
||||
@ -65,6 +65,11 @@ if ($action == 'setvalue' && $user->admin)
|
||||
if (! dolibarr_set_const($db, 'LDAP_FIELD_MOBILE',GETPOST("fieldmobile"),'chaine',0,'',$conf->entity)) $error++;
|
||||
if (! dolibarr_set_const($db, 'LDAP_FIELD_SKYPE',GETPOST("fieldskype"),'chaine',0,'',$conf->entity)) $error++;
|
||||
if (! dolibarr_set_const($db, 'LDAP_FIELD_FAX',GETPOST("fieldfax"),'chaine',0,'',$conf->entity)) $error++;
|
||||
if (! dolibarr_set_const($db, 'LDAP_FIELD_COMPANY',GETPOST("fieldcompany"),'chaine',0,'',$conf->entity)) $error++;
|
||||
if (! dolibarr_set_const($db, 'LDAP_FIELD_ADDRESS',GETPOST("fieldaddress"),'chaine',0,'',$conf->entity)) $error++;
|
||||
if (! dolibarr_set_const($db, 'LDAP_FIELD_ZIP',GETPOST("fieldzip"),'chaine',0,'',$conf->entity)) $error++;
|
||||
if (! dolibarr_set_const($db, 'LDAP_FIELD_TOWN',GETPOST("fieldtown"),'chaine',0,'',$conf->entity)) $error++;
|
||||
if (! dolibarr_set_const($db, 'LDAP_FIELD_COUNTRY',GETPOST("fieldcountry"),'chaine',0,'',$conf->entity)) $error++;
|
||||
if (! dolibarr_set_const($db, 'LDAP_FIELD_DESCRIPTION',GETPOST("fielddescription"),'chaine',0,'',$conf->entity)) $error++;
|
||||
if (! dolibarr_set_const($db, 'LDAP_FIELD_SID',GETPOST("fieldsid"),'chaine',0,'',$conf->entity)) $error++;
|
||||
if (! dolibarr_set_const($db, 'LDAP_FIELD_TITLE',GETPOST("fieldtitle"),'chaine',0,'',$conf->entity)) $error++;
|
||||
@ -208,7 +213,7 @@ print '</tr>';
|
||||
print '<tr class="oddeven"><td>'.$langs->trans("LDAPFieldPasswordNotCrypted").'</td><td>';
|
||||
print '<input size="25" type="text" name="fieldpassword" value="'.$conf->global->LDAP_FIELD_PASSWORD.'">';
|
||||
print '</td><td>'.$langs->trans("LDAPFieldPasswordExample").'</td>';
|
||||
print '<td align="right"><input type="radio" name="key" value="LDAP_FIELD_PASSWORD"'.(($conf->global->LDAP_KEY_USERS && $conf->global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_PASSWORD)?' checked':'')."></td>";
|
||||
print '<td align="right"> </td>';
|
||||
print '</tr>';
|
||||
|
||||
// Password crypted
|
||||
@ -216,7 +221,7 @@ print '</tr>';
|
||||
print '<tr class="oddeven"><td>'.$langs->trans("LDAPFieldPasswordCrypted").'</td><td>';
|
||||
print '<input size="25" type="text" name="fieldpasswordcrypted" value="'.$conf->global->LDAP_FIELD_PASSWORD_CRYPTED.'">';
|
||||
print '</td><td>'.$langs->trans("LDAPFieldPasswordExample").'</td>';
|
||||
print '<td align="right"><input type="radio" name="key" value="LDAP_FIELD_PASSWORD_CRYPTED"'.(($conf->global->LDAP_KEY_USERS && $conf->global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_PASSWORD_CRYPTED)?' checked':'')."></td>";
|
||||
print '<td align="right"> </td>';
|
||||
print '</tr>';
|
||||
|
||||
// Mail
|
||||
@ -259,12 +264,52 @@ print '</td><td>'.$langs->trans("LDAPFieldFaxExample").'</td>';
|
||||
print '<td align="right"><input type="radio" name="key" value="LDAP_FIELD_FAX"'.(($conf->global->LDAP_KEY_USERS && $conf->global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_FAX)?' checked':'')."></td>";
|
||||
print '</tr>';
|
||||
|
||||
// Company
|
||||
|
||||
print '<tr class="oddeven"><td>'.$langs->trans("LDAPFieldCompany").'</td><td>';
|
||||
print '<input size="25" type="text" name="fieldcompany" value="'.$conf->global->LDAP_FIELD_COMPANY.'">';
|
||||
print '</td><td>'.$langs->trans("LDAPFieldCompanyExample").'</td>';
|
||||
print '<td align="right"> </td>';
|
||||
print '</tr>';
|
||||
|
||||
// Address
|
||||
|
||||
print '<tr class="oddeven"><td>'.$langs->trans("LDAPFieldAddress").'</td><td>';
|
||||
print '<input size="25" type="text" name="fieldaddress" value="'.$conf->global->LDAP_FIELD_ADDRESS.'">';
|
||||
print '</td><td>'.$langs->trans("LDAPFieldAddressExample").'</td>';
|
||||
print '<td align="right"> </td>';
|
||||
print '</tr>';
|
||||
|
||||
// ZIP
|
||||
|
||||
print '<tr class="oddeven"><td>'.$langs->trans("LDAPFieldZip").'</td><td>';
|
||||
print '<input size="25" type="text" name="fieldzip" value="'.$conf->global->LDAP_FIELD_ZIP.'">';
