NEW add ldap_rename for avoid password if ldap key changed
This commit is contained in:
Regis Houssin
parent
59bf61f9b3
commit
723bc4d436
@ -2023,7 +2023,7 @@ class Adherent extends CommonObject
|
||||
if (! empty($conf->global->LDAP_MEMBER_FIELD_PASSWORD_CRYPTED)) $info[$conf->global->LDAP_MEMBER_FIELD_PASSWORD_CRYPTED] = dol_hash($this->pass, 4); // Create OpenLDAP MD5 password (TODO add type of encryption)
|
||||
}
|
||||
// Set LDAP password if possible
|
||||
else
|
||||
else if ($conf->global->LDAP_SERVER_PROTOCOLVERSION !== '3') // If ldap key is modified and LDAPv3 we use ldap_rename function for avoid lose encrypt password
|
||||
{
|
||||
if (! empty($conf->global->DATABASE_PWD_ENCRYPTED))
|
||||
{
|
||||
|
||||
@ -402,10 +402,10 @@ class Ldap
|
||||
* Add a LDAP entry
|
||||
* Ldap object connect and bind must have been done
|
||||
*
|
||||
* @param string $dn DN entry key
|
||||
* @param array $info Attributes array
|
||||
* @param string $dn DN entry key
|
||||
* @param array $info Attributes array
|
||||
* @param User $user Objet user that create
|
||||
* @return int <0 if KO, >0 if OK
|
||||
* @return int <0 if KO, >0 if OK
|
||||
*/
|
||||
function add($dn, $info, $user)
|
||||
{
|
||||
@ -458,7 +458,7 @@ class Ldap
|
||||
*
|
||||
* @param string $dn DN entry key
|
||||
* @param array $info Attributes array
|
||||
* @param string $user Objet user that modify
|
||||
* @param User $user Objet user that modify
|
||||
* @return int <0 if KO, >0 if OK
|
||||
*/
|
||||
function modify($dn, $info, $user)
|
||||
@ -504,17 +504,69 @@ class Ldap
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Rename a LDAP entry
|
||||
* Ldap object connect and bind must have been done
|
||||
*
|
||||
* @param string $dn Old DN entry key (uid=qqq,ou=xxx,dc=aaa,dc=bbb) (before update)
|
||||
* @param string $newrdn New RDN entry key (uid=qqq)
|
||||
* @param string $newparent New parent (ou=xxx,dc=aaa,dc=bbb)
|
||||
* @param bool $deleteoldrdn If TRUE the old RDN value(s) is removed, else the old RDN value(s) is retained as non-distinguished values of the entry.
|
||||
* @param User $user Objet user that modify
|
||||
* @return int <0 if KO, >0 if OK
|
||||
*/
|
||||
function rename($dn, $newrdn, $newparent, $deleteoldrdn = true, $user)
|
||||
{
|
||||
global $conf;
|
||||
|
||||
dol_syslog(get_class($this)."::modify dn=".$dn." newrdn=".$newrdn." newparent=".$newparent." deleteoldrdn=".($deleteoldrdn?1:0));
|
||||
|
||||
// Check parameters
|
||||
if (! $this->connection)
|
||||
{
|
||||
$this->error="NotConnected";
|
||||
return -2;
|
||||
}
|
||||
if (! $this->bind)
|
||||
{
|
||||
$this->error="NotConnected";
|
||||
return -3;
|
||||
}
|
||||
|
||||
// Encode to LDAP page code
|
||||
$dn=$this->convFromOutputCharset($dn,$this->ldapcharset);
|
||||
$newrdn=$this->convFromOutputCharset($newrdn,$this->ldapcharset);
|
||||
$newparent=$this->convFromOutputCharset($newparent,$this->ldapcharset);
|
||||
|
||||
//print_r($info);
|
||||
$result=@ldap_rename($this->connection, $dn, $newrdn, $newparent, $deleteoldrdn);
|
||||
|
||||
if ($result)
|
||||
{
|
||||
dol_syslog(get_class($this)."::rename successfull", LOG_DEBUG);
|
||||
return 1;
|
||||
}
|
||||
else
|
||||
{
|
||||
$this->error=@ldap_error($this->connection);
|
||||
dol_syslog(get_class($this)."::rename failed: ".$this->error, LOG_ERR);
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Modify a LDAP entry (to use if dn != olddn)
|
||||
* Ldap object connect and bind must have been done
|
||||
*
|
||||
* @param string $dn DN entry key
|
||||
* @param array $info Attributes array
|
||||
* @param User $user Objet user that update
|
||||
* @param string $olddn Old DN entry key (before update)
|
||||
* @return int <0 if KO, >0 if OK
|
||||
* @param string $dn DN entry key
|
||||
* @param array $info Attributes array
|
||||
* @param User $user Objet user that update
|
||||
* @param string $olddn Old DN entry key (before update)
|
||||
* @param string $newrdn New RDN entry key (uid=qqq) (for ldap_rename)
|
||||
* @param string $newparent New parent (ou=xxx,dc=aaa,dc=bbb) (for ldap_rename)
|
||||
* @return int <0 if KO, >0 if OK
|
||||
*/
|
||||
function update($dn,$info,$user,$olddn)
|
||||
function update($dn, $info, $user, $olddn, $newrdn=false, $newparent=false)
|
||||
{
|
||||
global $conf;
|
||||
|
||||
@ -534,9 +586,17 @@ class Ldap
|
||||
|
||||
if (! $olddn || $olddn != $dn)
|
||||
{
|
||||
// If change we make is rename the key of LDAP record, we create new one and if ok, we delete old one.
