lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Dbut ajout gestion utilisateurs ldap

Browse Source
This commit is contained in:
Regis Houssin 2006-06-25 17:09:43 +00:00
parent 5d680ca30a
commit 977c42402f
3 changed files with 80 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
htdocs/langs/fr_FR/ldap.lang
View File

@ -1,4 +1,5 @@
# Dolibarr language file - fr_FR - ldap
UserMustChangePassNextLogon=L'utilisateur doit changer de mot de passe à la prochaine connexion
LdapUacf_NORMAL_ACCOUNT=Compte Utilisateur
LdapUacf_DONT_EXPIRE_PASSWORD=Le mot de passe n'expire jamais
LdapUacf_ACCOUNTDISABLE=Le compte est désactivé sur le domaine

79
htdocs/lib/authldap.lib.php
View File

@ -440,47 +440,7 @@ class AuthLdap {
// Return an array containing the attributes.
return $values;
}
/**
* 2.4.1.1 : Returns an array containing a set of attribute values.
* For most searches, this will just be one row, but sometimes multiple
* results are returned (eg:- multiple email addresses)
*/
function getAttributeWithSID ( $SID,$attribute) {
// builds the appropriate dn, based on whether $this->people and/or $this->group is set
//$checkDn = $this->setDn( true);
$checkDn = $this->people;
$results[0] = $attribute;
// if the directory is AD, then bind first with the search user first
if ($this->serverType == "activedirectory") {
$this->authBind($this->searchUser, $this->searchPassword);
}
$filtre = 'objectsid='.$SID;
// We need to search for this user in order to get their entry.
$this->result = @ldap_search( $this->connection,$checkDn,$filtre,$results);
$info = ldap_get_entries( $this->connection, $this->result);
// Only one entry should ever be returned (no user will have the same sid)
$entry = ldap_first_entry( $this->connection, $this->result);
if ( !$entry) {
$this->ldapErrorCode = -1;
$this->ldapErrorText = "Couldn't find user";
return false; // Couldn't find the user...
}
// Get all the member DNs
if ( !$values = @ldap_get_values( $this->connection, $entry, $attribute)) {
$this->ldapErrorCode = ldap_errno( $this->connection);
$this->ldapErrorText = ldap_error( $this->connection);
return false; // No matching attributes
}
// Return an array containing the attributes.
return $values;
}
/**
* 2.4.2 : Allows an attribute value to be set.
@ -653,6 +613,38 @@ class AuthLdap {
return $result;
}
}
/**
* \brief récupère les attributs de l'utilisateur
* \param $user : utilisateur ldap
*/
function fetch( $user) {
global $conf;
// Perform the search and get the entry handles
// if the directory is AD, then bind first with the search user first
if ($this->serverType == "activedirectory") {
$this->authBind($this->searchUser, $this->searchPassword);
}
$checkDn = $this->people;
$filter = '('.$conf->global->LDAP_FILTER_CONNECTION.'('.$this->getUserIdentifier().'='.$user.'))';
$this->result = @ldap_search( $this->connection, $checkDn, $filter);
$result = @ldap_get_entries( $this->connection, $this->result);
if (!$result)
{
$this->ldapErrorCode = ldap_errno( $this->connection);
$this->ldapErrorText = ldap_error( $this->connection);
}
else
{
//ldap_free_result($this->result);
return $result;
}
}
// 2.6 helper methods
@ -686,10 +678,11 @@ class AuthLdap {
* Returns the correct user identifier to use, based on the ldap server type
*/
function getUserIdentifier() {
global $conf;
if ($this->serverType == "activedirectory") {
return "samaccountname";
return $conf->global->LDAP_FIELD_LOGIN_SAMBA;
} else {
return "uid";
return $conf->global->LDAP_FIELD_LOGIN;
}
}
@ -743,7 +736,7 @@ class AuthLdap {
while (list($flag, $val) = each($flags)) {
if ($uacf >= $val) {
$uacf -= $val;
$retval[] = $flag;
$retval[$val] = $flag;
}
}

49
htdocs/user/fiche.php
View File

@ -58,6 +58,7 @@ if ($user->id <> $_GET["id"] && ! $canreadperms)
$langs->load("users");
$langs->load("companies");
$langs->load("ldap");
$form = new Form($db);
@ -119,11 +120,12 @@ if ($_GET["action"] == 'reactivate' && $canadduser)
$filter = $conf->global->LDAP_FIELD_NAME.'=*';
$user_sid = $reactiveuser->ldap_sid;
$entries = $ldap->search($checkDn, $filter);
$identifier = $ldap->getUserIdentifier();
for ($i = 0; $i < $entries["count"] ; $i++) {
$objectsid = $ldap->getObjectSid($entries[$i]["samaccountname"][0]);
$objectsid = $ldap->getObjectSid($entries[$i][$identifier][0]);
if ($user_sid == $objectsid){
$reactiveuser->login = $entries[$i]["samaccountname"][0];
$reactiveuser->login = $entries[$i][$identifier][0];
}
}
@ -587,9 +589,36 @@ else
if ($_GET["id"])
{
$fuser = new User($db, $_GET["id"]);
$fuser->fetch();
$fuser = new User($db, $_GET["id"]);
$fuser->fetch();
// Connexion ldap
if ($conf->ldap->enabled && $fuser->ldap_sid)
{
$ldap = New AuthLdap();
if ($ldap->connect())
{
$entries = $ldap->fetch($fuser->login);
if (!$entries)
{
$message .= $ldap->ldapErrorCode." - ".$ldap->ldapErrorText;
}
}
//On vérifie les options du compte
$control = $ldap->parseUACF(utf8_decode($entries[0]["useraccountcontrol"][0]));
foreach ($control as $key => $statut)
{
if ($key == 65536)
{
$passDoNotExpire = $langs->trans("LdapUacf_".$statut);
}
}
if (utf8_decode($entries[0]["pwdlastset"][0]) == 0 && utf8_decode($entries[0]["pwdlastset"][0]) != "")
{
$userChangePassNextLogon = $langs->trans("UserMustChangePassNextLogon");
}
}
/*
* Affichage onglets
@ -711,7 +740,14 @@ else
print '<tr><td width="25%" valign="top">'.$langs->trans("Password").'</td>';
if ($fuser->ldap_sid)
{
print '<td>Mot de passe du domaine</td>';
if ($passDoNotExpire)
{
print '<td>'.$passDoNotExpire.'</td>';
}
else if($userChangePassNextLogon)
{
print '<td>'.$userChangePassNextLogon.'</td>';
}
}
else
{
@ -1148,6 +1184,7 @@ else
}
print '</div>';
$ldap->close;
}
}