|
||||
print '</td><td>'.$langs->trans("LDAPFieldZipExample").'</td>';
|
||||
print '<td align="right"> </td>';
|
||||
print '</tr>';
|
||||
|
||||
// TOWN
|
||||
|
||||
print '<tr class="oddeven"><td>'.$langs->trans("LDAPFieldTown").'</td><td>';
|
||||
print '<input size="25" type="text" name="fieldtown" value="'.$conf->global->LDAP_FIELD_TOWN.'">';
|
||||
print '</td><td>'.$langs->trans("LDAPFieldTownExample").'</td>';
|
||||
print '<td align="right"> </td>';
|
||||
print '</tr>';
|
||||
|
||||
// COUNTRY
|
||||
|
||||
print '<tr class="oddeven"><td>'.$langs->trans("LDAPFieldCountry").'</td><td>';
|
||||
print '<input size="25" type="text" name="fieldcountry" value="'.$conf->global->LDAP_FIELD_COUNTRY.'">';
|
||||
print '</td><td> </td>';
|
||||
print '<td align="right"> </td>';
|
||||
print '</tr>';
|
||||
|
||||
// Title
|
||||
|
||||
print '<tr class="oddeven"><td>'.$langs->trans("LDAPFieldTitle").'</td><td>';
|
||||
print '<input size="25" type="text" name="fieldtitle" value="'.$conf->global->LDAP_FIELD_TITLE.'">';
|
||||
print '</td><td>'.$langs->trans("LDAPFieldTitleExample").'</td>';
|
||||
print '<td align="right"><input type="radio" name="key" value="LDAP_FIELD_TITLE"'.(($conf->global->LDAP_KEY_USERS && $conf->global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_TITLE)?' checked':'')."></td>";
|
||||
print '<td align="right"> </td>';
|
||||
print '</tr>';
|
||||
|
||||
// Note
|
||||
@ -272,7 +317,7 @@ print '</tr>';
|
||||
print '<tr class="oddeven"><td>'.$langs->trans("Note").'</td><td>';
|
||||
print '<input size="25" type="text" name="fielddescription" value="'.$conf->global->LDAP_FIELD_DESCRIPTION.'">';
|
||||
print '</td><td>'.$langs->trans("LDAPFieldDescriptionExample").'</td>';
|
||||
print '<td align="right"><input type="radio" name="key" value="LDAP_FIELD_DESCRIPTION"'.(($conf->global->LDAP_KEY_USERS && $conf->global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_DESCRIPTION)?' checked':'')."></td>";
|
||||
print '<td align="right"> </td>';
|
||||
print '</tr>';
|
||||
|
||||
// Sid
|
||||
|
||||
@ -298,7 +298,7 @@ class Comment extends CommonObject
|
||||
$sql.= " c.rowid";
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."comment as c";
|
||||
$sql.= " WHERE c.fk_element = ".$fk_element;
|
||||
$sql.= " AND c.element_type = '".$element_type."'";
|
||||
$sql.= " AND c.element_type = '".$this->db->escape($element_type)."'";
|
||||
$sql.= " AND c.entity = ".$conf->entity;
|
||||
$sql.= " ORDER BY c.tms DESC";
|
||||
|
||||
|
||||
@ -402,10 +402,10 @@ class Ldap
|
||||
* Add a LDAP entry
|
||||
* Ldap object connect and bind must have been done
|
||||
*
|
||||
* @param string $dn DN entry key
|
||||
* @param array $info Attributes array
|
||||
* @param string $dn DN entry key
|
||||
* @param array $info Attributes array
|
||||
* @param User $user Objet user that create
|
||||
* @return int <0 if KO, >0 if OK
|
||||
* @return int <0 if KO, >0 if OK
|
||||
*/
|
||||
function add($dn, $info, $user)
|
||||
{
|
||||
@ -458,7 +458,7 @@ class Ldap
|
||||
*
|
||||
* @param string $dn DN entry key
|
||||
* @param array $info Attributes array
|
||||
* @param string $user Objet user that modify
|
||||
* @param User $user Objet user that modify
|
||||
* @return int <0 if KO, >0 if OK
|
||||
*/
|
||||
function modify($dn, $info, $user)
|
||||
@ -504,17 +504,69 @@ class Ldap
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Rename a LDAP entry
|
||||
* Ldap object connect and bind must have been done
|
||||
*
|
||||
* @param string $dn Old DN entry key (uid=qqq,ou=xxx,dc=aaa,dc=bbb) (before update)
|
||||
* @param string $newrdn New RDN entry key (uid=qqq)
|
||||
* @param string $newparent New parent (ou=xxx,dc=aaa,dc=bbb)
|
||||
* @param User $user Objet user that modify
|
||||
* @param bool $deleteoldrdn If TRUE the old RDN value(s) is removed, else the old RDN value(s) is retained as non-distinguished values of the entry.