|
||||
$result = $this->add($dn, $info, $user);
|
||||
if ($result > 0 && $olddn && $olddn != $dn) $result = $this->delete($olddn); // If add fails, we do not try to delete old one
|
||||
if (! empty($olddn) && ! empty($newrdn) && ! empty($newparent) && $conf->global->LDAP_SERVER_PROTOCOLVERSION === '3')
|
||||
{
|
||||
// This function currently only works with LDAPv3
|
||||
$result = $this->rename($olddn, $newrdn, $newparent, true, $user);
|
||||
}
|
||||
else
|
||||
{
|
||||
// If change we make is rename the key of LDAP record, we create new one and if ok, we delete old one.
|
||||
$result = $this->add($dn, $info, $user);
|
||||
if ($result > 0 && $olddn && $olddn != $dn) $result = $this->delete($olddn); // If add fails, we do not try to delete old one
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
|
||||
@ -112,8 +112,10 @@ class InterfaceLdapsynchro extends DolibarrTriggers
|
||||
|
||||
$info=$object->_load_ldap_info();
|
||||
$dn=$object->_load_ldap_dn($info);
|
||||
$newrdn=$object->_load_ldap_dn($info,2);
|
||||
$newparent=$object->_load_ldap_dn($info,1);
|
||||
|
||||
$result=$ldap->update($dn,$info,$user,$olddn);
|
||||
$result=$ldap->update($dn,$info,$user,$olddn,$newrdn,$newparent);
|
||||
}
|
||||
|
||||
if ($result < 0) $this->error="ErrorLDAP ".$ldap->error;
|
||||
@ -545,8 +547,10 @@ class InterfaceLdapsynchro extends DolibarrTriggers
|
||||
|
||||
$info=$object->_load_ldap_info();
|
||||
$dn=$object->_load_ldap_dn($info);
|
||||
$newrdn=$object->_load_ldap_dn($info,2);
|
||||
$newparent=$object->_load_ldap_dn($info,1);
|
||||
|
||||
$result=$ldap->update($dn,$info,$user,$olddn);
|
||||
$result=$ldap->update($dn,$info,$user,$olddn,$newrdn,$newparent);
|
||||
|
||||
// For member type
|
||||
if (! empty($conf->global->LDAP_MEMBER_TYPE_ACTIVE) && (string) $conf->global->LDAP_MEMBER_TYPE_ACTIVE == '1')
|
||||
|
||||
@ -2262,8 +2262,8 @@ class User extends CommonObject
|
||||
*
|
||||
* @param array $info Info array loaded by _load_ldap_info
|
||||
* @param int $mode 0=Return full DN (uid=qqq,ou=xxx,dc=aaa,dc=bbb)
|
||||
* 1=
|
||||
* 2=Return key only (uid=qqq)
|
||||
* 1=Return parent (ou=xxx,dc=aaa,dc=bbb)
|
||||
* 2=Return key only (RDN) (uid=qqq)
|
||||
* @return string DN
|
||||
*/
|
||||
function _load_ldap_dn($info,$mode=0)
|
||||
@ -2344,7 +2344,7 @@ class User extends CommonObject
|
||||
if (! empty($conf->global->LDAP_FIELD_PASSWORD_CRYPTED)) $info[$conf->global->LDAP_FIELD_PASSWORD_CRYPTED] = dol_hash($this->pass, 4); // Create OpenLDAP MD5 password (TODO add type of encryption)
|
||||
}
|
||||
// Set LDAP password if possible
|
||||
else
|
||||
else if ($conf->global->LDAP_SERVER_PROTOCOLVERSION !== '3') // If ldap key is modified and LDAPv3 we use ldap_rename function for avoid lose encrypt password
|
||||
{
|
||||
if (! empty($conf->global->DATABASE_PWD_ENCRYPTED))
|
||||
{
|
||||
|
||||
Loading…
Reference in New Issue
Block a user