diff --git a/htdocs/adherents/class/adherent.class.php b/htdocs/adherents/class/adherent.class.php index 537e28f19a6..0b5fddd5da4 100644 --- a/htdocs/adherents/class/adherent.class.php +++ b/htdocs/adherents/class/adherent.class.php @@ -2703,7 +2703,7 @@ class Adherent extends CommonObject $info[$conf->global->LDAP_MEMBER_FIELD_PASSWORD] = $this->pass; // this->pass = mot de passe non crypte } if (!empty($conf->global->LDAP_MEMBER_FIELD_PASSWORD_CRYPTED)) { - $info[$conf->global->LDAP_MEMBER_FIELD_PASSWORD_CRYPTED] = dol_hash($this->pass, 4); // Create OpenLDAP MD5 password (TODO add type of encryption) + $info[$conf->global->LDAP_MEMBER_FIELD_PASSWORD_CRYPTED] = dol_hash($this->pass, 'openldap'); // Create OpenLDAP password (see LDAP_PASSWORD_HASH_TYPE) } } elseif ($conf->global->LDAP_SERVER_PROTOCOLVERSION !== '3') { // Set LDAP password if possible @@ -2714,7 +2714,7 @@ class Adherent extends CommonObject if ($this->pass_indatabase_crypted && !empty($conf->global->LDAP_MEMBER_FIELD_PASSWORD_CRYPTED)) { // Create OpenLDAP MD5 password from Dolibarr MD5 password // Note: This suppose that "pass_indatabase_crypted" is a md5 (guaranted by the previous test if "(empty($conf->global->MAIN_SECURITY_HASH_ALGO))" - $info[$conf->global->LDAP_MEMBER_FIELD_PASSWORD_CRYPTED] = '{md5}'.base64_encode(hex2bin($this->pass_indatabase_crypted)); + $info[$conf->global->LDAP_MEMBER_FIELD_PASSWORD_CRYPTED] = dolGetLdapPasswordHash($this->pass_indatabase_crypted, 'md5frommd5'); } } } elseif (!empty($this->pass_indatabase)) { @@ -2723,7 +2723,7 @@ class Adherent extends CommonObject $info[$conf->global->LDAP_MEMBER_FIELD_PASSWORD] = $this->pass_indatabase; // $this->pass_indatabase = mot de passe non crypte } if (!empty($conf->global->LDAP_MEMBER_FIELD_PASSWORD_CRYPTED)) { - $info[$conf->global->LDAP_MEMBER_FIELD_PASSWORD_CRYPTED] = dol_hash($this->pass_indatabase, 4); // md5 for OpenLdap TODO add type of encryption + $info[$conf->global->LDAP_MEMBER_FIELD_PASSWORD_CRYPTED] = dol_hash($this->pass_indatabase, 'openldap'); // Create OpenLDAP password (see LDAP_PASSWORD_HASH_TYPE) } } } diff --git a/htdocs/adherents/ldap.php b/htdocs/adherents/ldap.php index 4b64290f107..db87e514cb5 100644 --- a/htdocs/adherents/ldap.php +++ b/htdocs/adherents/ldap.php @@ -1,6 +1,6 @@ - * Copyright (C) 2006-2017 Regis Houssin + * Copyright (C) 2006-2021 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -50,14 +50,14 @@ if ($id > 0 || !empty($ref)) { $result = $object->fetch($id, $ref); // Define variables to know what current user can do on users - $canadduser = ($user->admin || $user->rights->user->user->creer); + $canadduser = (!empty($user->admin) || !empty($user->rights->user->user->creer)); // Define variables to know what current user can do on properties of user linked to edited member if ($object->user_id) { // $User is the user who edits, $object->user_id is the id of the related user in the edited member - $caneditfielduser = ((($user->id == $object->user_id) && $user->rights->user->self->creer) - || (($user->id != $object->user_id) && $user->rights->user->user->creer)); + $caneditfielduser = ((($user->id == $object->user_id) && !empty($user->rights->user->self->creer)) + || (($user->id != $object->user_id) && !empty($user->rights->user->user->creer))); $caneditpassworduser = ((($user->id == $object->user_id) && $user->rights->user->self->password) - || (($user->id != $object->user_id) && $user->rights->user->user->password)); + || (($user->id != $object->user_id) && !empty($user->rights->user->user->password))); } } @@ -135,17 +135,17 @@ $adht->fetch($object->typeid); print ''.$langs->trans("Type").''.$adht->getNomUrl(1)."\n"; // LDAP DN -print 'LDAP '.$langs->trans("LDAPMemberDn").''.$conf->global->LDAP_MEMBER_DN."\n"; +print 'LDAP '.$langs->trans("LDAPMemberDn").''.getDolGlobalString('LDAP_MEMBER_DN')."\n"; // LDAP Cle -print 'LDAP '.$langs->trans("LDAPNamingAttribute").''.$conf->global->LDAP_KEY_MEMBERS."\n"; +print 'LDAP '.$langs->trans("LDAPNamingAttribute").''.getDolGlobalString('LDAP_KEY_MEMBERS')."\n"; // LDAP Server -print 'LDAP '.$langs->trans("Type").''.$conf->global->LDAP_SERVER_TYPE."\n"; -print 'LDAP '.$langs->trans("Version").''.$conf->global->LDAP_SERVER_PROTOCOLVERSION."\n"; -print 'LDAP '.$langs->trans("LDAPPrimaryServer").''.$conf->global->LDAP_SERVER_HOST."\n"; -print 'LDAP '.$langs->trans("LDAPSecondaryServer").''.$conf->global->LDAP_SERVER_HOST_SLAVE."\n"; -print 'LDAP '.$langs->trans("LDAPServerPort").''.$conf->global->LDAP_SERVER_PORT."\n"; +print 'LDAP '.$langs->trans("Type").''.getDolGlobalString('LDAP_SERVER_TYPE')."\n"; +print 'LDAP '.$langs->trans("Version").''.getDolGlobalString('LDAP_SERVER_PROTOCOLVERSION')."\n"; +print 'LDAP '.$langs->trans("LDAPPrimaryServer").''.getDolGlobalString('LDAP_SERVER_HOST')."\n"; +print 'LDAP '.$langs->trans("LDAPSecondaryServer").''.getDolGlobalString('LDAP_SERVER_HOST_SLAVE')."\n"; +print 'LDAP '.$langs->trans("LDAPServerPort").''.getDolGlobalString('LDAP_SERVER_PORT')."\n"; print ''; @@ -158,13 +158,13 @@ print dol_get_fiche_end(); */ print '
'; -if (!empty($conf->global->LDAP_MEMBER_ACTIVE) && $conf->global->LDAP_MEMBER_ACTIVE != 'ldap2dolibarr') { +if (!empty($conf->global->LDAP_MEMBER_ACTIVE) && getDolGlobalString('LDAP_MEMBER_ACTIVE') != Ldap::SYNCHRO_LDAP_TO_DOLIBARR) { print '
'.$langs->trans("ForceSynchronize").'