|
||||
* @return int <0 if KO, >0 if OK
|
||||
*/
|
||||
function rename($dn, $newrdn, $newparent, $user, $deleteoldrdn = true)
|
||||
{
|
||||
global $conf;
|
||||
|
||||
dol_syslog(get_class($this)."::modify dn=".$dn." newrdn=".$newrdn." newparent=".$newparent." deleteoldrdn=".($deleteoldrdn?1:0));
|
||||
|
||||
// Check parameters
|
||||
if (! $this->connection)
|
||||
{
|
||||
$this->error="NotConnected";
|
||||
return -2;
|
||||
}
|
||||
if (! $this->bind)
|
||||
{
|
||||
$this->error="NotConnected";
|
||||
return -3;
|
||||
}
|
||||
|
||||
// Encode to LDAP page code
|
||||
$dn=$this->convFromOutputCharset($dn,$this->ldapcharset);
|
||||
$newrdn=$this->convFromOutputCharset($newrdn,$this->ldapcharset);
|
||||
$newparent=$this->convFromOutputCharset($newparent,$this->ldapcharset);
|
||||
|
||||
//print_r($info);
|
||||
$result=@ldap_rename($this->connection, $dn, $newrdn, $newparent, $deleteoldrdn);
|
||||
|
||||
if ($result)
|
||||
{
|
||||
dol_syslog(get_class($this)."::rename successfull", LOG_DEBUG);
|
||||
return 1;
|
||||
}
|
||||
else
|
||||
{
|
||||
$this->error=@ldap_error($this->connection);
|
||||
dol_syslog(get_class($this)."::rename failed: ".$this->error, LOG_ERR);
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Modify a LDAP entry (to use if dn != olddn)
|
||||
* Ldap object connect and bind must have been done
|
||||
*
|
||||
* @param string $dn DN entry key
|
||||
* @param array $info Attributes array
|
||||
* @param User $user Objet user that update
|
||||
* @param string $olddn Old DN entry key (before update)
|
||||
* @return int <0 if KO, >0 if OK
|
||||
* @param string $dn DN entry key
|
||||
* @param array $info Attributes array
|
||||
* @param User $user Objet user that update
|
||||
* @param string $olddn Old DN entry key (before update)
|
||||
* @param string $newrdn New RDN entry key (uid=qqq) (for ldap_rename)
|
||||
* @param string $newparent New parent (ou=xxx,dc=aaa,dc=bbb) (for ldap_rename)
|
||||
* @return int <0 if KO, >0 if OK
|
||||
*/
|
||||
function update($dn,$info,$user,$olddn)
|
||||
function update($dn, $info, $user, $olddn, $newrdn=false, $newparent=false)
|
||||
{
|
||||
global $conf;
|
||||
|
||||
@ -534,9 +586,17 @@ class Ldap
|
||||
|
||||
if (! $olddn || $olddn != $dn)
|
||||
{
|
||||
// If change we make is rename the key of LDAP record, we create new one and if ok, we delete old one.
|
||||
$result = $this->add($dn, $info, $user);
|
||||
if ($result > 0 && $olddn && $olddn != $dn) $result = $this->delete($olddn); // If add fails, we do not try to delete old one
|
||||
if (! empty($olddn) && ! empty($newrdn) && ! empty($newparent) && $conf->global->LDAP_SERVER_PROTOCOLVERSION === '3')
|
||||
{
|
||||
// This function currently only works with LDAPv3
|
||||
$result = $this->rename($olddn, $newrdn, $newparent, $user, true);
|
||||
}
|
||||
else
|
||||
{
|
||||
// If change we make is rename the key of LDAP record, we create new one and if ok, we delete old one.
|
||||
$result = $this->add($dn, $info, $user);
|
||||
if ($result > 0 && $olddn && $olddn != $dn) $result = $this->delete($olddn); // If add fails, we do not try to delete old one
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -1241,7 +1301,7 @@ class Ldap
|
||||
$this->firstname = $this->convToOutputCharset($result[0][$this->attr_firstname][0],$this->ldapcharset);
|
||||
$this->login = $this->convToOutputCharset($result[0][$this->attr_login][0],$this->ldapcharset);
|
||||
$this->phone = $this->convToOutputCharset($result[0][$this->attr_phone][0],$this->ldapcharset);
|
||||
$this->skype = $this->convToOutputCharset($result[0][$this->attr_skype][0],$this->ldapcharset);
|
||||
$this->skype = $this->convToOutputCharset($result[0][$this->attr_skype][0],$this->ldapcharset);
|
||||
$this->fax = $this->convToOutputCharset($result[0][$this->attr_fax][0],$this->ldapcharset);
|
||||
$this->mail = $this->convToOutputCharset($result[0][$this->attr_mail][0],$this->ldapcharset);
|
||||
$this->mobile = $this->convToOutputCharset($result[0][$this->attr_mobile][0],$this->ldapcharset);
|
||||
@ -1298,27 +1358,29 @@ class Ldap
|
||||
function parseUACF($uacf)
|
||||
{
|
||||
//All flags array
|
||||
$flags = array( "TRUSTED_TO_AUTH_FOR_DELEGATION" => 16777216,
|
||||
"PASSWORD_EXPIRED" => 8388608,
|
||||
"DONT_REQ_PREAUTH" => 4194304,
|
||||
"USE_DES_KEY_ONLY" => 2097152,
|
||||
"NOT_DELEGATED" => 1048576,
