lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Qual: Better error message for LDAP connection

Browse Source
This commit is contained in:
Laurent Destailleur 2014-04-27 14:16:29 +02:00
parent 8c7ff91341
commit 8c5bc11def
4 changed files with 28 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
htdocs/conf/conf.php.example
View File

@ -179,8 +179,8 @@ $dolibarr_main_authentication='dolibarr';
// Parameters used to setup LDAP authentication.
// Uncomment them if dolibarr_main_authentication = 'ldap'
//
// $dolibarr_main_auth_ldap_host='127.0.0.1';
// $dolibarr_main_auth_ldap_port='389';
// $dolibarr_main_auth_ldap_host='127.0.0.1'; // You can define several servers here separated with a comma.
// $dolibarr_main_auth_ldap_port='389'; // Port
// $dolibarr_main_auth_ldap_version='3';
// $dolibarr_main_auth_ldap_servertype='openldap'; // openldap, activedirectory or egroupware
// $dolibarr_main_auth_ldap_login_attribute='loginfield'; // Ex: uid or samaccountname for active directory

16
htdocs/core/class/ldap.class.php
View File

@ -128,7 +128,7 @@ class Ldap
$this->attr_firstname = $conf->global->LDAP_FIELD_FIRSTNAME;
$this->attr_mail = $conf->global->LDAP_FIELD_MAIL;
$this->attr_phone = $conf->global->LDAP_FIELD_PHONE;
$this->attr_skype = $conf->global->LDAP_FIELD_SKYPE;
$this->attr_skype = $conf->global->LDAP_FIELD_SKYPE;
$this->attr_fax = $conf->global->LDAP_FIELD_FAX;
$this->attr_mobile = $conf->global->LDAP_FIELD_MOBILE;
}
@ -151,9 +151,19 @@ class Ldap
$connected=0;
$this->bind=0;
// Check parameters
if (count($this->server) == 0 || empty($this->server[0]))
{
$this->error='LDAP setup (file conf.php) is not complete';
$return=-1;
dol_syslog(get_class($this)."::connect_bind ".$this->error, LOG_WARNING);
}
// Loop on each ldap server
foreach ($this->server as $key => $host)
{
if ($connected) break;
if (empty($host)) continue;
if (preg_match('/^ldap/',$host))
{
@ -171,7 +181,7 @@ class Ldap
if ($this->serverType == "activedirectory")
{
$result=$this->setReferrals();
dol_syslog(get_class($this)."::connect_bind try bindauth for activedirectory on ".$host." user=".$this->searchUser,LOG_DEBUG);
dol_syslog(get_class($this)."::connect_bind try bindauth for activedirectory on ".$host." user=".$this->searchUser." password=".preg_replace('/./','*',$this->searchPassword),LOG_DEBUG);
$this->result=$this->bindauth($this->searchUser,$this->searchPassword);
if ($this->result)
{
@ -189,7 +199,7 @@ class Ldap
// Try in auth mode
if ($this->searchUser && $this->searchPassword)
{
dol_syslog(get_class($this)."::connect_bind try bindauth on ".$host." user=".$this->searchUser,LOG_DEBUG);
dol_syslog(get_class($this)."::connect_bind try bindauth on ".$host." user=".$this->searchUser." password=".preg_replace('/./','*',$this->searchPassword),LOG_DEBUG);
$this->result=$this->bindauth($this->searchUser,$this->searchPassword);
if ($this->result)
{

21
htdocs/core/login/functions_ldap.php
View File

@ -73,7 +73,7 @@ function check_user_password_ldap($usertotest,$passwordtotest,$entitytotest)
require_once DOL_DOCUMENT_ROOT.'/core/class/ldap.class.php';
$ldap=new Ldap();
$ldap->server=array($ldaphost);
$ldap->server=explode(',',$ldaphost);
$ldap->serverPort=$ldapport;
$ldap->ldapProtocolVersion=$ldapversion;
$ldap->serverType=$ldapservertype;
@ -140,7 +140,7 @@ function check_user_password_ldap($usertotest,$passwordtotest,$entitytotest)
$result=$ldap->connect_bind();
if ($result > 0)
{
if ($result == 2)
if ($result == 2) // Connection is ok for user/pass into LDAP
{
dol_syslog("functions_ldap::check_user_password_ldap Authentification ok");
$login=$usertotest;
@ -168,22 +168,22 @@ function check_user_password_ldap($usertotest,$passwordtotest,$entitytotest)
{
dol_syslog("functions_ldap::check_user_password_ldap Sync user found id=".$user->id);
// On verifie si le login a change et on met a jour les attributs dolibarr
if ($conf->multicompany->enabled) {
global $mc;
global $mc;
$ret=$mc->checkRight($user->id, $entitytotest);
if ($ret < 0) $login=false; // provoque l'echec de l'identification
}
if ($user->login != $ldap->login && $ldap->login)
{
$user->login = $ldap->login;
$user->update($user);
// TODO Que faire si update echoue car on update avec un login deja existant.
}
//$resultUpdate = $user->update_ldap2dolibarr($ldap);
}
}
@ -212,12 +212,13 @@ function check_user_password_ldap($usertotest,$passwordtotest,$entitytotest)
{
$ldap->ldapErrorCode = ldap_errno($ldap->connection);
$ldap->ldapErrorText = ldap_error($ldap->connection);
dol_syslog("functions_ldap::check_user_password_ldap ".$ldap->ldapErrorText);
dol_syslog("functions_ldap::check_user_password_ldap ".$ldap->ldapErrorCode." ".$ldap->ldapErrorText);
}
sleep(1);
$langs->load('main');
$langs->load('other');
$_SESSION["dol_loginmesg"]=$langs->trans("ErrorBadLoginPassword");
$langs->load('errors');
$_SESSION["dol_loginmesg"]=($ldap->error?$ldap->error:$langs->trans("ErrorBadLoginPassword"));
}
$ldap->close();

3
htdocs/main.inc.php
View File

@ -466,7 +466,8 @@ if (! defined('NOLOGIN'))
// Bad password. No authmode has found a good password.
$user->trigger_mesg=$langs->trans("ErrorBadLoginPassword").' - login='.GETPOST("username","alpha",2);
$_SESSION["dol_loginmesg"]=$langs->trans("ErrorBadLoginPassword");
// We set a generic message if not defined inside function checkLoginPassEntity or subfunctions
if (empty($_SESSION["dol_loginmesg"])) $_SESSION["dol_loginmesg"]=$langs->trans("ErrorBadLoginPassword");
// Call of triggers
include_once DOL_DOCUMENT_ROOT.'/core/class/interfaces.class.php';