'; } print "
\n"; -if (!empty($conf->global->LDAP_MEMBER_ACTIVE) && $conf->global->LDAP_MEMBER_ACTIVE != 'ldap2dolibarr') { +if (!empty($conf->global->LDAP_MEMBER_ACTIVE) && getDolGlobalString('LDAP_MEMBER_ACTIVE') != Ldap::SYNCHRO_LDAP_TO_DOLIBARR) { print "
\n"; } diff --git a/htdocs/adherents/type_ldap.php b/htdocs/adherents/type_ldap.php index 43902a5e1bf..d7650a8de2b 100644 --- a/htdocs/adherents/type_ldap.php +++ b/htdocs/adherents/type_ldap.php @@ -124,13 +124,13 @@ print dol_get_fiche_end(); print '
'; -if ($conf->global->LDAP_MEMBER_TYPE_ACTIVE == 1) { +if (getDolGlobalInt('LDAP_MEMBER_TYPE_ACTIVE') === Ldap::SYNCHRO_DOLIBARR_TO_LDAP) { print ''.$langs->trans("ForceSynchronize").''; } print "
\n"; -if ($conf->global->LDAP_MEMBER_TYPE_ACTIVE == 1) { +if (getDolGlobalInt('LDAP_MEMBER_TYPE_ACTIVE') === Ldap::SYNCHRO_DOLIBARR_TO_LDAP) { print "
\n"; } diff --git a/htdocs/admin/ldap.php b/htdocs/admin/ldap.php index abdf6b75073..e122bdf5930 100644 --- a/htdocs/admin/ldap.php +++ b/htdocs/admin/ldap.php @@ -2,7 +2,7 @@ /* Copyright (C) 2004 Rodolphe Quiedeville * Copyright (C) 2004 Sebastien Di Cintio * Copyright (C) 2004 Benoit Mortier - * Copyright (C) 2005-2017 Regis Houssin + * Copyright (C) 2005-2021 Regis Houssin * Copyright (C) 2006-2020 Laurent Destailleur * Copyright (C) 2011-2013 Juanjo Menent * @@ -29,10 +29,11 @@ require '../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/ldap.class.php'; +require_once DOL_DOCUMENT_ROOT.'/core/class/html.formldap.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/ldap.lib.php'; // Load translation files required by the page -$langs->load("admin"); +$langs->loadLangs(array("admin", "ldap")); if (!$user->admin) { accessforbidden(); @@ -99,6 +100,9 @@ if (empty($reshook)) { if (!dolibarr_set_const($db, 'LDAP_MEMBER_TYPE_ACTIVE', GETPOST("activememberstypes", 'aZ09'), 'chaine', 0, '', $conf->entity)) { $error++; } + if (!dolibarr_set_const($db, 'LDAP_PASSWORD_HASH_TYPE', GETPOST("LDAP_PASSWORD_HASH_TYPE", 'aZ09'), 'chaine', 0, '', $conf->entity)) { + $error++; + } if (!$error) { $db->commit(); @@ -129,7 +133,7 @@ if (!function_exists("ldap_connect")) { $form = new Form($db); - +$formldap = new FormLdap($db); print '
'; print ''; @@ -146,13 +150,9 @@ print "\n"; // Synchro utilisateurs/groupes active print ''.$langs->trans("LDAPDnSynchroActive").''; -$arraylist = array(); -$arraylist['0'] = $langs->trans("No"); -$arraylist['ldap2dolibarr'] = $langs->trans("LDAPToDolibarr"); -$arraylist['dolibarr2ldap'] = $langs->trans("DolibarrToLDAP"); -print $form->selectarray('activesynchro', $arraylist, $conf->global->LDAP_SYNCHRO_ACTIVE); +print $formldap->selectLdapDnSynchroActive(getDolGlobalInt('LDAP_SYNCHRO_ACTIVE'), 'activesynchro'); print ''.$langs->trans("LDAPDnSynchroActiveExample").''; -if ($conf->global->LDAP_SYNCHRO_ACTIVE && !$conf->global->LDAP_USER_DN) { +if (!empty($conf->global->LDAP_SYNCHRO_ACTIVE) && empty($conf->global->LDAP_USER_DN)) { print '
'.$langs->trans("LDAPSetupNotComplete").''; } print ''; @@ -160,32 +160,21 @@ print ''; // Synchro contact active if (!empty($conf->societe->enabled)) { print ''.$langs->trans("LDAPDnContactActive").''; - $arraylist = array(); - $arraylist['0'] = $langs->trans("No"); - $arraylist['1'] = $langs->trans("DolibarrToLDAP"); - print $form->selectarray('activecontact', $arraylist, $conf->global->LDAP_CONTACT_ACTIVE); + print $formldap->selectLdapDnSynchroActive(getDolGlobalInt('LDAP_CONTACT_ACTIVE'), 'activecontact', array(Ldap::SYNCHRO_LDAP_TO_DOLIBARR)); print ''.$langs->trans("LDAPDnContactActiveExample").''; } // Synchro member active if (!empty($conf->adherent->enabled)) { print ''.$langs->trans("LDAPDnMemberActive").''; - $arraylist = array(); - $arraylist['0'] = $langs->trans("No"); - $arraylist['1'] = $langs->trans("DolibarrToLDAP"); - $arraylist['ldap2dolibarr'] = $langs->trans("LDAPToDolibarr").' ('.$langs->trans("SupportedForLDAPImportScriptOnly").')'; - print $form->selectarray('activemembers', $arraylist, $conf->global->LDAP_MEMBER_ACTIVE); + print $formldap->selectLdapDnSynchroActive(getDolGlobalInt('LDAP_MEMBER_ACTIVE'), 'activemembers', array(), 2); print ''.$langs->trans("LDAPDnMemberActiveExample").''; } // Synchro member type active if (!empty($conf->adherent->enabled)) { print ''.$langs->trans("LDAPDnMemberTypeActive").''; - $arraylist = array(); - $arraylist['0'] = $langs->trans("No"); - $arraylist['1'] = $langs->trans("DolibarrToLDAP"); - $arraylist['ldap2dolibarr'] = $langs->trans("LDAPToDolibarr").' ('.$langs->trans("SupportedForLDAPImportScriptOnly").')'; - print $form->selectarray('activememberstypes', $arraylist, $conf->global->LDAP_MEMBER_TYPE_ACTIVE); + print $formldap->selectLdapDnSynchroActive(getDolGlobalInt('LDAP_MEMBER_TYPE_ACTIVE'), 'activememberstypes', array(), 2); print ''.$langs->trans("LDAPDnMemberTypeActiveExample").''; } @@ -202,55 +191,46 @@ print "\n"; // Type print ''.$langs->trans("Type").''; -$arraylist = array(); -$arraylist['activedirectory'] = 'Active Directory'; -$arraylist['openldap'] = 'OpenLdap'; -$arraylist['egroupware'] = 'Egroupware'; -print $form->selectarray('type', $arraylist, $conf->global->LDAP_SERVER_TYPE); +print $formldap->selectLdapServerType(getDolGlobalString('LDAP_SERVER_TYPE'), 'type'); print ' '; // Version print ''.$langs->trans("Version").''; -$arraylist = array(); -$arraylist['3'] = 'Version 3'; -$arraylist['2'] = 'Version 2'; -print $form->selectarray('LDAP_SERVER_PROTOCOLVERSION', $arraylist, $conf->global->LDAP_SERVER_PROTOCOLVERSION); +print $formldap->selectLdapServerProtocolVersion(getDolGlobalString('LDAP_SERVER_PROTOCOLVERSION'), 'LDAP_SERVER_PROTOCOLVERSION'); print ''.$langs->trans("LDAPServerProtocolVersion").''; // Serveur primaire print ''; print $langs->trans("LDAPPrimaryServer").''; -print ''; +print ''; print ''.$langs->trans("LDAPServerExample").''; // Serveur secondaire print ''; print $langs->trans("LDAPSecondaryServer").''; -print ''; +print ''; print ''.$langs->trans("LDAPServerExample").''; // Port print ''.$langs->trans("LDAPServerPort").''; -if (!empty($conf->global->LDAP_SERVER_PORT)) { - print ''; -} else { - print ''; -} +print ''; print ''.$langs->trans("LDAPServerPortExample").''; // DNserver print ''.$langs->trans("LDAPServerDn").''; -print ''; +print ''; print ''.$langs->trans("LDAPServerDnExample").''; // Utiliser TLS print ''.$langs->trans("LDAPServerUseTLS").''; -$arraylist = array(); -$arraylist['0'] = $langs->trans("No"); -$arraylist['1'] = $langs->trans("Yes"); -print $form->selectarray('usetls', $arraylist, $conf->global->LDAP_SERVER_USE_TLS); +print $form->selectyesno('usetls', getDolGlobalInt('LDAP_SERVER_USE_TLS'), 1); print ''.$langs->trans("LDAPServerUseTLSExample").''; +// Password hash type +print ''.$langs->trans("LDAPPasswordHashType").''; +print $formldap->selectLdapPasswordHashType(getDolGlobalString('LDAP_PASSWORD_HASH_TYPE'), 'LDAP_PASSWORD_HASH_TYPE'); +print ''.$langs->trans("LDAPPasswordHashTypeExample").''; + print ''; print ''.$langs->trans("ForANonAnonymousAccess").''; print "\n"; @@ -258,17 +238,13 @@ print "\n"; // DNAdmin print ''; print ''.$langs->trans("LDAPAdminDn").''; -print ''; +print ''; print ''.$langs->trans("LDAPAdminDnExample").''; // Pass print ''; print ''.$langs->trans("LDAPPassword").''; -if (!empty($conf->global->LDAP_ADMIN_PASS)) { - print ''; // je le met en visible pour test -} else { - print ''; -} +print ''; print ''.$langs->trans('Password').' (ex: secret)'; print ''; @@ -297,17 +273,17 @@ if (function_exists("ldap_connect")) { if ($result > 0) { // Test ldap connect and bind print img_picto('', 'info').' '; - print ''.$langs->trans("LDAPTCPConnectOK", $ldap->connectedServer, $conf->global->LDAP_SERVER_PORT).''; + print ''.$langs->trans("LDAPTCPConnectOK", $ldap->connectedServer, getDolGlobalString('LDAP_SERVER_PORT')).''; print '