|
||||
"TRUSTED_FOR_DELEGATION" => 524288,
|
||||
"SMARTCARD_REQUIRED" => 262144,
|
||||
"MNS_LOGON_ACCOUNT" => 131072,
|
||||
"DONT_EXPIRE_PASSWORD" => 65536,
|
||||
"SERVER_TRUST_ACCOUNT" => 8192,
|
||||
"WORKSTATION_TRUST_ACCOUNT" => 4096,
|
||||
"INTERDOMAIN_TRUST_ACCOUNT" => 2048,
|
||||
"NORMAL_ACCOUNT" => 512,
|
||||
"TEMP_DUPLICATE_ACCOUNT" => 256,
|
||||
"ENCRYPTED_TEXT_PWD_ALLOWED" => 128,
|
||||
"PASSWD_CANT_CHANGE" => 64,
|
||||
"PASSWD_NOTREQD" => 32,
|
||||
"LOCKOUT" => 16,
|
||||
"HOMEDIR_REQUIRED" => 8,
|
||||
"ACCOUNTDISABLE" => 2,
|
||||
"SCRIPT" => 1);
|
||||
$flags = array(
|
||||
"TRUSTED_TO_AUTH_FOR_DELEGATION" => 16777216,
|
||||
"PASSWORD_EXPIRED" => 8388608,
|
||||
"DONT_REQ_PREAUTH" => 4194304,
|
||||
"USE_DES_KEY_ONLY" => 2097152,
|
||||
"NOT_DELEGATED" => 1048576,
|
||||
"TRUSTED_FOR_DELEGATION" => 524288,
|
||||
"SMARTCARD_REQUIRED" => 262144,
|
||||
"MNS_LOGON_ACCOUNT" => 131072,
|
||||
"DONT_EXPIRE_PASSWORD" => 65536,
|
||||
"SERVER_TRUST_ACCOUNT" => 8192,
|
||||
"WORKSTATION_TRUST_ACCOUNT" => 4096,
|
||||
"INTERDOMAIN_TRUST_ACCOUNT" => 2048,
|
||||
"NORMAL_ACCOUNT" => 512,
|
||||
"TEMP_DUPLICATE_ACCOUNT" => 256,
|
||||
"ENCRYPTED_TEXT_PWD_ALLOWED" => 128,
|
||||
"PASSWD_CANT_CHANGE" => 64,
|
||||
"PASSWD_NOTREQD" => 32,
|
||||
"LOCKOUT" => 16,
|
||||
"HOMEDIR_REQUIRED" => 8,
|
||||
"ACCOUNTDISABLE" => 2,
|
||||
"SCRIPT" => 1
|
||||
);
|
||||
|
||||
//Parse flags to text
|
||||
$retval = array();
|
||||
@ -1341,13 +1403,15 @@ class Ldap
|
||||
*/
|
||||
function parseSAT($samtype)
|
||||
{
|
||||
$stypes = array( 805306368 => "NORMAL_ACCOUNT",
|
||||
805306369 => "WORKSTATION_TRUST",
|
||||
805306370 => "INTERDOMAIN_TRUST",
|
||||
268435456 => "SECURITY_GLOBAL_GROUP",
|
||||
268435457 => "DISTRIBUTION_GROUP",
|
||||
536870912 => "SECURITY_LOCAL_GROUP",
|
||||
536870913 => "DISTRIBUTION_LOCAL_GROUP");
|
||||
$stypes = array(
|
||||
805306368 => "NORMAL_ACCOUNT",
|
||||
805306369 => "WORKSTATION_TRUST",
|
||||
805306370 => "INTERDOMAIN_TRUST",
|
||||
268435456 => "SECURITY_GLOBAL_GROUP",
|
||||
268435457 => "DISTRIBUTION_GROUP",
|
||||
536870912 => "SECURITY_LOCAL_GROUP",
|
||||
536870913 => "DISTRIBUTION_LOCAL_GROUP"
|
||||
);
|
||||
|
||||
$retval = "";
|
||||
while (list($sat, $val) = each($stypes)) {
|
||||
@ -1422,7 +1486,7 @@ class Ldap
|
||||
|
||||
$search='('.$conf->global->$keygroup.'=*)';
|
||||
$result = $this->search($this->groups,$search);
|
||||
if($result)
|
||||
if ($result)
|
||||
{
|
||||
$c = $result['count'];
|
||||
$gids = array();
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
<?php
|
||||
/* Copyright (C) 2006-2010 Laurent Destailleur <eldy@users.sourceforge.net>
|
||||
* Copyright (C) 2010-2012 Regis Houssin <regis.houssin@capnetworks.com>
|
||||
* Copyright (C) 2010-2017 Regis Houssin <regis.houssin@capnetworks.com>
|
||||
* Copyright (C) 2015 Frederic France <frederic.france@free.fr>
|
||||
* Copyright (C) 2015 Raphaël Doursenaud <rdoursenaud@gpcsolutions.fr>
|
||||
*
|
||||
@ -42,7 +42,8 @@ function contact_prepare_head(Contact $object)
|
||||
$head[$tab][2] = 'card';
|
||||
$tab++;
|
||||
|
||||
if (! empty($conf->ldap->enabled) && ! empty($conf->global->LDAP_CONTACT_ACTIVE))
|
||||
if ((! empty($conf->ldap->enabled) && ! empty($conf->global->LDAP_CONTACT_ACTIVE))
|
||||
&& (empty($conf->global->MAIN_DISABLE_LDAP_TAB) || ! empty($user->admin)))
|
||||
{
|
||||
$langs->load("ldap");
|
||||
|
||||
@ -94,7 +95,7 @@ function contact_prepare_head(Contact $object)
|
||||
}
|
||||
$head[$tab][2] = 'agenda';
|
||||
$tab++;
|
||||
|
||||
|
||||
// Log
|
||||
/*
|
||||
$head[$tab][0] = DOL_URL_ROOT.'/contact/info.php?id='.$object->id;
|
||||
|
||||
@ -1,7 +1,8 @@
|
||||
<?php
|
||||
/* Copyright (C) 2006-2015 Laurent Destailleur <eldy@users.sourceforge.net>
|
||||
* Copyright (C) 2015-2016 Alexandre Spangaro <aspangaro.dolibarr@gmail.com>
|
||||
* Copyright (C) 2015 Raphaël Doursenaud <rdoursenaud@gpcsolutions.fr>
|
||||
/* Copyright (C) 2006-2015 Laurent Destailleur <eldy@users.sourceforge.net>
|
||||
* Copyright (C) 2015-2016 Alexandre Spangaro <aspangaro.dolibarr@gmail.com>
|
||||
* Copyright (C) 2015 Raphaël Doursenaud <rdoursenaud@gpcsolutions.fr>
|
||||
* Copyright (C) 2017 Regis Houssin <regis.houssin@capnetworks.com>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
@ -41,7 +42,8 @@ function member_prepare_head(Adherent $object)
|
