diff --git a/htdocs/adherents/class/adherent.class.php b/htdocs/adherents/class/adherent.class.php index 037d27ea852..40fa2da6088 100644 --- a/htdocs/adherents/class/adherent.class.php +++ b/htdocs/adherents/class/adherent.class.php @@ -419,7 +419,7 @@ class Adherent extends CommonObject $this->db->begin(); $sql = "UPDATE ".MAIN_DB_PREFIX."adherent SET"; - $sql.= " civility = ".($this->civility_id>0?$this->db->escape($this->civility_id):"null"); + $sql.= " civility = ".($this->civility_id?"'".$this->db->escape($this->civility_id)."'":"null"); $sql.= ", firstname = ".($this->firstname?"'".$this->db->escape($this->firstname)."'":"null"); $sql.= ", lastname = ".($this->lastname?"'".$this->db->escape($this->lastname)."'":"null"); $sql.= ", login = ".($this->login?"'".$this->db->escape($this->login)."'":"null"); @@ -1954,49 +1954,100 @@ class Adherent extends CommonObject * * @return array Tableau info des attributs */ - function _load_ldap_info() - { - global $conf,$langs; + function _load_ldap_info() + { + global $conf,$langs; - $info=array(); + $info=array(); + $keymodified=false; - // Object classes - $info["objectclass"]=explode(',',$conf->global->LDAP_MEMBER_OBJECT_CLASS); + // Object classes + $info["objectclass"]=explode(',',$conf->global->LDAP_MEMBER_OBJECT_CLASS); - $this->fullname=$this->getFullName($langs); + $this->fullname=$this->getFullName($langs); - // Member - if ($this->fullname && ! empty($conf->global->LDAP_MEMBER_FIELD_FULLNAME)) $info[$conf->global->LDAP_MEMBER_FIELD_FULLNAME] = $this->fullname; - if ($this->lastname && ! empty($conf->global->LDAP_MEMBER_FIELD_NAME)) $info[$conf->global->LDAP_MEMBER_FIELD_NAME] = $this->lastname; - if ($this->firstname && ! empty($conf->global->LDAP_MEMBER_FIELD_FIRSTNAME)) $info[$conf->global->LDAP_MEMBER_FIELD_FIRSTNAME] = $this->firstname; - if ($this->login && ! empty($conf->global->LDAP_MEMBER_FIELD_LOGIN)) $info[$conf->global->LDAP_MEMBER_FIELD_LOGIN] = $this->login; - if ($this->pass && ! empty($conf->global->LDAP_MEMBER_FIELD_PASSWORD)) $info[$conf->global->LDAP_MEMBER_FIELD_PASSWORD] = $this->pass; // this->pass = mot de passe non crypte - if ($this->pass && ! empty($conf->global->LDAP_MEMBER_FIELD_PASSWORD_CRYPTED)) $info[$conf->global->LDAP_MEMBER_FIELD_PASSWORD_CRYPTED] = dol_hash($this->pass, 4); // md5 for OpenLdap TODO add type of encryption - if ($this->poste && ! empty($conf->global->LDAP_MEMBER_FIELD_TITLE)) $info[$conf->global->LDAP_MEMBER_FIELD_TITLE] = $this->poste; - if ($this->address && ! empty($conf->global->LDAP_MEMBER_FIELD_ADDRESS)) $info[$conf->global->LDAP_MEMBER_FIELD_ADDRESS] = $this->address; - if ($this->zip && ! empty($conf->global->LDAP_MEMBER_FIELD_ZIP)) $info[$conf->global->LDAP_MEMBER_FIELD_ZIP] = $this->zip; - if ($this->town && ! empty($conf->global->LDAP_MEMBER_FIELD_TOWN)) $info[$conf->global->LDAP_MEMBER_FIELD_TOWN] = $this->town; - if ($this->country_code && ! empty($conf->global->LDAP_MEMBER_FIELD_COUNTRY)) $info[$conf->global->LDAP_MEMBER_FIELD_COUNTRY] = $this->country_code; - if ($this->email && ! empty($conf->global->LDAP_MEMBER_FIELD_MAIL)) $info[$conf->global->LDAP_MEMBER_FIELD_MAIL] = $this->email; - if ($this->skype && ! empty($conf->global->LDAP_MEMBER_FIELD_SKYPE)) $info[$conf->global->LDAP_MEMBER_FIELD_SKYPE] = $this->skype; - if ($this->phone && ! empty($conf->global->LDAP_MEMBER_FIELD_PHONE)) $info[$conf->global->LDAP_MEMBER_FIELD_PHONE] = $this->phone; - if ($this->phone_perso && ! empty($conf->global->LDAP_MEMBER_FIELD_PHONE_PERSO)) $info[$conf->global->LDAP_MEMBER_FIELD_PHONE_PERSO] = $this->phone_perso; - if ($this->phone_mobile && ! empty($conf->global->LDAP_MEMBER_FIELD_MOBILE)) $info[$conf->global->LDAP_MEMBER_FIELD_MOBILE] = $this->phone_mobile; - if ($this->fax && ! empty($conf->global->LDAP_MEMBER_FIELD_FAX)) $info[$conf->global->LDAP_MEMBER_FIELD_FAX] = $this->fax; - if ($this->note_private && ! empty($conf->global->LDAP_MEMBER_FIELD_DESCRIPTION)) $info[$conf->global->LDAP_MEMBER_FIELD_DESCRIPTION] = $this->note_private; - if ($this->note_public && ! empty($conf->global->LDAP_MEMBER_FIELD_NOTE_PUBLIC)) $info[$conf->global->LDAP_MEMBER_FIELD_NOTE_PUBLIC] = $this->note_public; - if ($this->birth && ! empty($conf->global->LDAP_MEMBER_FIELD_BIRTHDATE)) $info[$conf->global->LDAP_MEMBER_FIELD_BIRTHDATE] = dol_print_date($this->birth,'dayhourldap'); - if (isset($this->statut) && ! empty($conf->global->LDAP_FIELD_MEMBER_STATUS)) $info[$conf->global->LDAP_FIELD_MEMBER_STATUS] = $this->statut; - if ($this->datefin && ! empty($conf->global->LDAP_FIELD_MEMBER_END_LASTSUBSCRIPTION)) $info[$conf->global->LDAP_FIELD_MEMBER_END_LASTSUBSCRIPTION] = dol_print_date($this->datefin,'dayhourldap'); + // For avoid ldap error when firstname and lastname are empty + if ($this->morphy == 'mor' && empty($this->fullname)) { + $this->fullname = $this->societe; + $this->lastname = $this->societe; + } - // Subscriptions - if ($this->first_subscription_date && ! empty($conf->global->LDAP_FIELD_MEMBER_FIRSTSUBSCRIPTION_DATE)) $info[$conf->global->LDAP_FIELD_MEMBER_FIRSTSUBSCRIPTION_DATE] = dol_print_date($this->first_subscription_date,'dayhourldap'); - if (isset($this->first_subscription_amount) && ! empty($conf->global->LDAP_FIELD_MEMBER_FIRSTSUBSCRIPTION_AMOUNT)) $info[$conf->global->LDAP_FIELD_MEMBER_FIRSTSUBSCRIPTION_AMOUNT] = $this->first_subscription_amount; - if ($this->last_subscription_date && ! empty($conf->global->LDAP_FIELD_MEMBER_LASTSUBSCRIPTION_DATE)) $info[$conf->global->LDAP_FIELD_MEMBER_LASTSUBSCRIPTION_DATE] = dol_print_date($this->last_subscription_date,'dayhourldap'); - if (isset($this->last_subscription_amount) && ! empty($conf->global->LDAP_FIELD_MEMBER_LASTSUBSCRIPTION_AMOUNT)) $info[$conf->global->LDAP_FIELD_MEMBER_LASTSUBSCRIPTION_AMOUNT] = $this->last_subscription_amount; + // Possible LDAP KEY (constname => varname) + $ldapkey = array( + 'LDAP_MEMBER_FIELD_FULLNAME' => 'fullname', + 'LDAP_MEMBER_FIELD_NAME' => 'lastname', + 'LDAP_MEMBER_FIELD_LOGIN' => 'login', + 'LDAP_MEMBER_FIELD_LOGIN_SAMBA' => 'login', + 'LDAP_MEMBER_FIELD_MAIL' => 'email' + ); - return $info; - } + // Member + foreach ($ldapkey as $constname => $varname) + { + if (! empty($this->$varname) && ! empty($conf->global->$constname)) + { + $info[$conf->global->$constname] = $this->$varname; + + // Check if it is the LDAP key and if its value has been changed + if (! empty($conf->global->LDAP_KEY_MEMBERS) && $conf->global->LDAP_KEY_MEMBERS == $conf->global->$constname) + { + if (! empty($this->oldcopy) && $this->$varname != $this->oldcopy->$varname) $keymodified=true; // For check if LDAP key has been modified + } + } + } + if ($this->firstname && ! empty($conf->global->LDAP_MEMBER_FIELD_FIRSTNAME)) $info[$conf->global->LDAP_MEMBER_FIELD_FIRSTNAME] = $this->firstname; + if ($this->poste && ! empty($conf->global->LDAP_MEMBER_FIELD_TITLE)) $info[$conf->global->LDAP_MEMBER_FIELD_TITLE] = $this->poste; + if ($this->societe && ! empty($conf->global->LDAP_MEMBER_FIELD_COMPANY)) $info[$conf->global->LDAP_MEMBER_FIELD_COMPANY] = $this->societe; + if ($this->address && ! empty($conf->global->LDAP_MEMBER_FIELD_ADDRESS)) $info[$conf->global->LDAP_MEMBER_FIELD_ADDRESS] = $this->address; + if ($this->zip && ! empty($conf->global->LDAP_MEMBER_FIELD_ZIP)) $info[$conf->global->LDAP_MEMBER_FIELD_ZIP] = $this->zip; + if ($this->town && ! empty($conf->global->LDAP_MEMBER_FIELD_TOWN)) $info[$conf->global->LDAP_MEMBER_FIELD_TOWN] = $this->town; + if ($this->country_code && ! empty($conf->global->LDAP_MEMBER_FIELD_COUNTRY)) $info[$conf->global->LDAP_MEMBER_FIELD_COUNTRY] = $this->country_code; + if ($this->skype && ! empty($conf->global->LDAP_MEMBER_FIELD_SKYPE)) $info[$conf->global->LDAP_MEMBER_FIELD_SKYPE] = $this->skype; + if ($this->phone && ! empty($conf->global->LDAP_MEMBER_FIELD_PHONE)) $info[$conf->global->LDAP_MEMBER_FIELD_PHONE] = $this->phone; + if ($this->phone_perso && ! empty($conf->global->LDAP_MEMBER_FIELD_PHONE_PERSO)) $info[$conf->global->LDAP_MEMBER_FIELD_PHONE_PERSO] = $this->phone_perso; + if ($this->phone_mobile && ! empty($conf->global->LDAP_MEMBER_FIELD_MOBILE)) $info[$conf->global->LDAP_MEMBER_FIELD_MOBILE] = $this->phone_mobile; + if ($this->fax && ! empty($conf->global->LDAP_MEMBER_FIELD_FAX)) $info[$conf->global->LDAP_MEMBER_FIELD_FAX] = $this->fax; + if ($this->note_private && ! empty($conf->global->LDAP_MEMBER_FIELD_DESCRIPTION)) $info[$conf->global->LDAP_MEMBER_FIELD_DESCRIPTION] = $this->note_private; + if ($this->note_public && ! empty($conf->global->LDAP_MEMBER_FIELD_NOTE_PUBLIC)) $info[$conf->global->LDAP_MEMBER_FIELD_NOTE_PUBLIC] = $this->note_public; + if ($this->birth && ! empty($conf->global->LDAP_MEMBER_FIELD_BIRTHDATE)) $info[$conf->global->LDAP_MEMBER_FIELD_BIRTHDATE] = dol_print_date($this->birth,'dayhourldap'); + if (isset($this->statut) && ! empty($conf->global->LDAP_FIELD_MEMBER_STATUS)) $info[$conf->global->LDAP_FIELD_MEMBER_STATUS] = $this->statut; + if ($this->datefin && ! empty($conf->global->LDAP_FIELD_MEMBER_END_LASTSUBSCRIPTION)) $info[$conf->global->LDAP_FIELD_MEMBER_END_LASTSUBSCRIPTION] = dol_print_date($this->datefin,'dayhourldap'); + + // When password is modified + if (! empty($this->pass)) + { + if (! empty($conf->global->LDAP_MEMBER_FIELD_PASSWORD)) $info[$conf->global->LDAP_MEMBER_FIELD_PASSWORD] = $this->pass; // this->pass = mot de passe non crypte + if (! empty($conf->global->LDAP_MEMBER_FIELD_PASSWORD_CRYPTED)) $info[$conf->global->LDAP_MEMBER_FIELD_PASSWORD_CRYPTED] = dol_hash($this->pass, 4); // Create OpenLDAP MD5 password (TODO add type of encryption) + } + // Set LDAP password if possible + else if ($conf->global->LDAP_SERVER_PROTOCOLVERSION !== '3') // If ldap key is modified and LDAPv3 we use ldap_rename function for avoid lose encrypt password + { + if (! empty($conf->global->DATABASE_PWD_ENCRYPTED)) + { + // Just for the default MD5 ! + if (empty($conf->global->MAIN_SECURITY_HASH_ALGO)) + { + if ($this->pass_indatabase_crypted && ! empty($conf->global->LDAP_MEMBER_FIELD_PASSWORD_CRYPTED)) { + $info[$conf->global->LDAP_MEMBER_FIELD_PASSWORD_CRYPTED] = dol_hash($this->pass_indatabase_crypted, 5); // Create OpenLDAP MD5 password from Dolibarr MD5 password + } + } + } + // Use $this->pass_indatabase value if exists + else if (! empty($this->pass_indatabase)) + { + if (! empty($conf->global->LDAP_MEMBER_FIELD_PASSWORD)) $info[$conf->global->LDAP_MEMBER_FIELD_PASSWORD] = $this->pass_indatabase; // $this->pass_indatabase = mot de passe non crypte + if (! empty($conf->global->LDAP_MEMBER_FIELD_PASSWORD_CRYPTED)) $info[$conf->global->LDAP_MEMBER_FIELD_PASSWORD_CRYPTED] = dol_hash($this->pass_indatabase, 4); // md5 for OpenLdap TODO add type of encryption + } + } + + // Subscriptions + if ($this->first_subscription_date && ! empty($conf->global->LDAP_FIELD_MEMBER_FIRSTSUBSCRIPTION_DATE)) $info[$conf->global->LDAP_FIELD_MEMBER_FIRSTSUBSCRIPTION_DATE] = dol_print_date($this->first_subscription_date,'dayhourldap'); + if (isset($this->first_subscription_amount) && ! empty($conf->global->LDAP_FIELD_MEMBER_FIRSTSUBSCRIPTION_AMOUNT)) $info[$conf->global->LDAP_FIELD_MEMBER_FIRSTSUBSCRIPTION_AMOUNT] = $this->first_subscription_amount; + if ($this->last_subscription_date && ! empty($conf->global->LDAP_FIELD_MEMBER_LASTSUBSCRIPTION_DATE)) $info[$conf->global->LDAP_FIELD_MEMBER_LASTSUBSCRIPTION_DATE] = dol_print_date($this->last_subscription_date,'dayhourldap'); + if (isset($this->last_subscription_amount) && ! empty($conf->global->LDAP_FIELD_MEMBER_LASTSUBSCRIPTION_AMOUNT)) $info[$conf->global->LDAP_FIELD_MEMBER_LASTSUBSCRIPTION_AMOUNT] = $this->last_subscription_amount; + + return $info; + } /** diff --git a/htdocs/adherents/ldap.php b/htdocs/adherents/ldap.php index 89985c51f0c..ff0bad063bd 100644 --- a/htdocs/adherents/ldap.php +++ b/htdocs/adherents/ldap.php @@ -59,26 +59,23 @@ if (! $result) if ($action == 'dolibarr2ldap') { - $db->begin(); - $ldap=new Ldap(); $result=$ldap->connect_bind(); - $info=$object->_load_ldap_info(); - $dn=$object->_load_ldap_dn($info); - $olddn=$dn; // We can say that old dn = dn as we force synchro - - $result=$ldap->update($dn,$info,$user,$olddn); - - if ($result >= 0) + if ($result > 0) { - setEventMessages($langs->trans("MemberSynchronized"), null, 'mesgs'); - $db->commit(); + $info=$object->_load_ldap_info(); + $dn=$object->_load_ldap_dn($info); + $olddn=$dn; // We can say that old dn = dn as we force synchro + + $result=$ldap->update($dn,$info,$user,$olddn); } - else - { + + if ($result >= 0) { + setEventMessages($langs->trans("MemberSynchronized"), null, 'mesgs'); + } + else { setEventMessages($ldap->errors, $ldap->error, 'errors'); - $db->rollback(); } } diff --git a/htdocs/admin/ldap_members.php b/htdocs/admin/ldap_members.php index cad37cc4ccc..da04c852b2f 100644 --- a/htdocs/admin/ldap_members.php +++ b/htdocs/admin/ldap_members.php @@ -1,10 +1,10 @@ - * Copyright (C) 2004 Sebastien Di Cintio - * Copyright (C) 2004 Benoit Mortier - * Copyright (C) 2005 Regis Houssin - * Copyright (C) 2006-2008 Laurent Destailleur - * Copyright (C) 2011-2013 Juanjo Menent +/* Copyright (C) 2004 Rodolphe Quiedeville + * Copyright (C) 2004 Sebastien Di Cintio + * Copyright (C) 2004 Benoit Mortier + * Copyright (C) 2005-2017 Regis Houssin + * Copyright (C) 2006-2008 Laurent Destailleur + * Copyright (C) 2011-2013 Juanjo Menent * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -68,6 +68,7 @@ if ($action == 'setvalue' && $user->admin) if (! dolibarr_set_const($db, 'LDAP_MEMBER_FIELD_MOBILE',GETPOST("fieldmobile"),'chaine',0,'',$conf->entity)) $error++; if (! dolibarr_set_const($db, 'LDAP_MEMBER_FIELD_SKYPE',GETPOST("fieldskype"),'chaine',0,'',$conf->entity)) $error++; if (! dolibarr_set_const($db, 'LDAP_MEMBER_FIELD_FAX',GETPOST("fieldfax"),'chaine',0,'',$conf->entity)) $error++; + if (! dolibarr_set_const($db, 'LDAP_MEMBER_FIELD_COMPANY',GETPOST("fieldcompany"),'chaine',0,'',$conf->entity)) $error++; if (! dolibarr_set_const($db, 'LDAP_MEMBER_FIELD_ADDRESS',GETPOST("fieldaddress"),'chaine',0,'',$conf->entity)) $error++; if (! dolibarr_set_const($db, 'LDAP_MEMBER_FIELD_ZIP',GETPOST("fieldzip"),'chaine',0,'',$conf->entity)) $error++; if (! dolibarr_set_const($db, 'LDAP_MEMBER_FIELD_TOWN',GETPOST("fieldtown"),'chaine',0,'',$conf->entity)) $error++; @@ -282,6 +283,14 @@ print ''.$langs->trans("LDAPFieldFaxExample").''; print ' '; print ''; +// Company + +print ''.$langs->trans("LDAPFieldCompany").''; +print ''; +print ''.$langs->trans("LDAPFieldCompanyExample").''; +print ' '; +print ''; + // Address print ''.$langs->trans("LDAPFieldAddress").''; diff --git a/htdocs/admin/ldap_users.php b/htdocs/admin/ldap_users.php index a0866c1305a..30ec8d8153c 100644 --- a/htdocs/admin/ldap_users.php +++ b/htdocs/admin/ldap_users.php @@ -65,6 +65,11 @@ if ($action == 'setvalue' && $user->admin) if (! dolibarr_set_const($db, 'LDAP_FIELD_MOBILE',GETPOST("fieldmobile"),'chaine',0,'',$conf->entity)) $error++; if (! dolibarr_set_const($db, 'LDAP_FIELD_SKYPE',GETPOST("fieldskype"),'chaine',0,'',$conf->entity)) $error++; if (! dolibarr_set_const($db, 'LDAP_FIELD_FAX',GETPOST("fieldfax"),'chaine',0,'',$conf->entity)) $error++; + if (! dolibarr_set_const($db, 'LDAP_FIELD_COMPANY',GETPOST("fieldcompany"),'chaine',0,'',$conf->entity)) $error++; + if (! dolibarr_set_const($db, 'LDAP_FIELD_ADDRESS',GETPOST("fieldaddress"),'chaine',0,'',$conf->entity)) $error++; + if (! dolibarr_set_const($db, 'LDAP_FIELD_ZIP',GETPOST("fieldzip"),'chaine',0,'',$conf->entity)) $error++; + if (! dolibarr_set_const($db, 'LDAP_FIELD_TOWN',GETPOST("fieldtown"),'chaine',0,'',$conf->entity)) $error++; + if (! dolibarr_set_const($db, 'LDAP_FIELD_COUNTRY',GETPOST("fieldcountry"),'chaine',0,'',$conf->entity)) $error++; if (! dolibarr_set_const($db, 'LDAP_FIELD_DESCRIPTION',GETPOST("fielddescription"),'chaine',0,'',$conf->entity)) $error++; if (! dolibarr_set_const($db, 'LDAP_FIELD_SID',GETPOST("fieldsid"),'chaine',0,'',$conf->entity)) $error++; if (! dolibarr_set_const($db, 'LDAP_FIELD_TITLE',GETPOST("fieldtitle"),'chaine',0,'',$conf->entity)) $error++; @@ -208,7 +213,7 @@ print ''; print ''.$langs->trans("LDAPFieldPasswordNotCrypted").''; print ''; print ''.$langs->trans("LDAPFieldPasswordExample").''; -print 'global->LDAP_KEY_USERS && $conf->global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_PASSWORD)?' checked':'').">"; +print ' '; print ''; // Password crypted @@ -216,7 +221,7 @@ print ''; print ''.