'; if (!empty($conf->global->LDAP_ADMIN_DN) && !empty($conf->global->LDAP_ADMIN_PASS)) { if ($result == 2) { print img_picto('', 'info').' '; - print ''.$langs->trans("LDAPBindOK", $ldap->connectedServer, $conf->global->LDAP_SERVER_PORT, $conf->global->LDAP_ADMIN_DN, preg_replace('/./i', '*', $conf->global->LDAP_ADMIN_PASS)).''; + print ''.$langs->trans("LDAPBindOK", $ldap->connectedServer, getDolGlobalString('LDAP_SERVER_PORT'), $conf->global->LDAP_ADMIN_DN, preg_replace('/./i', '*', $conf->global->LDAP_ADMIN_PASS)).''; print '
'; } else { print img_picto('', 'error').' '; - print ''.$langs->trans("LDAPBindKO", $ldap->connectedServer, $conf->global->LDAP_SERVER_PORT, $conf->global->LDAP_ADMIN_DN, preg_replace('/./i', '*', $conf->global->LDAP_ADMIN_PASS)).''; + print ''.$langs->trans("LDAPBindKO", $ldap->connectedServer, getDolGlobalString('LDAP_SERVER_PORT'), $conf->global->LDAP_ADMIN_DN, preg_replace('/./i', '*', $conf->global->LDAP_ADMIN_PASS)).''; print '
'; print $langs->trans("Error").' '.$ldap->error; print '
'; @@ -333,7 +309,7 @@ if (function_exists("ldap_connect")) { $ldap->unbind(); } else { print img_picto('', 'error').' '; - print ''.$langs->trans("LDAPTCPConnectKO", $ldap->connectedServer, $conf->global->LDAP_SERVER_PORT).''; + print ''.$langs->trans("LDAPTCPConnectKO", $ldap->connectedServer, getDolGlobalString('LDAP_SERVER_PORT')).''; print '
'; print $langs->trans("Error").' '.$ldap->error; print '
'; diff --git a/htdocs/admin/ldap_groups.php b/htdocs/admin/ldap_groups.php index 82ee85b9a20..5723183735e 100644 --- a/htdocs/admin/ldap_groups.php +++ b/htdocs/admin/ldap_groups.php @@ -218,7 +218,7 @@ print '
'; /* * Test de la connexion */ -if ($conf->global->LDAP_SYNCHRO_ACTIVE == 'dolibarr2ldap') { +if (getDolGlobalInt('LDAP_SYNCHRO_ACTIVE') === Ldap::SYNCHRO_DOLIBARR_TO_LDAP) { $butlabel = $langs->trans("LDAPTestSynchroGroup"); $testlabel = 'testgroup'; $key = $conf->global->LDAP_KEY_GROUPS; @@ -226,7 +226,7 @@ if ($conf->global->LDAP_SYNCHRO_ACTIVE == 'dolibarr2ldap') { $objectclass = $conf->global->LDAP_GROUP_OBJECT_CLASS; show_ldap_test_button($butlabel, $testlabel, $key, $dn, $objectclass); -} elseif ($conf->global->LDAP_SYNCHRO_ACTIVE == 'ldap2dolibarr') { +} elseif (getDolGlobalInt('LDAP_SYNCHRO_ACTIVE') === Ldap::SYNCHRO_LDAP_TO_DOLIBARR) { $butlabel = $langs->trans("LDAPTestSearch"); $testlabel = 'testsearchgroup'; $key = $conf->global->LDAP_KEY_GROUPS; diff --git a/htdocs/admin/ldap_members_types.php b/htdocs/admin/ldap_members_types.php index 05572dc8bbf..7933b59d5e0 100644 --- a/htdocs/admin/ldap_members_types.php +++ b/htdocs/admin/ldap_members_types.php @@ -188,7 +188,7 @@ print ''; /* * Test de la connexion */ -if ($conf->global->LDAP_MEMBER_TYPE_ACTIVE == '1') { +if (getDolGlobalInt('LDAP_MEMBER_TYPE_ACTIVE') === Ldap::SYNCHRO_DOLIBARR_TO_LDAP) { $butlabel = $langs->trans("LDAPTestSynchroMemberType"); $testlabel = 'testmembertype'; $key = $conf->global->LDAP_KEY_MEMBERS_TYPES; diff --git a/htdocs/admin/ldap_users.php b/htdocs/admin/ldap_users.php index 33bec1cb2e8..f395eb88fb4 100644 --- a/htdocs/admin/ldap_users.php +++ b/htdocs/admin/ldap_users.php @@ -405,7 +405,7 @@ print ''; /* * Test de la connexion */ -if (getDolGlobalString('LDAP_SYNCHRO_ACTIVE') == 'dolibarr2ldap') { +if (getDolGlobalString('LDAP_SYNCHRO_ACTIVE') == Ldap::SYNCHRO_DOLIBARR_TO_LDAP) { $butlabel = $langs->trans("LDAPTestSynchroUser"); $testlabel = 'testuser'; $key = getDolGlobalString('LDAP_KEY_USERS'); @@ -413,7 +413,7 @@ if (getDolGlobalString('LDAP_SYNCHRO_ACTIVE') == 'dolibarr2ldap') { $objectclass = getDolGlobalString('LDAP_USER_OBJECT_CLASS'); show_ldap_test_button($butlabel, $testlabel, $key, $dn, $objectclass); -} elseif (getDolGlobalString('LDAP_SYNCHRO_ACTIVE') == 'ldap2dolibarr') { +} elseif (getDolGlobalString('LDAP_SYNCHRO_ACTIVE') == Ldap::SYNCHRO_LDAP_TO_DOLIBARR) { $butlabel = $langs->trans("LDAPTestSearch"); $testlabel = 'testsearchuser'; $key = getDolGlobalString('LDAP_KEY_USERS'); diff --git a/htdocs/contact/ldap.php b/htdocs/contact/ldap.php index d29aab0386b..d7ddd520ac0 100644 --- a/htdocs/contact/ldap.php +++ b/htdocs/contact/ldap.php @@ -1,6 +1,6 @@ - * Copyright (C) 2006-2017 Regis Houssin + * Copyright (C) 2006-2021 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -114,15 +114,15 @@ print $object->getCivilityLabel(); print ''; // LDAP DN -print 'LDAP '.$langs->trans("LDAPContactDn").''.$conf->global->LDAP_CONTACT_DN."\n"; +print 'LDAP '.$langs->trans("LDAPContactDn").''.getDolGlobalString('LDAP_CONTACT_DN')."\n"; // LDAP Cle -print 'LDAP '.$langs->trans("LDAPNamingAttribute").''.$conf->global->LDAP_KEY_CONTACTS."\n"; +print 'LDAP '.$langs->trans("LDAPNamingAttribute").''.getDolGlobalString('LDAP_KEY_CONTACTS')."\n"; // LDAP Server -print 'LDAP '.$langs->trans("LDAPPrimaryServer").''.$conf->global->LDAP_SERVER_HOST."\n"; -print 'LDAP '.$langs->trans("LDAPSecondaryServer").''.$conf->global->LDAP_SERVER_HOST_SLAVE."\n"; -print 'LDAP '.$langs->trans("LDAPServerPort").''.$conf->global->LDAP_SERVER_PORT."\n"; +print 'LDAP '.$langs->trans("LDAPPrimaryServer").''.getDolGlobalString('LDAP_SERVER_HOST')."\n"; +print 'LDAP '.$langs->trans("LDAPSecondaryServer").''.getDolGlobalString('LDAP_SERVER_HOST_SLAVE')."\n"; +print 'LDAP '.$langs->trans("LDAPServerPort").''.getDolGlobalString('LDAP_SERVER_PORT')."\n"; print ''; @@ -136,13 +136,13 @@ print dol_get_fiche_end(); */ print '
'; -if (!empty($conf->global->LDAP_CONTACT_ACTIVE) && $conf->global->LDAP_CONTACT_ACTIVE != 'ldap2dolibarr') { +if (!empty($conf->global->LDAP_CONTACT_ACTIVE) && getDolGlobalInt('LDAP_CONTACT_ACTIVE') != Ldap::SYNCHRO_LDAP_TO_DOLIBARR) { print ''.$langs->trans("ForceSynchronize").''; } print "
\n"; -if (!empty($conf->global->LDAP_CONTACT_ACTIVE) && $conf->global->LDAP_CONTACT_ACTIVE != 'ldap2dolibarr') { +if (!empty($conf->global->LDAP_CONTACT_ACTIVE) && getDolGlobalInt('LDAP_CONTACT_ACTIVE') != Ldap::SYNCHRO_LDAP_TO_DOLIBARR) { print "