||||
$head[$h][2] = 'general';
|
||||
$h++;
|
||||
|
||||
if (! empty($conf->ldap->enabled) && ! empty($conf->global->LDAP_MEMBER_ACTIVE))
|
||||
if ((! empty($conf->ldap->enabled) && ! empty($conf->global->LDAP_MEMBER_ACTIVE))
|
||||
&& (empty($conf->global->MAIN_DISABLE_LDAP_TAB) || ! empty($user->admin)))
|
||||
{
|
||||
$langs->load("ldap");
|
||||
|
||||
@ -124,7 +126,8 @@ function member_type_prepare_head(AdherentType $object)
|
||||
$head[$h][2] = 'card';
|
||||
$h++;
|
||||
|
||||
if (! empty($conf->ldap->enabled) && ! empty($conf->global->LDAP_MEMBER_TYPE_ACTIVE))
|
||||
if ((! empty($conf->ldap->enabled) && ! empty($conf->global->LDAP_MEMBER_TYPE_ACTIVE))
|
||||
&& (empty($conf->global->MAIN_DISABLE_LDAP_TAB) || ! empty($user->admin)))
|
||||
{
|
||||
$langs->load("ldap");
|
||||
|
||||
|
||||
@ -87,7 +87,8 @@ function dol_hash($chain,$type=0)
|
||||
if ($type == 1) return sha1($chain);
|
||||
else if ($type == 2) return sha1(md5($chain));
|
||||
else if ($type == 3) return md5($chain);
|
||||
else if ($type == 4) return '{md5}'.base64_encode(mhash(MHASH_MD5,$chain)); // For OpenLdap with md5
|
||||
else if ($type == 4) return '{md5}'.base64_encode(mhash(MHASH_MD5,$chain)); // For OpenLdap with md5 (based on an unencrypted password in base)
|
||||
else if ($type == 5) return '{md5}'.base64_encode(hex2bin($chain)); // For OpenLdap with md5 (based on a md5 encrypted password in base)
|
||||
else if (! empty($conf->global->MAIN_SECURITY_HASH_ALGO) && $conf->global->MAIN_SECURITY_HASH_ALGO == 'sha1') return sha1($chain);
|
||||
else if (! empty($conf->global->MAIN_SECURITY_HASH_ALGO) && $conf->global->MAIN_SECURITY_HASH_ALGO == 'sha1md5') return sha1(md5($chain));
|
||||
|
||||
|
||||
@ -50,13 +50,14 @@ function user_prepare_head($object)
|
||||
$head[$h][2] = 'user';
|
||||
$h++;
|
||||
|
||||
if (! empty($conf->ldap->enabled) && ! empty($conf->global->LDAP_SYNCHRO_ACTIVE))
|
||||
if ((! empty($conf->ldap->enabled) && ! empty($conf->global->LDAP_SYNCHRO_ACTIVE))
|
||||
&& (empty($conf->global->MAIN_DISABLE_LDAP_TAB) || ! empty($user->admin)))
|
||||
{
|
||||
$langs->load("ldap");
|
||||
$head[$h][0] = DOL_URL_ROOT.'/user/ldap.php?id='.$object->id;
|
||||
$head[$h][1] = $langs->trans("LDAPCard");
|
||||
$head[$h][2] = 'ldap';
|
||||
$h++;
|
||||
$head[$h][0] = DOL_URL_ROOT.'/user/ldap.php?id='.$object->id;
|
||||
$head[$h][1] = $langs->trans("LDAPCard");
|
||||
$head[$h][2] = 'ldap';
|
||||
$h++;
|
||||
}
|
||||
|
||||
$head[$h][0] = DOL_URL_ROOT.'/user/param_ihm.php?id='.$object->id;
|
||||
@ -210,13 +211,14 @@ function group_prepare_head($object)
|
||||
$head[$h][2] = 'group';
|
||||
$h++;
|
||||
|
||||
if (! empty($conf->ldap->enabled) && ! empty($conf->global->LDAP_SYNCHRO_ACTIVE))
|
||||
if ((! empty($conf->ldap->enabled) && ! empty($conf->global->LDAP_SYNCHRO_ACTIVE))
|
||||
&& (empty($conf->global->MAIN_DISABLE_LDAP_TAB) || ! empty($user->admin)))
|
||||
{
|
||||
$langs->load("ldap");
|
||||
$head[$h][0] = DOL_URL_ROOT.'/user/group/ldap.php?id='.$object->id;
|
||||
$head[$h][1] = $langs->trans("LDAPCard");
|
||||
$head[$h][2] = 'ldap';
|
||||
$h++;
|
||||
$head[$h][0] = DOL_URL_ROOT.'/user/group/ldap.php?id='.$object->id;
|
||||
$head[$h][1] = $langs->trans("LDAPCard");
|
||||
$head[$h][2] = 'ldap';
|
||||
$h++;
|
||||
}
|
||||
|
||||
if ($canreadperms)
|
||||
|
||||
@ -51,7 +51,8 @@ class InterfaceLdapsynchro extends DolibarrTriggers
|
||||
*/
|
||||
public function runTrigger($action, $object, User $user, Translate $langs, Conf $conf)
|
||||
{
|
||||
if (empty($conf->ldap->enabled)) return 0; // Module not active, we do nothing
|
||||
if (empty($conf->ldap->enabled)) return 0; // Module not active, we do nothing
|
||||
if (defined('DISABLE_LDAP_SYNCHRO')) return 0; // If constant defined, we do nothing
|
||||
|
||||
if (! function_exists('ldap_connect'))
|
||||
{
|
||||
@ -111,8 +112,10 @@ class InterfaceLdapsynchro extends DolibarrTriggers
|
||||
|
||||
$info=$object->_load_ldap_info();
|
||||
$dn=$object->_load_ldap_dn($info);
|
||||
$newrdn=$object->_load_ldap_dn($info,2);
|
||||
$newparent=$object->_load_ldap_dn($info,1);
|
||||
|
||||
$result=$ldap->update($dn,$info,$user,$olddn);
|
||||
$result=$ldap->update($dn,$info,$user,$olddn,$newrdn,$newparent);
|
||||
}
|
||||
|
||||
if ($result < 0) $this->error="ErrorLDAP ".$ldap->error;
|
||||
@ -544,8 +547,10 @@ class InterfaceLdapsynchro extends DolibarrTriggers