$langs->trans("LDAPFieldPasswordCrypted").''; print ''; print ''.$langs->trans("LDAPFieldPasswordExample").''; -print 'global->LDAP_KEY_USERS && $conf->global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_PASSWORD_CRYPTED)?' checked':'').">"; +print ' '; print ''; // Mail @@ -259,12 +264,52 @@ print ''.$langs->trans("LDAPFieldFaxExample").''; print 'global->LDAP_KEY_USERS && $conf->global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_FAX)?' checked':'').">"; print ''; +// Company + +print ''.$langs->trans("LDAPFieldCompany").''; +print ''; +print ''.$langs->trans("LDAPFieldCompanyExample").''; +print ' '; +print ''; + +// Address + +print ''.$langs->trans("LDAPFieldAddress").''; +print ''; +print ''.$langs->trans("LDAPFieldAddressExample").''; +print ' '; +print ''; + +// ZIP + +print ''.$langs->trans("LDAPFieldZip").''; +print ''; +print ''.$langs->trans("LDAPFieldZipExample").''; +print ' '; +print ''; + +// TOWN + +print ''.$langs->trans("LDAPFieldTown").''; +print ''; +print ''.$langs->trans("LDAPFieldTownExample").''; +print ' '; +print ''; + +// COUNTRY + +print ''.$langs->trans("LDAPFieldCountry").''; +print ''; +print ' '; +print ' '; +print ''; + // Title print ''.$langs->trans("LDAPFieldTitle").''; print ''; print ''.$langs->trans("LDAPFieldTitleExample").''; -print 'global->LDAP_KEY_USERS && $conf->global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_TITLE)?' checked':'').">"; +print ' '; print ''; // Note @@ -272,7 +317,7 @@ print ''; print ''.$langs->trans("Note").''; print ''; print ''.$langs->trans("LDAPFieldDescriptionExample").''; -print 'global->LDAP_KEY_USERS && $conf->global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_DESCRIPTION)?' checked':'').">"; +print ' '; print ''; // Sid diff --git a/htdocs/core/class/comment.class.php b/htdocs/core/class/comment.class.php index 870c4f4bccd..86c1da0af2d 100644 --- a/htdocs/core/class/comment.class.php +++ b/htdocs/core/class/comment.class.php @@ -298,7 +298,7 @@ class Comment extends CommonObject $sql.= " c.rowid"; $sql.= " FROM ".MAIN_DB_PREFIX."comment as c"; $sql.= " WHERE c.fk_element = ".$fk_element; - $sql.= " AND c.element_type = '".$element_type."'"; + $sql.= " AND c.element_type = '".$this->db->escape($element_type)."'"; $sql.= " AND c.entity = ".$conf->entity; $sql.= " ORDER BY c.tms DESC"; diff --git a/htdocs/core/class/ldap.class.php b/htdocs/core/class/ldap.class.php index 64e6f9fd5ef..930a9f10997 100644 --- a/htdocs/core/class/ldap.class.php +++ b/htdocs/core/class/ldap.class.php @@ -402,10 +402,10 @@ class Ldap * Add a LDAP entry * Ldap object connect and bind must have been done * - * @param string $dn DN entry key - * @param array $info Attributes array + * @param string $dn DN entry key + * @param array $info Attributes array * @param User $user Objet user that create - * @return int <0 if KO, >0 if OK + * @return int <0 if KO, >0 if OK */ function add($dn, $info, $user) { @@ -458,7 +458,7 @@ class Ldap * * @param string $dn DN entry key * @param array $info Attributes array - * @param string $user Objet user that modify + * @param User $user Objet user that modify * @return int <0 if KO, >0 if OK */ function modify($dn, $info, $user) @@ -504,17 +504,69 @@ class Ldap } } + /** + * Rename a LDAP entry + * Ldap object connect and bind must have been done + * + * @param string $dn Old DN entry key (uid=qqq,ou=xxx,dc=aaa,dc=bbb) (before update) + * @param string $newrdn New RDN entry key (uid=qqq) + * @param string $newparent New parent (ou=xxx,dc=aaa,dc=bbb) + * @param User $user Objet user that modify + * @param bool $deleteoldrdn If TRUE the old RDN value(s) is removed, else the old RDN value(s) is retained as non-distinguished values of the entry. + * @return int <0 if KO, >0 if OK + */ + function rename($dn, $newrdn, $newparent, $user, $deleteoldrdn = true) + { + global $conf; + + dol_syslog(get_class($this)."::modify dn=".$dn." newrdn=".$newrdn." newparent=".$newparent." deleteoldrdn=".($deleteoldrdn?1:0)); + + // Check parameters + if (! $this->connection) + { + $this->error="NotConnected"; + return -2; + } + if (! $this->bind) + { + $this->error="NotConnected"; + return -3; + } + + // Encode to LDAP page code + $dn=$this->convFromOutputCharset($dn,$this->ldapcharset); + $newrdn=$this->convFromOutputCharset($newrdn,$this->ldapcharset); + $newparent=$this->convFromOutputCharset($newparent,$this->ldapcharset); + + //print_r($info); + $result=@ldap_rename($this->connection, $dn, $newrdn, $newparent, $deleteoldrdn); + + if ($result) + { + dol_syslog(get_class($this)."::rename successfull", LOG_DEBUG); + return 1; + } + else + { + $this->error=@ldap_error($this->connection); + dol_syslog(get_class($this)."::rename failed: ".