\n"; } diff --git a/htdocs/core/class/conf.class.php b/htdocs/core/class/conf.class.php index 044dc192426..e6f604189d3 100644 --- a/htdocs/core/class/conf.class.php +++ b/htdocs/core/class/conf.class.php @@ -775,8 +775,8 @@ class Conf $this->contrat->services->expires->warning_delay = (isset($this->global->MAIN_DELAY_RUNNING_SERVICES) ? $this->global->MAIN_DELAY_RUNNING_SERVICES : 0) * 86400; } if (isset($this->commande)) { - $this->bank->rappro = new stdClass(); - $this->bank->cheque = new stdClass(); + $this->bank->rappro = new stdClass(); + $this->bank->cheque = new stdClass(); $this->bank->rappro->warning_delay = (isset($this->global->MAIN_DELAY_TRANSACTIONS_TO_CONCILIATE) ? $this->global->MAIN_DELAY_TRANSACTIONS_TO_CONCILIATE : 0) * 86400; $this->bank->cheque->warning_delay = (isset($this->global->MAIN_DELAY_CHEQUES_TO_DEPOSIT) ? $this->global->MAIN_DELAY_CHEQUES_TO_DEPOSIT : 0) * 86400; } @@ -845,6 +845,23 @@ class Conf } } + // For backward compatibility + if (!empty($this->global->LDAP_SYNCHRO_ACTIVE)) { + if ($this->global->LDAP_SYNCHRO_ACTIVE == 'dolibarr2ldap') { + $this->global->LDAP_SYNCHRO_ACTIVE = 1; + } elseif ($this->global->LDAP_SYNCHRO_ACTIVE == 'ldap2dolibarr') { + $this->global->LDAP_SYNCHRO_ACTIVE = 2; + } + } + // For backward compatibility + if (!empty($this->global->LDAP_MEMBER_ACTIVE) && $this->global->LDAP_MEMBER_ACTIVE == 'ldap2dolibarr') { + $this->global->LDAP_MEMBER_ACTIVE = 2; + } + // For backward compatibility + if (!empty($this->global->LDAP_MEMBER_TYPE_ACTIVE) && $this->global->LDAP_MEMBER_TYPE_ACTIVE == 'ldap2dolibarr') { + $this->global->LDAP_MEMBER_TYPE_ACTIVE = 2; + } + if (!empty($this->global->MAIN_TZUSERINPUTKEY)) { $this->tzuserinputkey = $this->global->MAIN_TZUSERINPUTKEY; // 'tzserver' or 'tzuserrel' } diff --git a/htdocs/core/class/html.formldap.class.php b/htdocs/core/class/html.formldap.class.php new file mode 100644 index 00000000000..04c204edfd2 --- /dev/null +++ b/htdocs/core/class/html.formldap.class.php @@ -0,0 +1,201 @@ + + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +/** + * \file htdocs/core/class/html.formldap.class.php + * \ingroup core + * \brief File of class with ldap html predefined components + */ +require_once DOL_DOCUMENT_ROOT.'/core/class/html.form.class.php'; + +/** + * Class to manage generation of HTML components for ldap module + */ +class FormLdap +{ + /** + * @var DoliDB Database handler. + */ + public $db; + + /** + * @var string Error code (or message) + */ + public $error = ''; + + /** + * @var string[] Array of error strings + */ + public $errors = array(); + + + /** + * Constructor + * + * @param DoliDB $db Database handler + */ + public function __construct($db) + { + global $langs, $form; + + if (!is_object($form)) { + $form = new Form($this->db); + } + + $langs->loadLangs(array("admin", "ldap")); + + $this->db = $db; + } + + /** + * Return list of types of hash + * + * @param string $selected Preselected type + * @param string $htmlname Name of field in form + * @param int $showempty Add an empty field + * @return string HTML select string + */ + public function selectLdapPasswordHashType($selected = 'md5', $htmlname = 'ldaphashtype', $showempty = 0) + { + global $form; + + if (empty($selected)) { + $selected = 'md5'; + } + if (empty($htmlname)) { + $htmlname = 'ldaphashtype'; + } + + $arraylist = array( + //"pbkdf2sha256" => "PBKDF2_SHA256", + "ssha512" => "SSHA-512", + "ssha384" => "SSHA-384", + "ssha256" => "SSHA-256", + "ssha" => "SSHA", + "sha512" => "SHA-512", + "sha384" => "SHA-384", + "sha256" => "SHA-256", + "sha" => "SHA", + "md5" => "MD5", + "smd5" => "SMD5", + //"cryptmd5" => "CRYPT-MD5", + //"cryptsha512" => "CRYPT-SHA512", + //"cryptsha384" => "CRYPT-SHA384", + //"cryptsha256" => "CRYPT-SHA256", + "crypt" => "CRYPT", + "clear" => "CLEAR" + ); + + return $form->selectarray($htmlname, $arraylist, $selected, $showempty); + } + + /** + * Return list of type of synchronization + * + * @param int $selected Preselected type + * @param string $htmlname Name of field in form + * @param array $exclude Exclude values from the list + * @param int $scriptonly Add warning if synchro only work with a script (0 = disable, 1 = Dolibarr2ldap, 2 = ldap2dolibarr, 3 = all) + * @param int $showempty Add an empty field + * @return string HTML select string + */ + public function selectLdapDnSynchroActive($selected = 0, $htmlname = 'activesynchro', $exclude = array(), $scriptonly = 0, $showempty = 0) + { + global $langs, $form; + + if (empty($selected)) { + $selected = Ldap::SYNCHRO_NONE; + } + if (empty($htmlname)) { + $htmlname = 'activesynchro'; + } + + $dolibarr2ldaplabel = $langs->trans("DolibarrToLDAP") . (($scriptonly == 1 || $scriptonly == 3) ? " (".$langs->trans("SupportedForLDAPExportScriptOnly").")" : ""); + $ldap2dolibarrlabel = $langs->trans("LDAPToDolibarr") . (($scriptonly == 2 || $scriptonly == 3) ? " (".$langs->trans("SupportedForLDAPImportScriptOnly").")" : ""); + + $arraylist = array( + Ldap::SYNCHRO_NONE => $langs->trans("No"), + Ldap::SYNCHRO_DOLIBARR_TO_LDAP => $dolibarr2ldaplabel, + Ldap::SYNCHRO_LDAP_TO_DOLIBARR => $ldap2dolibarrlabel + ); + + if (is_array($exclude) && !empty($exclude)) { + foreach ($exclude as $value) { + if (array_key_exists($value, $arraylist)) { + unset($arraylist[$value]); + } + } + } + + return $form->selectarray($htmlname, $arraylist, $selected, $showempty); + } + + /** + * Return list of ldap server types + * + * @param string $selected Preselected type + * @param string $htmlname Name of field in form + * @param int $showempty Add an empty field + * @return string HTML select string + */ + public function selectLdapServerType($selected = 'openldap', $htmlname = 'type', $showempty = 0) + { + global $form; + + if (empty($selected)) { + $selected = 'openldap'; + } + if (empty($htmlname)) { + $htmlname = 'type'; + } + + $arraylist = array( + 'activedirectory' => 'Active Directory', + 'openldap' => 'OpenLdap', + 'egroupware' => 'Egroupware' + ); + + return $form->selectarray($htmlname, $arraylist, $selected, $showempty); + } + + /** + * Return list of ldap server protocol version + * + * @param string $selected Preselected type + * @param string $htmlname Name of field in form + * @param int $showempty Add an empty field + * @return string HTML select string + */ + public function selectLdapServerProtocolVersion($selected = '3', $htmlname = 'ldapprotocolversion', $showempty = 0) + { + global $form; + + if (empty($selected)) { + $selected = '3'; + } + if (empty($htmlname)) { + $htmlname = 'ldapprotocolversion'; + } + + $arraylist = array( + '3' => 'Version 3', + '2' => 'Version 2' + ); + + return $form->selectarray($htmlname, $arraylist, $selected, $showempty); + } +} diff --git a/htdocs/core/class/ldap.class.php b/htdocs/core/class/ldap.class.php index 4af22683b2c..120c2993801 100644 --- a/htdocs/core/class/ldap.class.php +++ b/htdocs/core/class/ldap.class.php @@ -122,6 +122,21 @@ class Ldap */ public $result; + /** + * No Ldap synchronization + */ + const SYNCHRO_NONE = 0; + + /** + * Dolibarr to Ldap synchronization + */ + const SYNCHRO_DOLIBARR_TO_LDAP = 1; + + /** + * Ldap to Dolibarr synchronization + */ + const SYNCHRO_LDAP_TO_DOLIBARR = 2; + /** * Constructor @@ -225,6 +240,7 @@ class Ldap // For test/debug //ldap_set_option($this->connection, LDAP_OPT_DEBUG_LEVEL, 7); //ldap_set_option($this->connection, LDAP_OPT_PROTOCOL_VERSION, 3); + //ldap_set_option($this->connection, LDAP_OPT_REFERRALS, 0); $resulttls = ldap_start_tls($this->connection); if (!