|
||||
|
||||
$info=$object->_load_ldap_info();
|
||||
$dn=$object->_load_ldap_dn($info);
|
||||
$newrdn=$object->_load_ldap_dn($info,2);
|
||||
$newparent=$object->_load_ldap_dn($info,1);
|
||||
|
||||
$result=$ldap->update($dn,$info,$user,$olddn);
|
||||
$result=$ldap->update($dn,$info,$user,$olddn,$newrdn,$newparent);
|
||||
|
||||
// For member type
|
||||
if (! empty($conf->global->LDAP_MEMBER_TYPE_ACTIVE) && (string) $conf->global->LDAP_MEMBER_TYPE_ACTIVE == '1')
|
||||
|
||||
@ -45,17 +45,16 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php';
|
||||
require_once DOL_DOCUMENT_ROOT.'/core/class/html.formother.class.php';
|
||||
if (! empty($conf->ldap->enabled)) require_once DOL_DOCUMENT_ROOT.'/core/class/ldap.class.php';
|
||||
if (! empty($conf->adherent->enabled)) require_once DOL_DOCUMENT_ROOT.'/adherents/class/adherent.class.php';
|
||||
if (! empty($conf->multicompany->enabled)) dol_include_once('/multicompany/class/actions_multicompany.class.php');
|
||||
if (! empty($conf->categorie->enabled)) require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php';
|
||||
if (!empty($conf->global->MAIN_USE_EXPENSE_IK)) require_once DOL_DOCUMENT_ROOT.'/expensereport/class/expensereport_ik.class.php';
|
||||
|
||||
$id = GETPOST('id','int');
|
||||
$action = GETPOST('action','alpha');
|
||||
$mode = GETPOST('mode','alpha');
|
||||
$confirm = GETPOST('confirm','alpha');
|
||||
$confirm = GETPOST('confirm','alpha');
|
||||
$subaction = GETPOST('subaction','alpha');
|
||||
$group = GETPOST("group","int",3);
|
||||
$cancel = GETPOST('cancel','alpha');
|
||||
$cancel = GETPOST('cancel','alpha');
|
||||
|
||||
// Users/Groups management only in master entity if transverse mode
|
||||
if (($action == 'create' || $action == 'adduserldap') && ! empty($conf->multicompany->enabled) && $conf->entity > 1 && $conf->global->MULTICOMPANY_TRANSVERSE_MODE)
|
||||
@ -291,10 +290,10 @@ if (empty($reshook)) {
|
||||
|
||||
$object->fetch($id);
|
||||
if ($action == 'addgroup') {
|
||||
$object->SetInGroup($group, (! empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE) ? GETPOST('entity', 'int') : $editgroup->entity));
|
||||
$result = $object->SetInGroup($group, (! empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE) ? GETPOST('entity', 'int') : $editgroup->entity));
|
||||
}
|
||||
if ($action == 'removegroup') {
|
||||
$object->RemoveFromGroup($group, (! empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE) ? GETPOST('entity', 'int') : $editgroup->entity));
|
||||
$result = $object->RemoveFromGroup($group, (! empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE) ? GETPOST('entity', 'int') : $editgroup->entity));
|
||||
}
|
||||
|
||||
if ($result > 0) {
|
||||
|
||||
@ -2267,8 +2267,8 @@ class User extends CommonObject
|
||||
*
|
||||
* @param array $info Info array loaded by _load_ldap_info
|
||||
* @param int $mode 0=Return full DN (uid=qqq,ou=xxx,dc=aaa,dc=bbb)
|
||||
* 1=
|
||||
* 2=Return key only (uid=qqq)
|
||||
* 1=Return parent (ou=xxx,dc=aaa,dc=bbb)
|
||||
* 2=Return key only (RDN) (uid=qqq)
|
||||
* @return string DN
|
||||
*/
|
||||
function _load_ldap_dn($info,$mode=0)
|
||||
@ -2291,40 +2291,83 @@ class User extends CommonObject
|
||||
global $conf,$langs;
|
||||
|
||||
$info=array();
|
||||
$keymodified=false;
|
||||
|
||||
// Object classes
|
||||
$info["objectclass"]=explode(',',$conf->global->LDAP_USER_OBJECT_CLASS);
|
||||
|
||||
$this->fullname=$this->getFullName($langs);
|
||||
|
||||
// Possible LDAP KEY (constname => varname)
|
||||
$ldapkey = array(
|
||||
'LDAP_FIELD_FULLNAME' => 'fullname',
|
||||
'LDAP_FIELD_NAME' => 'lastname',
|
||||
'LDAP_FIELD_FIRSTNAME' => 'firstname',
|
||||
'LDAP_FIELD_LOGIN' => 'login',
|
||||
'LDAP_FIELD_LOGIN_SAMBA' => 'login',
|
||||
'LDAP_FIELD_PHONE' => 'office_phone',
|
||||
'LDAP_FIELD_MOBILE' => 'user_mobile',
|
||||
'LDAP_FIELD_FAX' => 'office_fax',
|
||||
'LDAP_FIELD_MAIL' => 'email',
|
||||
'LDAP_FIELD_SID' => 'ldap_sid',
|
||||
'LDAP_FIELD_SKYPE' => 'skype'
|
||||
);
|
||||
|
||||
// Champs
|
||||
if ($this->fullname && ! empty($conf->global->LDAP_FIELD_FULLNAME)) $info[$conf->global->LDAP_FIELD_FULLNAME] = $this->fullname;
|
||||
if ($this->lastname && ! empty($conf->global->LDAP_FIELD_NAME)) $info[$conf->global->LDAP_FIELD_NAME] = $this->lastname;
|
||||