$this->error, LOG_ERR); + return -1; + } + } + /** * Modify a LDAP entry (to use if dn != olddn) * Ldap object connect and bind must have been done * - * @param string $dn DN entry key - * @param array $info Attributes array - * @param User $user Objet user that update - * @param string $olddn Old DN entry key (before update) - * @return int <0 if KO, >0 if OK + * @param string $dn DN entry key + * @param array $info Attributes array + * @param User $user Objet user that update + * @param string $olddn Old DN entry key (before update) + * @param string $newrdn New RDN entry key (uid=qqq) (for ldap_rename) + * @param string $newparent New parent (ou=xxx,dc=aaa,dc=bbb) (for ldap_rename) + * @return int <0 if KO, >0 if OK */ - function update($dn,$info,$user,$olddn) + function update($dn, $info, $user, $olddn, $newrdn=false, $newparent=false) { global $conf; @@ -534,9 +586,17 @@ class Ldap if (! $olddn || $olddn != $dn) { - // If change we make is rename the key of LDAP record, we create new one and if ok, we delete old one. - $result = $this->add($dn, $info, $user); - if ($result > 0 && $olddn && $olddn != $dn) $result = $this->delete($olddn); // If add fails, we do not try to delete old one + if (! empty($olddn) && ! empty($newrdn) && ! empty($newparent) && $conf->global->LDAP_SERVER_PROTOCOLVERSION === '3') + { + // This function currently only works with LDAPv3 + $result = $this->rename($olddn, $newrdn, $newparent, $user, true); + } + else + { + // If change we make is rename the key of LDAP record, we create new one and if ok, we delete old one. + $result = $this->add($dn, $info, $user); + if ($result > 0 && $olddn && $olddn != $dn) $result = $this->delete($olddn); // If add fails, we do not try to delete old one + } } else { @@ -1241,7 +1301,7 @@ class Ldap $this->firstname = $this->convToOutputCharset($result[0][$this->attr_firstname][0],$this->ldapcharset); $this->login = $this->convToOutputCharset($result[0][$this->attr_login][0],$this->ldapcharset); $this->phone = $this->convToOutputCharset($result[0][$this->attr_phone][0],$this->ldapcharset); - $this->skype = $this->convToOutputCharset($result[0][$this->attr_skype][0],$this->ldapcharset); + $this->skype = $this->convToOutputCharset($result[0][$this->attr_skype][0],$this->ldapcharset); $this->fax = $this->convToOutputCharset($result[0][$this->attr_fax][0],$this->ldapcharset); $this->mail = $this->convToOutputCharset($result[0][$this->attr_mail][0],$this->ldapcharset); $this->mobile = $this->convToOutputCharset($result[0][$this->attr_mobile][0],$this->ldapcharset); @@ -1298,27 +1358,29 @@ class Ldap function parseUACF($uacf) { //All flags array - $flags = array( "TRUSTED_TO_AUTH_FOR_DELEGATION" => 16777216, - "PASSWORD_EXPIRED" => 8388608, - "DONT_REQ_PREAUTH" => 4194304, - "USE_DES_KEY_ONLY" => 2097152, - "NOT_DELEGATED" => 1048576, - "TRUSTED_FOR_DELEGATION" => 524288, - "SMARTCARD_REQUIRED" => 262144, - "MNS_LOGON_ACCOUNT" => 131072, - "DONT_EXPIRE_PASSWORD" => 65536, - "SERVER_TRUST_ACCOUNT" => 8192, - "WORKSTATION_TRUST_ACCOUNT" => 4096, - "INTERDOMAIN_TRUST_ACCOUNT" => 2048, - "NORMAL_ACCOUNT" => 512, - "TEMP_DUPLICATE_ACCOUNT" => 256, - "ENCRYPTED_TEXT_PWD_ALLOWED" => 128, - "PASSWD_CANT_CHANGE" => 64, - "PASSWD_NOTREQD" => 32, - "LOCKOUT" => 16, - "HOMEDIR_REQUIRED" => 8, - "ACCOUNTDISABLE" => 2, - "SCRIPT" => 1); + $flags = array( + "TRUSTED_TO_AUTH_FOR_DELEGATION" => 16777216, + "PASSWORD_EXPIRED" => 8388608, + "DONT_REQ_PREAUTH" => 4194304, + "USE_DES_KEY_ONLY" => 2097152, + "NOT_DELEGATED" => 1048576, + "TRUSTED_FOR_DELEGATION" => 524288, + "SMARTCARD_REQUIRED" => 262144, + "MNS_LOGON_ACCOUNT" => 131072, + "DONT_EXPIRE_PASSWORD" => 65536, + "SERVER_TRUST_ACCOUNT" => 8192, + "WORKSTATION_TRUST_ACCOUNT" => 4096, + "INTERDOMAIN_TRUST_ACCOUNT" => 2048, + "NORMAL_ACCOUNT" => 512, + "TEMP_DUPLICATE_ACCOUNT" => 256, + "ENCRYPTED_TEXT_PWD_ALLOWED" => 128, + "PASSWD_CANT_CHANGE" => 64, + "PASSWD_NOTREQD" => 32, + "LOCKOUT" => 16, + "HOMEDIR_REQUIRED" => 8, + "ACCOUNTDISABLE" => 2, + "SCRIPT" => 1 + ); //Parse flags to text $retval = array(); @@ -1341,13 +1403,15 @@ class Ldap */ function parseSAT($samtype) { - $stypes = array( 805306368 => "NORMAL_ACCOUNT", - 805306369 => "WORKSTATION_TRUST", - 805306370 => "INTERDOMAIN_TRUST", - 268435456 => "SECURITY_GLOBAL_GROUP", - 268435457 => "DISTRIBUTION_GROUP", - 536870912 => "SECURITY_LOCAL_GROUP", - 536870913 => "DISTRIBUTION_LOCAL_GROUP"); + $stypes = array( + 805306368 => "NORMAL_ACCOUNT", + 805306369 => "WORKSTATION_TRUST", + 805306370 => "INTERDOMAIN_TRUST", + 268435456 => "SECURITY_GLOBAL_GROUP", + 268435457 => "DISTRIBUTION_GROUP", + 536870912 => "SECURITY_LOCAL_GROUP", + 536870913 => "DISTRIBUTION_LOCAL_GROUP" + ); $retval = ""; while (list($sat, $val) = each($stypes)) { @@ -1422,7 +1486,7 @@ class Ldap $search='('.$conf->global->$keygroup.'=*)'; $result = $this->search($this->groups,$search); - if($result) + if ($result) { $c = $result['count']; $gids = array(); diff --git a/htdocs/core/lib/contact.lib.php b/htdocs/core/lib/contact.lib.php index f951439f0c5..f1d721b62e6 100644 --- a/htdocs/core/lib/contact.lib.php +++ b/htdocs/core/lib/contact.lib.php @@ -1,6 +1,6 @@ - * Copyright (C) 2010-2012 Regis Houssin + * Copyright (C) 2010-2017 Regis Houssin * Copyright (C) 2015 Frederic France * Copyright (C) 2015 Raphaël Doursenaud * @@ -42,7 +42,8 @@ function contact_prepare_head(Contact $object) $head[$tab][2] = 'card'; $tab++; - if (! empty($conf->ldap->enabled) && ! empty($conf->global->LDAP_CONTACT_ACTIVE)) + if ((! empty($conf->ldap->enabled) && ! empty($conf->global->LDAP_CONTACT_ACTIVE)) + && (empty($conf->global->MAIN_DISABLE_LDAP_TAB) || ! empty($user->admin))) { $langs->load("ldap"); @@ -94,7 +95,7 @@ function contact_prepare_head(Contact $object) } $head[$tab][2] = 'agenda'; $tab++; - + // Log /* $head[$tab][0] = DOL_URL_ROOT.'/contact/info.php?id='.