$resulttls) { @@ -299,7 +315,6 @@ class Ldap return $return; } - /** * Simply closes the connection set up earlier. Returns true if OK, false if there was an error. * This method seems a duplicate/alias of unbind(). @@ -920,10 +935,10 @@ class Ldap return -3; } - $search = ldap_search($this->connection, $dn, $filter); + $search = @ldap_search($this->connection, $dn, $filter); // Only one entry should ever be returned - $entry = ldap_first_entry($this->connection, $search); + $entry = @ldap_first_entry($this->connection, $search); if (!$entry) { $this->ldapErrorCode = -1; diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index ede899d7761..58d69842f66 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -97,7 +97,7 @@ function dol_decode($chain, $key = '1') * If constant MAIN_SECURITY_SALT is defined, we use it as a salt (used only if hashing algorightm is something else than 'password_hash'). * * @param string $chain String to hash - * @param string $type Type of hash ('0':auto will use MAIN_SECURITY_HASH_ALGO else md5, '1':sha1, '2':sha1+md5, '3':md5, '4':md5 for OpenLdap with no salt, '5':sha256, '6':password_hash). Use '3' here, if hash is not needed for security purpose, for security need, prefer '0'. + * @param string $type Type of hash ('0':auto will use MAIN_SECURITY_HASH_ALGO else md5, '1':sha1, '2':sha1+md5, '3':md5, '4': for OpenLdap, '5':sha256, '6':password_hash). Use '3' here, if hash is not needed for security purpose, for security need, prefer '0'. * @return string Hash of string * @see getRandomPassword() */ @@ -111,7 +111,7 @@ function dol_hash($chain, $type = '0') } // Salt value - if (!empty($conf->global->MAIN_SECURITY_SALT) && $type != '4' && $type !== 'md5openldap') { + if (!empty($conf->global->MAIN_SECURITY_SALT) && $type != '4' && $type !== 'openldap') { $chain = $conf->global->MAIN_SECURITY_SALT.$chain; } @@ -121,8 +121,8 @@ function dol_hash($chain, $type = '0') return sha1(md5($chain)); } elseif ($type == '3' || $type == 'md5') { return md5($chain); - } elseif ($type == '4' || $type == 'md5openldap') { - return '{md5}'.base64_encode(pack("H*", md5($chain))); // For OpenLdap with md5 (based on an unencrypted password in base) + } elseif ($type == '4' || $type == 'openldap') { + return dolGetLdapPasswordHash($chain, getDolGlobalString('LDAP_PASSWORD_HASH_TYPE', 'md5')); } elseif ($type == '5' || $type == 'sha256') { return hash('sha256', $chain); } elseif ($type == '6' || $type == 'password_hash') { @@ -145,7 +145,7 @@ function dol_hash($chain, $type = '0') * * @param string $chain String to hash (not hashed string) * @param string $hash hash to compare - * @param string $type Type of hash ('0':auto, '1':sha1, '2':sha1+md5, '3':md5, '4':md5 for OpenLdap, '5':sha256). Use '3' here, if hash is not needed for security purpose, for security need, prefer '0'. + * @param string $type Type of hash ('0':auto, '1':sha1, '2':sha1+md5, '3':md5, '4': for OpenLdap, '5':sha256). Use '3' here, if hash is not needed for security purpose, for security need, prefer '0'. * @return bool True if the computed hash is the same as the given one */ function dol_verifyHash($chain, $hash, $type = '0') @@ -167,6 +167,50 @@ function dol_verifyHash($chain, $hash, $type = '0') return dol_hash($chain, $type) == $hash; } +/** + * Returns a specific ldap hash of a password. + * + * @param string $password Password to hash + * @param string $type Type of hash + * @return string Hash of password + */ +function dolGetLdapPasswordHash($password, $type = 'md5') +{ + if (empty($type)) { + $type = 'md5'; + } + + $salt = substr(sha1(time()), 0, 8); + + if ($type === 'md5') { + return '{MD5}' . base64_encode(hash("md5", $password, true)); //For OpenLdap with md5 (based on an unencrypted password in base) + } elseif ($type === 'md5frommd5') { + return '{MD5}' . base64_encode(hex2bin($password)); // Create OpenLDAP MD5 password from Dolibarr MD5 password + } elseif ($type === 'smd5') { + return "{SMD5}" . base64_encode(hash("md5", $password . $salt, true) . $salt); + } elseif ($type === 'sha') { + return '{SHA}' . base64_encode(hash("sha1", $password, true)); + } elseif ($type === 'ssha') { + return "{SSHA}" . base64_encode(hash("sha1", $password . $salt, true) . $salt); + } elseif ($type === 'sha256') { + return "{SHA256}" . base64_encode(hash("sha256", $password, true)); + } elseif ($type === 'ssha256') { + return "{SSHA256}" . base64_encode(hash("sha256", $password . $salt, true) . $salt); + } elseif ($type === 'sha384') { + return "{SHA384}" . base64_encode(hash("sha384", $password, true)); + } elseif ($type === 'ssha384') { + return "{SSHA384}" . base64_encode(hash("sha384", $password . $salt, true) . $salt); + } elseif ($type === 'sha512') { + return "{SHA512}" . base64_encode(hash("sha512", $password, true)); + } elseif ($type === 'ssha512') { + return "{SSHA512}" . base64_encode(hash("sha512", $password . $salt, true) . $salt); + } elseif ($type === 'crypt') { + return '{CRYPT}' . crypt($password, $salt); + } elseif ($type === 'clear') { + return '{CLEAR}' . $password; // Just for test, plain text password is not secured ! + } +} + /** * Check permissions of a user to show a page and an object. Check read permission. * If GETPOST('action','aZ09') defined, we also check write and delete permission. diff --git a/htdocs/core/login/functions_ldap.php b/htdocs/core/login/functions_ldap.php index 2d55ca2815b..1db98f5384e 100644 --- a/htdocs/core/login/functions_ldap.php +++ b/htdocs/core/login/functions_ldap.php @@ -1,5 +1,6 @@ + * Copyright (C) 2008-2021 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -156,7 +157,7 @@ function check_user_password_ldap($usertotest, $passwordtotest, $entitytotest) // we need to get the real login to use in the ldap answer. if (!empty($conf->global->LDAP_FIELD_LOGIN) && !empty($ldap->login)) { $login = $ldap->login; - dol_syslog("functions_ldap::check_user_password_ldap login is now $login (LDAP_FIELD_LOGIN=".$conf->global->LDAP_FIELD_LOGIN.")"); + dol_syslog("functions_ldap::check_user_password_ldap login is now $login (LDAP_FIELD_LOGIN=".getDolGlobalString('LDAP_FIELD_LOGIN').")"); } require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php'; @@ -181,7 +182,7 @@ function check_user_password_ldap($usertotest, $passwordtotest, $entitytotest) } // ldap2dolibarr synchronisation - if ($login && !empty($conf->ldap->enabled) && $conf->global->LDAP_SYNCHRO_ACTIVE == 'ldap2dolibarr') { // ldap2dolibarr synchronisation + if ($login && !empty($conf->ldap->enabled) && getDolGlobalInt('LDAP_SYNCHRO_ACTIVE') == Ldap::SYNCHRO_LDAP_TO_DOLIBARR) { // ldap2dolibarr synchronization dol_syslog("functions_ldap::check_user_password_ldap Sync ldap2dolibarr"); // On charge les attributs du user ldap diff --git a/htdocs/core/triggers/interface_50_modLdap_Ldapsynchro.class.php b/htdocs/core/triggers/interface_50_modLdap_Ldapsynchro.class.php index d4db5ebccfc..6c2f5ea9060 100644 --- a/htdocs/core/triggers/interface_50_modLdap_Ldapsynchro.class.php +++ b/htdocs/core/triggers/interface_50_modLdap_Ldapsynchro.class.php @@ -1,6 +1,6 @@ - * Copyright (C) 2005-2017 Regis Houssin + * Copyright (C) 2005-2021 Regis Houssin * Copyright (C) 2014 Marcos GarcĂ­a * * This program is free software; you can redistribute it and/or modify @@ -81,7 +81,7 @@ class InterfaceLdapsynchro extends DolibarrTriggers // Users if ($action == 'USER_CREATE') { dol_syslog("Trigger '".