From 8c5bc11def13238b7a2f4489a8217c8b47bae597 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 27 Apr 2014 14:16:29 +0200 Subject: [PATCH] Qual: Better error message for LDAP connection --- htdocs/conf/conf.php.example | 4 ++-- htdocs/core/class/ldap.class.php | 16 +++++++++++++--- htdocs/core/login/functions_ldap.php | 21 +++++++++++---------- htdocs/main.inc.php | 3 ++- 4 files changed, 28 insertions(+), 16 deletions(-) diff --git a/htdocs/conf/conf.php.example b/htdocs/conf/conf.php.example index a367dadeb7d..990a10c2500 100644 --- a/htdocs/conf/conf.php.example +++ b/htdocs/conf/conf.php.example @@ -179,8 +179,8 @@ $dolibarr_main_authentication='dolibarr'; // Parameters used to setup LDAP authentication. // Uncomment them if dolibarr_main_authentication = 'ldap' // -// $dolibarr_main_auth_ldap_host='127.0.0.1'; -// $dolibarr_main_auth_ldap_port='389'; +// $dolibarr_main_auth_ldap_host='127.0.0.1'; // You can define several servers here separated with a comma. +// $dolibarr_main_auth_ldap_port='389'; // Port // $dolibarr_main_auth_ldap_version='3'; // $dolibarr_main_auth_ldap_servertype='openldap'; // openldap, activedirectory or egroupware // $dolibarr_main_auth_ldap_login_attribute='loginfield'; // Ex: uid or samaccountname for active directory diff --git a/htdocs/core/class/ldap.class.php b/htdocs/core/class/ldap.class.php index 5a6c2e8b6de..0f7d4a00482 100644 --- a/htdocs/core/class/ldap.class.php +++ b/htdocs/core/class/ldap.class.php @@ -128,7 +128,7 @@ class Ldap $this->attr_firstname = $conf->global->LDAP_FIELD_FIRSTNAME; $this->attr_mail = $conf->global->LDAP_FIELD_MAIL; $this->attr_phone = $conf->global->LDAP_FIELD_PHONE; - $this->attr_skype = $conf->global->LDAP_FIELD_SKYPE; + $this->attr_skype = $conf->global->LDAP_FIELD_SKYPE; $this->attr_fax = $conf->global->LDAP_FIELD_FAX; $this->attr_mobile = $conf->global->LDAP_FIELD_MOBILE; } @@ -151,9 +151,19 @@ class Ldap $connected=0; $this->bind=0; + // Check parameters + if (count($this->server) == 0 || empty($this->server[0])) + { + $this->error='LDAP setup (file conf.php) is not complete'; + $return=-1; + dol_syslog(get_class($this)."::connect_bind ".$this->error, LOG_WARNING); + } + + // Loop on each ldap server foreach ($this->server as $key => $host) { if ($connected) break; + if (empty($host)) continue; if (preg_match('/^ldap/',$host)) { @@ -171,7 +181,7 @@ class Ldap if ($this->serverType == "activedirectory") { $result=$this->setReferrals(); - dol_syslog(get_class($this)."::connect_bind try bindauth for activedirectory on ".$host." user=".$this->searchUser,LOG_DEBUG); + dol_syslog(get_class($this)."::connect_bind try bindauth for activedirectory on ".$host." user=".$this->searchUser." password=".preg_replace('/./','*',$this->searchPassword),LOG_DEBUG); $this->result=$this->bindauth($this->searchUser,$this->searchPassword); if ($this->result) { @@ -189,7 +199,7 @@ class Ldap // Try in auth mode if ($this->searchUser && $this->searchPassword) { - dol_syslog(get_class($this)."::connect_bind try bindauth on ".$host." user=".$this->searchUser,LOG_DEBUG); + dol_syslog(get_class($this)."::connect_bind try bindauth on ".$host." user=".$this->searchUser." password=".preg_replace('/./','*',$this->searchPassword),LOG_DEBUG); $this->result=$this->bindauth($this->searchUser,$this->searchPassword); if ($this->result) { diff --git a/htdocs/core/login/functions_ldap.php b/htdocs/core/login/functions_ldap.php index 07c568d41fc..1806d9f2970 100644 --- a/htdocs/core/login/functions_ldap.php +++ b/htdocs/core/login/functions_ldap.php @@ -73,7 +73,7 @@ function check_user_password_ldap($usertotest,$passwordtotest,$entitytotest) require_once DOL_DOCUMENT_ROOT.'/core/class/ldap.class.php'; $ldap=new Ldap(); - $ldap->server=array($ldaphost); + $ldap->server=explode(',',$ldaphost); $ldap->serverPort=$ldapport; $ldap->ldapProtocolVersion=$ldapversion; $ldap->serverType=$ldapservertype; @@ -140,7 +140,7 @@ function check_user_password_ldap($usertotest,$passwordtotest,$entitytotest) $result=$ldap->connect_bind(); if ($result > 0) { - if ($result == 2) + if ($result == 2) // Connection is ok for user/pass into LDAP { dol_syslog("functions_ldap::check_user_password_ldap Authentification ok"); $login=$usertotest; @@ -168,22 +168,22 @@ function check_user_password_ldap($usertotest,$passwordtotest,$entitytotest) { dol_syslog("functions_ldap::check_user_password_ldap Sync user found id=".$user->id); // On verifie si le login a change et on met a jour les attributs dolibarr - + if ($conf->multicompany->enabled) { - global $mc; - + global $mc; + $ret=$mc->checkRight($user->id, $entitytotest); if ($ret < 0) $login=false; // provoque l'echec de l'identification } - - + + if ($user->login != $ldap->login && $ldap->login) { $user->login = $ldap->login; $user->update($user); // TODO Que faire si update echoue car on update avec un login deja existant. } - + //$resultUpdate = $user->update_ldap2dolibarr($ldap); } } @@ -212,12 +212,13 @@ function check_user_password_ldap($usertotest,$passwordtotest,$entitytotest) { $ldap->ldapErrorCode = ldap_errno($ldap->connection); $ldap->ldapErrorText = ldap_error($ldap->connection); - dol_syslog("functions_ldap::check_user_password_ldap ".$ldap->ldapErrorText); + dol_syslog("functions_ldap::check_user_password_ldap ".$ldap->ldapErrorCode." ".$ldap->ldapErrorText); } sleep(1); $langs->load('main'); $langs->load('other'); - $_SESSION["dol_loginmesg"]=$langs->trans("ErrorBadLoginPassword"); + $langs->load('errors'); + $_SESSION["dol_loginmesg"]=($ldap->error?$ldap->error:$langs->trans("ErrorBadLoginPassword")); } $ldap->close(); diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index 5db0c295345..2d0128c7033 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -466,7 +466,8 @@ if (! defined('NOLOGIN')) // Bad password. No authmode has found a good password. $user->trigger_mesg=$langs->trans("ErrorBadLoginPassword").' - login='.GETPOST("username","alpha",2); - $_SESSION["dol_loginmesg"]=$langs->trans("ErrorBadLoginPassword"); + // We set a generic message if not defined inside function checkLoginPassEntity or subfunctions + if (empty($_SESSION["dol_loginmesg"])) $_SESSION["dol_loginmesg"]=$langs->trans("ErrorBadLoginPassword"); // Call of triggers include_once DOL_DOCUMENT_ROOT.'/core/class/interfaces.class.php';