$object->id; diff --git a/htdocs/core/lib/member.lib.php b/htdocs/core/lib/member.lib.php index 7e5e5e0c604..4da1ed91fae 100644 --- a/htdocs/core/lib/member.lib.php +++ b/htdocs/core/lib/member.lib.php @@ -1,7 +1,8 @@ - * Copyright (C) 2015-2016 Alexandre Spangaro - * Copyright (C) 2015 Raphaël Doursenaud +/* Copyright (C) 2006-2015 Laurent Destailleur + * Copyright (C) 2015-2016 Alexandre Spangaro + * Copyright (C) 2015 Raphaël Doursenaud + * Copyright (C) 2017 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -41,7 +42,8 @@ function member_prepare_head(Adherent $object) $head[$h][2] = 'general'; $h++; - if (! empty($conf->ldap->enabled) && ! empty($conf->global->LDAP_MEMBER_ACTIVE)) + if ((! empty($conf->ldap->enabled) && ! empty($conf->global->LDAP_MEMBER_ACTIVE)) + && (empty($conf->global->MAIN_DISABLE_LDAP_TAB) || ! empty($user->admin))) { $langs->load("ldap"); @@ -124,7 +126,8 @@ function member_type_prepare_head(AdherentType $object) $head[$h][2] = 'card'; $h++; - if (! empty($conf->ldap->enabled) && ! empty($conf->global->LDAP_MEMBER_TYPE_ACTIVE)) + if ((! empty($conf->ldap->enabled) && ! empty($conf->global->LDAP_MEMBER_TYPE_ACTIVE)) + && (empty($conf->global->MAIN_DISABLE_LDAP_TAB) || ! empty($user->admin))) { $langs->load("ldap"); diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index 8635c9f3a1b..6f5cc75c39b 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -87,7 +87,8 @@ function dol_hash($chain,$type=0) if ($type == 1) return sha1($chain); else if ($type == 2) return sha1(md5($chain)); else if ($type == 3) return md5($chain); - else if ($type == 4) return '{md5}'.base64_encode(mhash(MHASH_MD5,$chain)); // For OpenLdap with md5 + else if ($type == 4) return '{md5}'.base64_encode(mhash(MHASH_MD5,$chain)); // For OpenLdap with md5 (based on an unencrypted password in base) + else if ($type == 5) return '{md5}'.base64_encode(hex2bin($chain)); // For OpenLdap with md5 (based on a md5 encrypted password in base) else if (! empty($conf->global->MAIN_SECURITY_HASH_ALGO) && $conf->global->MAIN_SECURITY_HASH_ALGO == 'sha1') return sha1($chain); else if (! empty($conf->global->MAIN_SECURITY_HASH_ALGO) && $conf->global->MAIN_SECURITY_HASH_ALGO == 'sha1md5') return sha1(md5($chain)); diff --git a/htdocs/core/lib/usergroups.lib.php b/htdocs/core/lib/usergroups.lib.php index f39e6ecd628..04bfa5666e2 100644 --- a/htdocs/core/lib/usergroups.lib.php +++ b/htdocs/core/lib/usergroups.lib.php @@ -50,13 +50,14 @@ function user_prepare_head($object) $head[$h][2] = 'user'; $h++; - if (! empty($conf->ldap->enabled) && ! empty($conf->global->LDAP_SYNCHRO_ACTIVE)) + if ((! empty($conf->ldap->enabled) && ! empty($conf->global->LDAP_SYNCHRO_ACTIVE)) + && (empty($conf->global->MAIN_DISABLE_LDAP_TAB) || ! empty($user->admin))) { $langs->load("ldap"); - $head[$h][0] = DOL_URL_ROOT.'/user/ldap.php?id='.$object->id; - $head[$h][1] = $langs->trans("LDAPCard"); - $head[$h][2] = 'ldap'; - $h++; + $head[$h][0] = DOL_URL_ROOT.'/user/ldap.php?id='.$object->id; + $head[$h][1] = $langs->trans("LDAPCard"); + $head[$h][2] = 'ldap'; + $h++; } $head[$h][0] = DOL_URL_ROOT.'/user/param_ihm.php?id='.$object->id; @@ -210,13 +211,14 @@ function group_prepare_head($object) $head[$h][2] = 'group'; $h++; - if (! empty($conf->ldap->enabled) && ! empty($conf->global->LDAP_SYNCHRO_ACTIVE)) + if ((! empty($conf->ldap->enabled) && ! empty($conf->global->LDAP_SYNCHRO_ACTIVE)) + && (empty($conf->global->MAIN_DISABLE_LDAP_TAB) || ! empty($user->admin))) { $langs->load("ldap"); - $head[$h][0] = DOL_URL_ROOT.'/user/group/ldap.php?id='.$object->id; - $head[$h][1] = $langs->trans("LDAPCard"); - $head[$h][2] = 'ldap'; - $h++; + $head[$h][0] = DOL_URL_ROOT.'/user/group/ldap.php?id='.$object->id; + $head[$h][1] = $langs->trans("LDAPCard"); + $head[$h][2] = 'ldap'; + $h++; } if ($canreadperms) diff --git a/htdocs/core/triggers/interface_50_modLdap_Ldapsynchro.class.php b/htdocs/core/triggers/interface_50_modLdap_Ldapsynchro.class.php index a906ec821ed..1e9c2c2ec31 100644 --- a/htdocs/core/triggers/interface_50_modLdap_Ldapsynchro.class.php +++ b/htdocs/core/triggers/interface_50_modLdap_Ldapsynchro.class.php @@ -51,7 +51,8 @@ class InterfaceLdapsynchro extends DolibarrTriggers */ public function runTrigger($action, $object, User $user, Translate $langs, Conf $conf) { - if (empty($conf->ldap->enabled)) return 0; // Module not active, we do nothing + if (empty($conf->ldap->enabled)) return 0; // Module not active, we do nothing + if (defined('DISABLE_LDAP_SYNCHRO')) return 0; // If constant defined, we do nothing if (! function_exists('ldap_connect')) { @@ -111,8 +112,10 @@ class InterfaceLdapsynchro extends DolibarrTriggers $info=$object->_load_ldap_info(); $dn=$object->_load_ldap_dn($info); + $newrdn=$object->_load_ldap_dn($info,2); + $newparent=$object->_load_ldap_dn($info,1); - $result=$ldap->update($dn,$info,$user,$olddn); + $result=$ldap->update($dn,$info,$user,$olddn,$newrdn,$newparent); } if ($result < 0) $this->error="ErrorLDAP ".$ldap->error; @@ -544,8 +547,10 @@ class InterfaceLdapsynchro extends DolibarrTriggers $info=$object->_load_ldap_info(); $dn=$object->_load_ldap_dn($info); + $newrdn=$object->_load_ldap_dn($info,2); + $newparent=$object->_load_ldap_dn($info,1); - $result=$ldap->update($dn,$info,$user,$olddn); + $result=$ldap->update($dn,$info,$user,$olddn,$newrdn,$newparent); // For member type if (! empty($conf->global->LDAP_MEMBER_TYPE_ACTIVE) && (string) $conf->global->LDAP_MEMBER_TYPE_ACTIVE == '1') diff --git a/htdocs/user/card.php b/htdocs/user/card.php index 264b8665730..ed2ae731fd3 100644 --- a/htdocs/user/card.php +++ b/htdocs/user/card.php @@ -45,17 +45,16 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formother.class.php'; if (! empty($conf->ldap->enabled)) require_once DOL_DOCUMENT_ROOT.'