$this->name."' for action '$action' launched by ".__FILE__.". id=".$object->id); - if (!empty($conf->global->LDAP_SYNCHRO_ACTIVE) && $conf->global->LDAP_SYNCHRO_ACTIVE === 'dolibarr2ldap') { + if (!empty($conf->global->LDAP_SYNCHRO_ACTIVE) && getDolGlobalInt('LDAP_SYNCHRO_ACTIVE') === Ldap::SYNCHRO_DOLIBARR_TO_LDAP) { $ldap = new Ldap(); $result = $ldap->connect_bind(); @@ -98,7 +98,7 @@ class InterfaceLdapsynchro extends DolibarrTriggers } } elseif ($action == 'USER_MODIFY') { dol_syslog("Trigger '".$this->name."' for action '$action' launched by ".__FILE__.". id=".$object->id); - if (!empty($conf->global->LDAP_SYNCHRO_ACTIVE) && $conf->global->LDAP_SYNCHRO_ACTIVE === 'dolibarr2ldap') { + if (!empty($conf->global->LDAP_SYNCHRO_ACTIVE) && getDolGlobalInt('LDAP_SYNCHRO_ACTIVE') === Ldap::SYNCHRO_DOLIBARR_TO_LDAP) { $ldap = new Ldap(); $result = $ldap->connect_bind(); @@ -177,7 +177,7 @@ class InterfaceLdapsynchro extends DolibarrTriggers } } elseif ($action == 'USER_NEW_PASSWORD') { dol_syslog("Trigger '".$this->name."' for action '$action' launched by ".__FILE__.". id=".$object->id); - if (!empty($conf->global->LDAP_SYNCHRO_ACTIVE) && $conf->global->LDAP_SYNCHRO_ACTIVE === 'dolibarr2ldap') { + if (!empty($conf->global->LDAP_SYNCHRO_ACTIVE) && getDolGlobalInt('LDAP_SYNCHRO_ACTIVE') === Ldap::SYNCHRO_DOLIBARR_TO_LDAP) { $ldap = new Ldap(); $result = $ldap->connect_bind(); @@ -212,7 +212,7 @@ class InterfaceLdapsynchro extends DolibarrTriggers dol_syslog("Trigger '".$this->name."' for action '$action' launched by ".__FILE__.". id=".$object->id); } elseif ($action == 'USER_DELETE') { dol_syslog("Trigger '".$this->name."' for action '$action' launched by ".__FILE__.". id=".$object->id); - if (!empty($conf->global->LDAP_SYNCHRO_ACTIVE) && $conf->global->LDAP_SYNCHRO_ACTIVE === 'dolibarr2ldap') { + if (!empty($conf->global->LDAP_SYNCHRO_ACTIVE) && getDolGlobalInt('LDAP_SYNCHRO_ACTIVE') === Ldap::SYNCHRO_DOLIBARR_TO_LDAP) { $ldap = new Ldap(); $result = $ldap->connect_bind(); @@ -229,7 +229,7 @@ class InterfaceLdapsynchro extends DolibarrTriggers } /*} elseif ($action == 'USER_SETINGROUP') { dol_syslog("Trigger '".$this->name."' for action '$action' launched by ".__FILE__.". id=".$object->id); - if (!empty($conf->global->LDAP_SYNCHRO_ACTIVE) && $conf->global->LDAP_SYNCHRO_ACTIVE === 'dolibarr2ldap') { + if (!empty($conf->global->LDAP_SYNCHRO_ACTIVE) && getDolGlobalInt('LDAP_SYNCHRO_ACTIVE') === Ldap::SYNCHRO_DOLIBARR_TO_LDAP) { $ldap = new Ldap(); $result = $ldap->connect_bind(); @@ -263,7 +263,7 @@ class InterfaceLdapsynchro extends DolibarrTriggers } } elseif ($action == 'USER_REMOVEFROMGROUP') { dol_syslog("Trigger '".$this->name."' for action '$action' launched by ".__FILE__.". id=".$object->id); - if (!empty($conf->global->LDAP_SYNCHRO_ACTIVE) && $conf->global->LDAP_SYNCHRO_ACTIVE === 'dolibarr2ldap') { + if (!empty($conf->global->LDAP_SYNCHRO_ACTIVE) && getDolGlobalInt('LDAP_SYNCHRO_ACTIVE') === Ldap::SYNCHRO_DOLIBARR_TO_LDAP) { $ldap = new Ldap(); $result = $ldap->connect_bind(); @@ -298,7 +298,7 @@ class InterfaceLdapsynchro extends DolibarrTriggers } elseif ($action == 'USERGROUP_CREATE') { // Groupes dol_syslog("Trigger '".$this->name."' for action '$action' launched by ".__FILE__.". id=".$object->id); - if (!empty($conf->global->LDAP_SYNCHRO_ACTIVE) && $conf->global->LDAP_SYNCHRO_ACTIVE === 'dolibarr2ldap') { + if (!empty($conf->global->LDAP_SYNCHRO_ACTIVE) && getDolGlobalInt('LDAP_SYNCHRO_ACTIVE') === Ldap::SYNCHRO_DOLIBARR_TO_LDAP) { $ldap = new Ldap(); $result = $ldap->connect_bind(); @@ -320,7 +320,7 @@ class InterfaceLdapsynchro extends DolibarrTriggers } } elseif ($action == 'USERGROUP_MODIFY') { dol_syslog("Trigger '".$this->name."' for action '$action' launched by ".__FILE__.". id=".$object->id); - if (!empty($conf->global->LDAP_SYNCHRO_ACTIVE) && $conf->global->LDAP_SYNCHRO_ACTIVE === 'dolibarr2ldap') { + if (!empty($conf->global->LDAP_SYNCHRO_ACTIVE) && getDolGlobalInt('LDAP_SYNCHRO_ACTIVE') === Ldap::SYNCHRO_DOLIBARR_TO_LDAP) { $ldap = new Ldap(); $result = $ldap->connect_bind(); @@ -353,7 +353,7 @@ class InterfaceLdapsynchro extends DolibarrTriggers } } elseif ($action == 'USERGROUP_DELETE') { dol_syslog("Trigger '".$this->name."' for action '$action' launched by ".__FILE__.". id=".$object->id); - if (!empty($conf->global->LDAP_SYNCHRO_ACTIVE) && $conf->global->LDAP_SYNCHRO_ACTIVE === 'dolibarr2ldap') { + if (!empty($conf->global->LDAP_SYNCHRO_ACTIVE) && getDolGlobalInt('LDAP_SYNCHRO_ACTIVE') === Ldap::SYNCHRO_DOLIBARR_TO_LDAP) { $ldap = new Ldap(); $result = $ldap->connect_bind(); @@ -439,7 +439,7 @@ class InterfaceLdapsynchro extends DolibarrTriggers } elseif ($action == 'MEMBER_CREATE') { // Members dol_syslog("Trigger '".$this->name."' for action '$action' launched by ".__FILE__.". id=".$object->id); - if (!empty($conf->global->LDAP_MEMBER_ACTIVE) && (string) $conf->global->LDAP_MEMBER_ACTIVE == '1') { + if (!empty($conf->global->LDAP_MEMBER_ACTIVE) && getDolGlobalInt('LDAP_MEMBER_ACTIVE') == Ldap::SYNCHRO_DOLIBARR_TO_LDAP) { $ldap = new Ldap(); $result = $ldap->connect_bind(); @@ -450,7 +450,7 @@ class InterfaceLdapsynchro extends DolibarrTriggers $result = $ldap->add($dn, $info, $user); // For member type - if (!empty($conf->global->LDAP_MEMBER_TYPE_ACTIVE) && (string) $conf->global->LDAP_MEMBER_TYPE_ACTIVE == '1') { + if (!empty($conf->global->LDAP_MEMBER_TYPE_ACTIVE) && getDolGlobalInt('LDAP_MEMBER_TYPE_ACTIVE') === Ldap::SYNCHRO_DOLIBARR_TO_LDAP) { if ($object->typeid > 0) { require_once DOL_DOCUMENT_ROOT."/adherents/class/adherent_type.class.php"; $membertype = new AdherentType($this->db); @@ -482,7 +482,7 @@ class InterfaceLdapsynchro extends DolibarrTriggers } } elseif ($action == 'MEMBER_VALIDATE') { dol_syslog("Trigger '".$this->name."' for action '$action' launched by ".__FILE__.". id=".$object->id); - if (!empty($conf->global->LDAP_MEMBER_ACTIVE) && (string) $conf->global->LDAP_MEMBER_ACTIVE == '1') { + if (!empty($conf->global->LDAP_MEMBER_ACTIVE) && getDolGlobalInt('LDAP_MEMBER_ACTIVE') == Ldap::SYNCHRO_DOLIBARR_TO_LDAP) { // If status field is setup to be synchronized if (!empty($conf->global->LDAP_FIELD_MEMBER_STATUS)) { $ldap = new Ldap(); @@ -503,13 +503,13 @@ class InterfaceLdapsynchro extends DolibarrTriggers } } elseif ($action == 'MEMBER_SUBSCRIPTION') { dol_syslog("Trigger '".$this->name."' for action '$action' launched by ".