if ($this->firstname && ! empty($conf->global->LDAP_FIELD_FIRSTNAME)) $info[$conf->global->LDAP_FIELD_FIRSTNAME] = $this->firstname;
|
||||
if ($this->login && ! empty($conf->global->LDAP_FIELD_LOGIN)) $info[$conf->global->LDAP_FIELD_LOGIN] = $this->login;
|
||||
if ($this->login && ! empty($conf->global->LDAP_FIELD_LOGIN_SAMBA)) $info[$conf->global->LDAP_FIELD_LOGIN_SAMBA] = $this->login;
|
||||
if ($this->pass && ! empty($conf->global->LDAP_FIELD_PASSWORD)) $info[$conf->global->LDAP_FIELD_PASSWORD] = $this->pass; // this->pass = mot de passe non crypte
|
||||
if ($this->pass && ! empty($conf->global->LDAP_FIELD_PASSWORD_CRYPTED)) $info[$conf->global->LDAP_FIELD_PASSWORD_CRYPTED] = dol_hash($this->pass, 4); // md5 for OpenLdap TODO add type of encryption
|
||||
if ($this->ldap_sid && ! empty($conf->global->LDAP_FIELD_SID)) $info[$conf->global->LDAP_FIELD_SID] = $this->ldap_sid;
|
||||
if ($this->societe_id > 0)
|
||||
foreach ($ldapkey as $constname => $varname)
|
||||
{
|
||||
if (! empty($this->$varname) && ! empty($conf->global->$constname))
|
||||
{
|
||||
$info[$conf->global->$constname] = $this->$varname;
|
||||
|
||||
// Check if it is the LDAP key and if its value has been changed
|
||||
if (! empty($conf->global->LDAP_KEY_USERS) && $conf->global->LDAP_KEY_USERS == $conf->global->$constname)
|
||||
{
|
||||
if (! empty($this->oldcopy) && $this->$varname != $this->oldcopy->$varname) $keymodified=true; // For check if LDAP key has been modified
|
||||
}
|
||||
}
|
||||
}
|
||||
if ($this->address && ! empty($conf->global->LDAP_FIELD_ADDRESS)) $info[$conf->global->LDAP_FIELD_ADDRESS] = $this->address;
|
||||
if ($this->zip && ! empty($conf->global->LDAP_FIELD_ZIP)) $info[$conf->global->LDAP_FIELD_ZIP] = $this->zip;
|
||||
if ($this->town && ! empty($conf->global->LDAP_FIELD_TOWN)) $info[$conf->global->LDAP_FIELD_TOWN] = $this->town;
|
||||
if ($this->note_public && ! empty($conf->global->LDAP_FIELD_DESCRIPTION)) $info[$conf->global->LDAP_FIELD_DESCRIPTION] = $this->note_public;
|
||||
if ($this->socid > 0)
|
||||
{
|
||||
$soc = new Societe($this->db);
|
||||
$soc->fetch($this->societe_id);
|
||||
$soc->fetch($this->socid);
|
||||
|
||||
$info["o"] = $soc->lastname;
|
||||
$info[$conf->global->LDAP_FIELD_COMPANY] = $soc->name;
|
||||
if ($soc->client == 1) $info["businessCategory"] = "Customers";
|
||||
if ($soc->client == 2) $info["businessCategory"] = "Prospects";
|
||||
if ($soc->fournisseur == 1) $info["businessCategory"] = "Suppliers";
|
||||
}
|
||||
if ($this->address && ! empty($conf->global->LDAP_FIELD_ADDRESS)) $info[$conf->global->LDAP_FIELD_ADDRESS] = $this->address;
|
||||
if ($this->zip && ! empty($conf->global->LDAP_FIELD_ZIP)) $info[$conf->global->LDAP_FIELD_ZIP] = $this->zip;
|
||||
if ($this->town && ! empty($conf->global->LDAP_FIELD_TOWN)) $info[$conf->global->LDAP_FIELD_TOWN] = $this->town;
|
||||
if ($this->office_phone && ! empty($conf->global->LDAP_FIELD_PHONE)) $info[$conf->global->LDAP_FIELD_PHONE] = $this->office_phone;
|
||||
if ($this->user_mobile && ! empty($conf->global->LDAP_FIELD_MOBILE)) $info[$conf->global->LDAP_FIELD_MOBILE] = $this->user_mobile;
|
||||
if ($this->office_fax && ! empty($conf->global->LDAP_FIELD_FAX)) $info[$conf->global->LDAP_FIELD_FAX] = $this->office_fax;
|
||||
if ($this->note && ! empty($conf->global->LDAP_FIELD_DESCRIPTION)) $info[$conf->global->LDAP_FIELD_DESCRIPTION] = $this->note;
|
||||
if ($this->email && ! empty($conf->global->LDAP_FIELD_MAIL)) $info[$conf->global->LDAP_FIELD_MAIL] = $this->email;
|
||||
if ($this->skype && ! empty($conf->global->LDAP_FIELD_SKYPE)) $info[$conf->global->LDAP_FIELD_SKYPE] = $this->skype;
|
||||
|
||||
// When password is modified
|
||||
if (! empty($this->pass))
|
||||
{
|
||||
if (! empty($conf->global->LDAP_FIELD_PASSWORD)) $info[$conf->global->LDAP_FIELD_PASSWORD] = $this->pass; // this->pass = mot de passe non crypte
|
||||
if (! empty($conf->global->LDAP_FIELD_PASSWORD_CRYPTED)) $info[$conf->global->LDAP_FIELD_PASSWORD_CRYPTED] = dol_hash($this->pass, 4); // Create OpenLDAP MD5 password (TODO add type of encryption)
|
||||
}
|
||||
// Set LDAP password if possible
|
||||
else if ($conf->global->LDAP_SERVER_PROTOCOLVERSION !== '3') // If ldap key is modified and LDAPv3 we use ldap_rename function for avoid lose encrypt password
|
||||
{
|
||||
if (! empty($conf->global->DATABASE_PWD_ENCRYPTED))
|
||||
{
|
||||
// Just for the default MD5 !