/core/class/ldap.class.php'; if (! empty($conf->adherent->enabled)) require_once DOL_DOCUMENT_ROOT.'/adherents/class/adherent.class.php'; -if (! empty($conf->multicompany->enabled)) dol_include_once('/multicompany/class/actions_multicompany.class.php'); if (! empty($conf->categorie->enabled)) require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php'; if (!empty($conf->global->MAIN_USE_EXPENSE_IK)) require_once DOL_DOCUMENT_ROOT.'/expensereport/class/expensereport_ik.class.php'; $id = GETPOST('id','int'); $action = GETPOST('action','alpha'); $mode = GETPOST('mode','alpha'); -$confirm = GETPOST('confirm','alpha'); +$confirm = GETPOST('confirm','alpha'); $subaction = GETPOST('subaction','alpha'); $group = GETPOST("group","int",3); -$cancel = GETPOST('cancel','alpha'); +$cancel = GETPOST('cancel','alpha'); // Users/Groups management only in master entity if transverse mode if (($action == 'create' || $action == 'adduserldap') && ! empty($conf->multicompany->enabled) && $conf->entity > 1 && $conf->global->MULTICOMPANY_TRANSVERSE_MODE) @@ -291,10 +290,10 @@ if (empty($reshook)) { $object->fetch($id); if ($action == 'addgroup') { - $object->SetInGroup($group, (! empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE) ? GETPOST('entity', 'int') : $editgroup->entity)); + $result = $object->SetInGroup($group, (! empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE) ? GETPOST('entity', 'int') : $editgroup->entity)); } if ($action == 'removegroup') { - $object->RemoveFromGroup($group, (! empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE) ? GETPOST('entity', 'int') : $editgroup->entity)); + $result = $object->RemoveFromGroup($group, (! empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE) ? GETPOST('entity', 'int') : $editgroup->entity)); } if ($result > 0) { diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php index df3b0d626c1..a98cd859dc5 100644 --- a/htdocs/user/class/user.class.php +++ b/htdocs/user/class/user.class.php @@ -2267,8 +2267,8 @@ class User extends CommonObject * * @param array $info Info array loaded by _load_ldap_info * @param int $mode 0=Return full DN (uid=qqq,ou=xxx,dc=aaa,dc=bbb) - * 1= - * 2=Return key only (uid=qqq) + * 1=Return parent (ou=xxx,dc=aaa,dc=bbb) + * 2=Return key only (RDN) (uid=qqq) * @return string DN */ function _load_ldap_dn($info,$mode=0) @@ -2291,40 +2291,83 @@ class User extends CommonObject global $conf,$langs; $info=array(); + $keymodified=false; // Object classes $info["objectclass"]=explode(',',$conf->global->LDAP_USER_OBJECT_CLASS); $this->fullname=$this->getFullName($langs); + // Possible LDAP KEY (constname => varname) + $ldapkey = array( + 'LDAP_FIELD_FULLNAME' => 'fullname', + 'LDAP_FIELD_NAME' => 'lastname', + 'LDAP_FIELD_FIRSTNAME' => 'firstname', + 'LDAP_FIELD_LOGIN' => 'login', + 'LDAP_FIELD_LOGIN_SAMBA' => 'login', + 'LDAP_FIELD_PHONE' => 'office_phone', + 'LDAP_FIELD_MOBILE' => 'user_mobile', + 'LDAP_FIELD_FAX' => 'office_fax', + 'LDAP_FIELD_MAIL' => 'email', + 'LDAP_FIELD_SID' => 'ldap_sid', + 'LDAP_FIELD_SKYPE' => 'skype' + ); + // Champs - if ($this->fullname && ! empty($conf->global->LDAP_FIELD_FULLNAME)) $info[$conf->global->LDAP_FIELD_FULLNAME] = $this->fullname; - if ($this->lastname && ! empty($conf->global->LDAP_FIELD_NAME)) $info[$conf->global->LDAP_FIELD_NAME] = $this->lastname; - if ($this->firstname && ! empty($conf->global->LDAP_FIELD_FIRSTNAME)) $info[$conf->global->LDAP_FIELD_FIRSTNAME] = $this->firstname; - if ($this->login && ! empty($conf->global->LDAP_FIELD_LOGIN)) $info[$conf->global->LDAP_FIELD_LOGIN] = $this->login; - if ($this->login && ! empty($conf->global->LDAP_FIELD_LOGIN_SAMBA)) $info[$conf->global->LDAP_FIELD_LOGIN_SAMBA] = $this->login; - if ($this->pass && ! empty($conf->global->LDAP_FIELD_PASSWORD)) $info[$conf->global->LDAP_FIELD_PASSWORD] = $this->pass; // this->pass = mot de passe non crypte - if ($this->pass && ! empty($conf->global->LDAP_FIELD_PASSWORD_CRYPTED)) $info[$conf->global->LDAP_FIELD_PASSWORD_CRYPTED] = dol_hash($this->pass, 4); // md5 for OpenLdap TODO add type of encryption - if ($this->ldap_sid && ! empty($conf->global->LDAP_FIELD_SID)) $info[$conf->global->LDAP_FIELD_SID] = $this->ldap_sid; - if ($this->societe_id > 0) + foreach ($ldapkey as $constname => $varname) + { + if (! empty($this->$varname) && ! empty($conf->global->$constname)) + { + $info[$conf->global->$constname] = $this->$varname; + + // Check if it is the LDAP key and if its value has been changed + if (! empty($conf->global->LDAP_KEY_USERS) && $conf->global->LDAP_KEY_USERS == $conf->global->$constname) + { + if (! empty($this->oldcopy) && $this->$varname != $this->oldcopy->$varname) $keymodified=true; // For check if LDAP key has been modified + } + } + } + if ($this->address && ! empty($conf->global->LDAP_FIELD_ADDRESS)) $info[$conf->global->LDAP_FIELD_ADDRESS] = $this->address; + if ($this->zip && ! empty($conf->global->LDAP_FIELD_ZIP)) $info[$conf->global->LDAP_FIELD_ZIP] = $this->zip; + if ($this->town && ! empty($conf->global->LDAP_FIELD_TOWN)) $info[$conf->global->LDAP_FIELD_TOWN] = $this->town; + if ($this->note_public && ! empty($conf->global->LDAP_FIELD_DESCRIPTION)) $info[$conf->global->LDAP_FIELD_DESCRIPTION] = $this->note_public; + if ($this->socid > 0) { $soc = new Societe($this->db); - $soc->fetch($this->societe_id); + $soc->fetch($this->socid); - $info["o"] = $soc->lastname; + $info[$conf->global->LDAP_FIELD_COMPANY] = $soc->name; if ($soc->client == 1) $info["businessCategory"] = "Customers"; if ($soc->client == 2) $info["businessCategory"] = "Prospects"; if ($soc->fournisseur == 1) $info["businessCategory"] = "Suppliers"; } - if ($this->address && ! empty($conf->global->LDAP_FIELD_ADDRESS)) $info[$conf->global->LDAP_FIELD_ADDRESS] = $this->address; - if ($this->zip && ! empty($conf->global->LDAP_FIELD_ZIP)) $info[$conf->global->LDAP_FIELD_ZIP] = $this->zip; - if ($this->town && ! empty($conf->global->LDAP_FIELD_TOWN)) $info[$conf->global->LDAP_FIELD_TOWN] = $this->town; - if ($this->office_phone && ! empty($conf->global->LDAP_FIELD_PHONE)) $info[$conf->global->LDAP_FIELD_PHONE] = $this->office_phone; - if ($this->user_mobile && ! empty($conf->global->LDAP_FIELD_MOBILE)) $info[$conf->global->LDAP_FIELD_MOBILE] = $this->user_mobile; - if ($this->office_fax && ! empty($conf->global->LDAP_FIELD_FAX)) $info[$conf->global->LDAP_FIELD_FAX] = $this->office_fax; - if ($this->note && ! empty($conf->global->LDAP_FIELD_DESCRIPTION)) $info[$conf->global->LDAP_FIELD_DESCRIPTION] = $this->note; - if ($this->email && ! empty($conf->global->LDAP_FIELD_MAIL)) $info[$conf->global->LDAP_FIELD_MAIL] = $this->email; - if ($this->skype && ! empty($conf->global->LDAP_FIELD_SKYPE)) $info[$conf->global->LDAP_FIELD_SKYPE] = $this->skype; + + // When password is modified + if (! empty($this->pass)) + { + if (! empty($conf->global->LDAP_FIELD_PASSWORD)) $info[$conf->global->LDAP_FIELD_PASSWORD] = $this->pass; // this->pass = mot de passe non crypte + if (! empty($conf->global->LDAP_FIELD_PASSWORD_CRYPTED)) $info[$conf->global->LDAP_FIELD_PASSWORD_CRYPTED] = dol_hash($this->pass, 4); // Create OpenLDAP MD5 password (TODO add type of encryption) + } + // Set LDAP password if possible + else if ($conf->global->LDAP_SERVER_PROTOCOLVERSION !== '3') // If ldap key is modified and LDAPv3 we use ldap_rename function for avoid lose encrypt password + { + if (! empty($conf->global->DATABASE_PWD_ENCRYPTED)) + { + // Just for the default MD5 ! + if (empty($conf->global->MAIN_SECURITY_HASH_ALGO)) + { + if ($this->pass_indatabase_crypted && ! empty($conf->global->LDAP_FIELD_PASSWORD_CRYPTED)) { + $info[$conf->global->LDAP_FIELD_PASSWORD_CRYPTED] = dol_hash($this->pass_indatabase_crypted, 5); // Create OpenLDAP MD5 password from Dolibarr MD5 password + } + } + } + // Use $this->pass_indatabase value if exists + else if (! empty($this->pass_indatabase)) + { + if (! empty($conf->global->LDAP_FIELD_PASSWORD)) $info[$conf->global->LDAP_FIELD_PASSWORD] = $this->pass_indatabase; // $this->pass_indatabase = mot de passe non crypte + if (! empty($conf->global->LDAP_FIELD_PASSWORD_CRYPTED)) $info[$conf->global->LDAP_FIELD_PASSWORD_CRYPTED] = dol_hash($this->pass_indatabase, 4); // md5 for OpenLdap TODO add type of encryption + } + } if ($conf->global->LDAP_SERVER_TYPE == 'egroupware') { diff --git a/htdocs/user/group/card.php b/htdocs/user/group/card.php index 678bd9f0ec2..a54c29ca8d7 100644 --- a/htdocs/user/group/card.php +++ b/htdocs/user/group/card.php @@ -29,7 +29,6 @@ require_once DOL_DOCUMENT_ROOT.'/user/class/usergroup.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/usergroups.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/extrafields.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php'; -if(! empty($conf->multicompany->enabled)) dol_include_once('/multicompany/class/actions_multicompany.class.php'); // Defini si peux lire/modifier utilisateurs et permisssions $canreadperms=($user->admin || $user->rights->user->user->lire); diff --git a/htdocs/user/index.php b/htdocs/user/index.php index 47b8bb4879e..91fe86517c6 100644 --- a/htdocs/user/index.php +++ b/htdocs/user/index.php @@ -26,9 +26,6 @@ */ require '../main.inc.php'; -if (! empty($conf->multicompany->enabled)) - dol_include_once('/multicompany/class/actions_multicompany.class.php', 'ActionsMulticompany'); - if (! $user->rights->user->user->lire && ! $user->admin) accessforbidden(); diff --git a/htdocs/user/ldap.php b/htdocs/user/ldap.php index 001915a8004..4e365582bf6 100644 --- a/htdocs/user/ldap.php +++ b/htdocs/user/ldap.php @@ -57,30 +57,29 @@ $parameters=array('id'=>$socid); $reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks if ($reshook < 0) setEventMessages($hookmanager->error, $hookmanager->errors, 'errors'); -if (empty($reshook)) { - if ($_GET["action"] == 'dolibarr2ldap') { - $db->begin(); +if (empty($reshook)) +{ + if ($_GET["action"] == 'dolibarr2ldap') + { + $ldap = new Ldap(); + $result = $ldap->connect_bind(); - $ldap = new Ldap(); - $result = $ldap->connect_bind(); + if ($result > 0) + { + $info = $object->_load_ldap_info(); + $dn = $object->_load_ldap_dn($info); + $olddn = $dn; // We can say that old dn = dn as we force synchro - $info = $object->_load_ldap_info(); - $dn = $object->_load_ldap_dn($info); - $olddn = $dn; // We can say that old dn = dn as we force synchro + $result = $ldap->update($dn, $info, $user, $olddn); + } - $result = $ldap->update($dn, $info, $user, $olddn); - - if ($result >= 0) - { - setEventMessages($langs->trans("UserSynchronized"), null, 'mesgs'); - $db->commit(); - } - else - { - setEventMessages($ldap->error, $ldap->errors, 'errors'); - $db->rollback(); - } - } + if ($result >= 0) { + setEventMessages($langs->trans("UserSynchronized"), null, 'mesgs'); + } + else { + setEventMessages($ldap->error, $ldap->errors, 'errors'); + } + } } /*