__FILE__.". id=".$object->id); - if (!empty($conf->global->LDAP_MEMBER_ACTIVE) && (string) $conf->global->LDAP_MEMBER_ACTIVE == '1') { + if (!empty($conf->global->LDAP_MEMBER_ACTIVE) && getDolGlobalInt('LDAP_MEMBER_ACTIVE') == Ldap::SYNCHRO_DOLIBARR_TO_LDAP) { // If subscriptions fields are setup to be synchronized - if ($conf->global->LDAP_FIELD_MEMBER_FIRSTSUBSCRIPTION_DATE - || $conf->global->LDAP_FIELD_MEMBER_FIRSTSUBSCRIPTION_AMOUNT - || $conf->global->LDAP_FIELD_MEMBER_LASTSUBSCRIPTION_DATE - || $conf->global->LDAP_FIELD_MEMBER_LASTSUBSCRIPTION_AMOUNT - || $conf->global->LDAP_FIELD_MEMBER_END_LASTSUBSCRIPTION) { + if (!empty($conf->global->LDAP_FIELD_MEMBER_FIRSTSUBSCRIPTION_DATE) + || !empty($conf->global->LDAP_FIELD_MEMBER_FIRSTSUBSCRIPTION_AMOUNT) + || !empty($conf->global->LDAP_FIELD_MEMBER_LASTSUBSCRIPTION_DATE) + || !empty($conf->global->LDAP_FIELD_MEMBER_LASTSUBSCRIPTION_AMOUNT) + || !empty($conf->global->LDAP_FIELD_MEMBER_END_LASTSUBSCRIPTION)) { $ldap = new Ldap(); $result = $ldap->connect_bind(); @@ -528,7 +528,7 @@ class InterfaceLdapsynchro extends DolibarrTriggers } } elseif ($action == 'MEMBER_MODIFY') { dol_syslog("Trigger '".$this->name."' for action '$action' launched by ".__FILE__.". id=".$object->id); - if (!empty($conf->global->LDAP_MEMBER_ACTIVE) && (string) $conf->global->LDAP_MEMBER_ACTIVE == '1') { + if (!empty($conf->global->LDAP_MEMBER_ACTIVE) && getDolGlobalInt('LDAP_MEMBER_ACTIVE') == Ldap::SYNCHRO_DOLIBARR_TO_LDAP) { $ldap = new Ldap(); $result = $ldap->connect_bind(); @@ -557,7 +557,7 @@ class InterfaceLdapsynchro extends DolibarrTriggers $result = $ldap->update($dn, $info, $user, $olddn, $newrdn, $newparent); // For member type - if (!empty($conf->global->LDAP_MEMBER_TYPE_ACTIVE) && (string) $conf->global->LDAP_MEMBER_TYPE_ACTIVE == '1') { + if (!empty($conf->global->LDAP_MEMBER_TYPE_ACTIVE) && getDolGlobalInt('LDAP_MEMBER_TYPE_ACTIVE') === Ldap::SYNCHRO_DOLIBARR_TO_LDAP) { require_once DOL_DOCUMENT_ROOT."/adherents/class/adherent_type.class.php"; /* @@ -616,9 +616,9 @@ class InterfaceLdapsynchro extends DolibarrTriggers } } elseif ($action == 'MEMBER_NEW_PASSWORD') { dol_syslog("Trigger '".$this->name."' for action '$action' launched by ".__FILE__.". id=".$object->id); - if (!empty($conf->global->LDAP_MEMBER_ACTIVE) && (string) $conf->global->LDAP_MEMBER_ACTIVE == '1') { + if (!empty($conf->global->LDAP_MEMBER_ACTIVE) && getDolGlobalInt('LDAP_MEMBER_ACTIVE') == Ldap::SYNCHRO_DOLIBARR_TO_LDAP) { // If password field is setup to be synchronized - if ($conf->global->LDAP_FIELD_PASSWORD || $conf->global->LDAP_FIELD_PASSWORD_CRYPTED) { + if (!empty($conf->global->LDAP_FIELD_PASSWORD) || !empty($conf->global->LDAP_FIELD_PASSWORD_CRYPTED)) { $ldap = new Ldap(); $result = $ldap->connect_bind(); @@ -637,7 +637,7 @@ class InterfaceLdapsynchro extends DolibarrTriggers } } elseif ($action == 'MEMBER_RESILIATE') { dol_syslog("Trigger '".$this->name."' for action '$action' launched by ".__FILE__.". id=".$object->id); - if (!empty($conf->global->LDAP_MEMBER_ACTIVE) && (string) $conf->global->LDAP_MEMBER_ACTIVE == '1') { + if (!empty($conf->global->LDAP_MEMBER_ACTIVE) && getDolGlobalInt('LDAP_MEMBER_ACTIVE') == Ldap::SYNCHRO_DOLIBARR_TO_LDAP) { // If status field is setup to be synchronized if (!empty($conf->global->LDAP_FIELD_MEMBER_STATUS)) { $ldap = new Ldap(); @@ -658,7 +658,7 @@ class InterfaceLdapsynchro extends DolibarrTriggers } } elseif ($action == 'MEMBER_DELETE') { dol_syslog("Trigger '".$this->name."' for action '$action' launched by ".__FILE__.". id=".$object->id); - if (!empty($conf->global->LDAP_MEMBER_ACTIVE) && (string) $conf->global->LDAP_MEMBER_ACTIVE == '1') { + if (!empty($conf->global->LDAP_MEMBER_ACTIVE) && getDolGlobalInt('LDAP_MEMBER_ACTIVE') == Ldap::SYNCHRO_DOLIBARR_TO_LDAP) { $ldap = new Ldap(); $result = $ldap->connect_bind(); @@ -669,7 +669,7 @@ class InterfaceLdapsynchro extends DolibarrTriggers $result = $ldap->delete($dn); // For member type - if (!empty($conf->global->LDAP_MEMBER_TYPE_ACTIVE) && (string) $conf->global->LDAP_MEMBER_TYPE_ACTIVE == '1') { + if (!empty($conf->global->LDAP_MEMBER_TYPE_ACTIVE) && getDolGlobalInt('LDAP_MEMBER_TYPE_ACTIVE') === Ldap::SYNCHRO_DOLIBARR_TO_LDAP) { if ($object->typeid > 0) { require_once DOL_DOCUMENT_ROOT."/adherents/class/adherent_type.class.php"; @@ -706,7 +706,7 @@ class InterfaceLdapsynchro extends DolibarrTriggers } elseif ($action == 'MEMBER_TYPE_CREATE') { // Members types dol_syslog("Trigger '".$this->name."' for action '$action' launched by ".__FILE__.". id=".$object->id); - if (!empty($conf->global->LDAP_MEMBER_TYPE_ACTIVE) && (string) $conf->global->LDAP_MEMBER_TYPE_ACTIVE == '1') { + if (!empty($conf->global->LDAP_MEMBER_TYPE_ACTIVE) && getDolGlobalInt('LDAP_MEMBER_TYPE_ACTIVE') === Ldap::SYNCHRO_DOLIBARR_TO_LDAP) { $ldap = new Ldap(); $result = $ldap->connect_bind(); @@ -728,7 +728,7 @@ class InterfaceLdapsynchro extends DolibarrTriggers } } elseif ($action == 'MEMBER_TYPE_MODIFY') { dol_syslog("Trigger '".$this->name."' for action '$action' launched by ".__FILE__.". id=".$object->id); - if (!empty($conf->global->LDAP_MEMBER_TYPE_ACTIVE) && (string) $conf->global->LDAP_MEMBER_TYPE_ACTIVE == '1') { + if (!empty($conf->global->LDAP_MEMBER_TYPE_ACTIVE) && getDolGlobalInt('LDAP_MEMBER_TYPE_ACTIVE') === Ldap::SYNCHRO_DOLIBARR_TO_LDAP) { $ldap = new Ldap(); $result = $ldap->connect_bind(); @@ -765,7 +765,7 @@ class InterfaceLdapsynchro extends DolibarrTriggers } } elseif ($action == 'MEMBER_TYPE_DELETE') { dol_syslog("Trigger '".$this->name."' for action '$action' launched by ".__FILE__.". id=".$object->id); - if (!empty($conf->global->LDAP_MEMBER_TYPE_ACTIVE) && (string) $conf->global->LDAP_MEMBER_TYPE_ACTIVE == '1') { + if (!empty($conf->global->LDAP_MEMBER_TYPE_ACTIVE) && getDolGlobalInt('LDAP_MEMBER_TYPE_ACTIVE') === Ldap::SYNCHRO_DOLIBARR_TO_LDAP) { $ldap = new Ldap(); $result = $ldap->connect_bind(); diff --git a/htdocs/langs/en_US/ldap.lang b/htdocs/langs/en_US/ldap.lang index 8b6f0864215..19dd29e0a51 100644 --- a/htdocs/langs/en_US/ldap.lang +++ b/htdocs/langs/en_US/ldap.lang @@ -25,3 +25,7 @@ ContactSynchronized=Contact synchronized ForceSynchronize=Force synchronizing Dolibarr -> LDAP ErrorFailedToReadLDAP=Failed to read LDAP database. Check LDAP module setup and database accessibility. PasswordOfUserInLDAP=Password of user in LDAP +LDAPPasswordHashType=Password hash type +LDAPPasswordHashTypeExample=Type of password hash used on the server +SupportedForLDAPExportScriptOnly=Only supported by an ldap export script +SupportedForLDAPImportScriptOnly=Only supported by an ldap import script \ No newline at end of file diff --git a/htdocs/user/card.php b/htdocs/user/card.php index 0a36922aab2..99baeefb7ee 100644 --- a/htdocs/user/card.php +++ b/htdocs/user/card.php @@ -731,7 +731,7 @@ if ($action == 'create' || $action == 'adduserldap') { print "