|
||||
if (empty($conf->global->MAIN_SECURITY_HASH_ALGO))
|
||||
{
|
||||
if ($this->pass_indatabase_crypted && ! empty($conf->global->LDAP_FIELD_PASSWORD_CRYPTED)) {
|
||||
$info[$conf->global->LDAP_FIELD_PASSWORD_CRYPTED] = dol_hash($this->pass_indatabase_crypted, 5); // Create OpenLDAP MD5 password from Dolibarr MD5 password
|
||||
}
|
||||
}
|
||||
}
|
||||
// Use $this->pass_indatabase value if exists
|
||||
else if (! empty($this->pass_indatabase))
|
||||
{
|
||||
if (! empty($conf->global->LDAP_FIELD_PASSWORD)) $info[$conf->global->LDAP_FIELD_PASSWORD] = $this->pass_indatabase; // $this->pass_indatabase = mot de passe non crypte
|
||||
if (! empty($conf->global->LDAP_FIELD_PASSWORD_CRYPTED)) $info[$conf->global->LDAP_FIELD_PASSWORD_CRYPTED] = dol_hash($this->pass_indatabase, 4); // md5 for OpenLdap TODO add type of encryption
|
||||
}
|
||||
}
|
||||
|
||||
if ($conf->global->LDAP_SERVER_TYPE == 'egroupware')
|
||||
{
|
||||
|
||||
@ -29,7 +29,6 @@ require_once DOL_DOCUMENT_ROOT.'/user/class/usergroup.class.php';
|
||||
require_once DOL_DOCUMENT_ROOT.'/core/lib/usergroups.lib.php';
|
||||
require_once DOL_DOCUMENT_ROOT.'/core/class/extrafields.class.php';
|
||||
require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php';
|
||||
if(! empty($conf->multicompany->enabled)) dol_include_once('/multicompany/class/actions_multicompany.class.php');
|
||||
|
||||
// Defini si peux lire/modifier utilisateurs et permisssions
|
||||
$canreadperms=($user->admin || $user->rights->user->user->lire);
|
||||
|
||||
@ -26,9 +26,6 @@
|
||||
*/
|
||||
|
||||
require '../main.inc.php';
|
||||
if (! empty($conf->multicompany->enabled))
|
||||
dol_include_once('/multicompany/class/actions_multicompany.class.php', 'ActionsMulticompany');
|
||||
|
||||
|
||||
if (! $user->rights->user->user->lire && ! $user->admin)
|
||||
accessforbidden();
|
||||
|
||||
@ -57,30 +57,29 @@ $parameters=array('id'=>$socid);
|
||||
$reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks
|
||||
if ($reshook < 0) setEventMessages($hookmanager->error, $hookmanager->errors, 'errors');
|
||||
|
||||
if (empty($reshook)) {
|
||||
if ($_GET["action"] == 'dolibarr2ldap') {
|
||||
$db->begin();
|
||||
if (empty($reshook))
|
||||
{
|
||||
if ($_GET["action"] == 'dolibarr2ldap')
|
||||
{
|
||||
$ldap = new Ldap();
|
||||
$result = $ldap->connect_bind();
|
||||
|
||||
$ldap = new Ldap();
|
||||
$result = $ldap->connect_bind();
|
||||
if ($result > 0)
|
||||
{
|
||||
$info = $object->_load_ldap_info();
|
||||
$dn = $object->_load_ldap_dn($info);
|
||||
$olddn = $dn; // We can say that old dn = dn as we force synchro
|
||||
|
||||
$info = $object->_load_ldap_info();
|
||||
$dn = $object->_load_ldap_dn($info);
|
||||
$olddn = $dn; // We can say that old dn = dn as we force synchro
|
||||
$result = $ldap->update($dn, $info, $user, $olddn);
|
||||
}
|
||||
|
||||
$result = $ldap->update($dn, $info, $user, $olddn);
|
||||
|
||||
if ($result >= 0)
|
||||
{
|
||||
setEventMessages($langs->trans("UserSynchronized"), null, 'mesgs');
|
||||
$db->commit();
|
||||
}
|
||||
else
|
||||
{
|
||||
setEventMessages($ldap->error, $ldap->errors, 'errors');
|
||||
$db->rollback();
|
||||
}
|
||||
}
|
||||
if ($result >= 0) {
|
||||
setEventMessages($langs->trans("UserSynchronized"), null, 'mesgs');
|
||||
}
|
||||
else {
|
||||
setEventMessages($ldap->error, $ldap->errors, 'errors');
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
|
||||
Loading…
Reference in New Issue
Block a user