"; - if (!empty($conf->ldap->enabled) && (isset($conf->global->LDAP_SYNCHRO_ACTIVE) && $conf->global->LDAP_SYNCHRO_ACTIVE == 'ldap2dolibarr')) { + if (!empty($conf->ldap->enabled) && (isset($conf->global->LDAP_SYNCHRO_ACTIVE) && getDolGlobalInt('LDAP_SYNCHRO_ACTIVE') === Ldap::SYNCHRO_LDAP_TO_DOLIBARR)) { // Show form to add an account from LDAP if sync LDAP -> Dolibarr is set $ldap = new Ldap(); $result = $ldap->connect_bind(); diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php index d1aa62b25ee..daa23328b63 100644 --- a/htdocs/user/class/user.class.php +++ b/htdocs/user/class/user.class.php @@ -2939,7 +2939,7 @@ class User extends CommonObject $info[$conf->global->LDAP_FIELD_PASSWORD] = $this->pass; // this->pass = mot de passe non crypte } if (!empty($conf->global->LDAP_FIELD_PASSWORD_CRYPTED)) { - $info[$conf->global->LDAP_FIELD_PASSWORD_CRYPTED] = dol_hash($this->pass, 4); // Create OpenLDAP MD5 password (TODO add type of encryption) + $info[$conf->global->LDAP_FIELD_PASSWORD_CRYPTED] = dol_hash($this->pass, 'openldap'); // Create OpenLDAP password (see LDAP_PASSWORD_HASH_TYPE) } } elseif ($conf->global->LDAP_SERVER_PROTOCOLVERSION !== '3') { // Set LDAP password if possible @@ -2948,7 +2948,7 @@ class User extends CommonObject // Just for the default MD5 ! if (empty($conf->global->MAIN_SECURITY_HASH_ALGO)) { if ($this->pass_indatabase_crypted && !empty($conf->global->LDAP_FIELD_PASSWORD_CRYPTED)) { - $info[$conf->global->LDAP_FIELD_PASSWORD_CRYPTED] = dol_hash($this->pass_indatabase_crypted, 5); // Create OpenLDAP MD5 password from Dolibarr MD5 password + $info[$conf->global->LDAP_FIELD_PASSWORD_CRYPTED] = dolGetLdapPasswordHash($this->pass_indatabase_crypted, 'md5frommd5'); // Create OpenLDAP MD5 password from Dolibarr MD5 password } } } elseif (!empty($this->pass_indatabase)) { @@ -2957,7 +2957,7 @@ class User extends CommonObject $info[$conf->global->LDAP_FIELD_PASSWORD] = $this->pass_indatabase; // $this->pass_indatabase = mot de passe non crypte } if (!empty($conf->global->LDAP_FIELD_PASSWORD_CRYPTED)) { - $info[$conf->global->LDAP_FIELD_PASSWORD_CRYPTED] = dol_hash($this->pass_indatabase, 4); // md5 for OpenLdap TODO add type of encryption + $info[$conf->global->LDAP_FIELD_PASSWORD_CRYPTED] = dol_hash($this->pass_indatabase, 'openldap'); // Create OpenLDAP password (see LDAP_PASSWORD_HASH_TYPE) } } } diff --git a/htdocs/user/group/ldap.php b/htdocs/user/group/ldap.php index d8d1995a847..af28b979225 100644 --- a/htdocs/user/group/ldap.php +++ b/htdocs/user/group/ldap.php @@ -46,13 +46,13 @@ $object->fetch($id); $object->getrights(); // Users/Groups management only in master entity if transverse mode -if (!empty($conf->multicompany->enabled) && $conf->entity > 1 && $conf->global->MULTICOMPANY_TRANSVERSE_MODE) { +if (!empty($conf->multicompany->enabled) && $conf->entity > 1 && !empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE)) { accessforbidden(); } $canreadperms = true; if (!empty($conf->global->MAIN_USE_ADVANCED_PERMS)) { - $canreadperms = ($user->admin || $user->rights->user->group_advance->read); + $canreadperms = (!empty($user->admin) || !empty($user->rights->user->group_advance->read)); } @@ -100,7 +100,7 @@ print dol_get_fiche_head($head, 'ldap', $langs->trans("Group"), -1, 'group'); $linkback = ''.$langs->trans("BackToList").''; -dol_banner_tab($object, 'id', $linkback, $user->rights->user->user->lire || $user->admin); +dol_banner_tab($object, 'id', $linkback, (!empty($user->rights->user->user->lire) || !empty($user->admin))); print '
'; print '
'; @@ -125,15 +125,15 @@ print ''; print "\n"; // LDAP DN -print 'LDAP '.$langs->trans("LDAPGroupDn").''.$conf->global->LDAP_GROUP_DN."\n"; +print 'LDAP '.$langs->trans("LDAPGroupDn").''.getDolGlobalString('LDAP_GROUP_DN')."\n"; // LDAP Cle -print 'LDAP '.$langs->trans("LDAPNamingAttribute").''.$conf->global->LDAP_KEY_GROUPS."\n"; +print 'LDAP '.$langs->trans("LDAPNamingAttribute").''.getDolGlobalString('LDAP_KEY_GROUPS')."\n"; // LDAP Server -print 'LDAP '.$langs->trans("LDAPPrimaryServer").''.$conf->global->LDAP_SERVER_HOST."\n"; -print 'LDAP '.$langs->trans("LDAPSecondaryServer").''.$conf->global->LDAP_SERVER_HOST_SLAVE."\n"; -print 'LDAP '.$langs->trans("LDAPServerPort").''.$conf->global->LDAP_SERVER_PORT."\n"; +print 'LDAP '.$langs->trans("LDAPPrimaryServer").''.getDolGlobalString('LDAP_SERVER_HOST')."\n"; +print 'LDAP '.$langs->trans("LDAPSecondaryServer").''.getDolGlobalString('LDAP_SERVER_HOST_SLAVE')."\n"; +print 'LDAP '.$langs->trans("LDAPServerPort").''.getDolGlobalString('LDAP_SERVER_PORT')."\n"; print "\n"; @@ -147,13 +147,13 @@ print dol_get_fiche_end(); */ print '
'; -if ($conf->global->LDAP_SYNCHRO_ACTIVE == 'dolibarr2ldap') { +if (getDolGlobalInt('LDAP_SYNCHRO_ACTIVE') === Ldap::SYNCHRO_DOLIBARR_TO_LDAP) { print ''.$langs->trans("ForceSynchronize").''; } print "
\n"; -if ($conf->global->LDAP_SYNCHRO_ACTIVE == 'dolibarr2ldap') { +if (getDolGlobalInt('LDAP_SYNCHRO_ACTIVE') === Ldap::SYNCHRO_DOLIBARR_TO_LDAP) { print "
\n"; } diff --git a/htdocs/user/ldap.php b/htdocs/user/ldap.php index 8e12bf1b461..5e6cf57bfd4 100644 --- a/htdocs/user/ldap.php +++ b/htdocs/user/ldap.php @@ -1,6 +1,6 @@ - * Copyright (C) 2006-2017 Regis Houssin + * Copyright (C) 2006-2021 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -130,17 +130,17 @@ if ($conf->global->LDAP_SERVER_TYPE == "activedirectory") { } // LDAP DN -print 'LDAP '.$langs->trans("LDAPUserDn").''.$conf->global->LDAP_USER_DN."\n"; +print 'LDAP '.$langs->trans("LDAPUserDn").''.getDolGlobalString('LDAP_USER_DN')."\n"; // LDAP Cle -print 'LDAP '.$langs->trans("LDAPNamingAttribute").''.$conf->global->LDAP_KEY_USERS."\n"; +print 'LDAP '.$langs->trans("LDAPNamingAttribute").''.getDolGlobalString('LDAP_KEY_USERS')."\n"; // LDAP Server -print 'LDAP '.$langs->trans("Type").''.$conf->global->LDAP_SERVER_TYPE."\n"; -print 'LDAP '.$langs->trans("Version").''.$conf->global->LDAP_SERVER_PROTOCOLVERSION."\n"; -print 'LDAP '.$langs->trans("LDAPPrimaryServer").''.$conf->global->LDAP_SERVER_HOST."\n"; -print 'LDAP '.$langs->trans("LDAPSecondaryServer").''.$conf->global->LDAP_SERVER_HOST_SLAVE."\n"; -print 'LDAP '.$langs->trans("LDAPServerPort").''.$conf->global->LDAP_SERVER_PORT."\n"; +print 'LDAP '.$langs->trans("Type").''.getDolGlobalString('LDAP_SERVER_TYPE')."\n"; +print 'LDAP '.$langs->trans("Version").''.getDolGlobalString('LDAP_SERVER_PROTOCOLVERSION')."\n"; +print 'LDAP '.$langs->trans("LDAPPrimaryServer").''.getDolGlobalString('LDAP_SERVER_HOST')."\n"; +print 'LDAP '.$langs->trans("LDAPSecondaryServer").''.getDolGlobalString('LDAP_SERVER_HOST_SLAVE')."\n"; +print 'LDAP '.$langs->trans("LDAPServerPort").''.getDolGlobalString('LDAP_SERVER_PORT')."\n"; print ''; @@ -153,13 +153,13 @@ print dol_get_fiche_end(); */ print '
'; -if ($conf->global->LDAP_SYNCHRO_ACTIVE == 'dolibarr2ldap') { +if (getDolGlobalInt('LDAP_SYNCHRO_ACTIVE') === Ldap::SYNCHRO_DOLIBARR_TO_LDAP) { print ''.$langs->trans("ForceSynchronize").''; } print "
\n"; -if ($conf->global->LDAP_SYNCHRO_ACTIVE == 'dolibarr2ldap') { +if (getDolGlobalInt('LDAP_SYNCHRO_ACTIVE') === Ldap::SYNCHRO_DOLIBARR_TO_LDAP) { print "
\n"; }