diff --git a/htdocs/langs/fr_FR/ldap.lang b/htdocs/langs/fr_FR/ldap.lang index 1ce5a1b0ce9..3ff594f7f97 100644 --- a/htdocs/langs/fr_FR/ldap.lang +++ b/htdocs/langs/fr_FR/ldap.lang @@ -1,4 +1,5 @@ # Dolibarr language file - fr_FR - ldap +UserMustChangePassNextLogon=L'utilisateur doit changer de mot de passe à la prochaine connexion LdapUacf_NORMAL_ACCOUNT=Compte Utilisateur LdapUacf_DONT_EXPIRE_PASSWORD=Le mot de passe n'expire jamais LdapUacf_ACCOUNTDISABLE=Le compte est désactivé sur le domaine \ No newline at end of file diff --git a/htdocs/lib/authldap.lib.php b/htdocs/lib/authldap.lib.php index 131885e2450..a1326e35bd4 100644 --- a/htdocs/lib/authldap.lib.php +++ b/htdocs/lib/authldap.lib.php @@ -440,47 +440,7 @@ class AuthLdap { // Return an array containing the attributes. return $values; } - - /** - * 2.4.1.1 : Returns an array containing a set of attribute values. - * For most searches, this will just be one row, but sometimes multiple - * results are returned (eg:- multiple email addresses) - */ - function getAttributeWithSID ( $SID,$attribute) { - - // builds the appropriate dn, based on whether $this->people and/or $this->group is set - //$checkDn = $this->setDn( true); - $checkDn = $this->people; - $results[0] = $attribute; - // if the directory is AD, then bind first with the search user first - if ($this->serverType == "activedirectory") { - $this->authBind($this->searchUser, $this->searchPassword); - } - $filtre = 'objectsid='.$SID; - // We need to search for this user in order to get their entry. - $this->result = @ldap_search( $this->connection,$checkDn,$filtre,$results); - $info = ldap_get_entries( $this->connection, $this->result); - - // Only one entry should ever be returned (no user will have the same sid) - $entry = ldap_first_entry( $this->connection, $this->result); - - if ( !$entry) { - $this->ldapErrorCode = -1; - $this->ldapErrorText = "Couldn't find user"; - return false; // Couldn't find the user... - } - - // Get all the member DNs - if ( !$values = @ldap_get_values( $this->connection, $entry, $attribute)) { - $this->ldapErrorCode = ldap_errno( $this->connection); - $this->ldapErrorText = ldap_error( $this->connection); - return false; // No matching attributes - } - - // Return an array containing the attributes. - return $values; - } /** * 2.4.2 : Allows an attribute value to be set. @@ -653,6 +613,38 @@ class AuthLdap { return $result; } } + + /** + * \brief récupère les attributs de l'utilisateur + * \param $user : utilisateur ldap + */ + function fetch( $user) { + global $conf; + + // Perform the search and get the entry handles + + // if the directory is AD, then bind first with the search user first + if ($this->serverType == "activedirectory") { + $this->authBind($this->searchUser, $this->searchPassword); + } + $checkDn = $this->people; + $filter = '('.$conf->global->LDAP_FILTER_CONNECTION.'('.$this->getUserIdentifier().'='.$user.'))'; + + $this->result = @ldap_search( $this->connection, $checkDn, $filter); + + $result = @ldap_get_entries( $this->connection, $this->result); + + if (!$result) + { + $this->ldapErrorCode = ldap_errno( $this->connection); + $this->ldapErrorText = ldap_error( $this->connection); + } + else + { + //ldap_free_result($this->result); + return $result; + } + } // 2.6 helper methods @@ -686,10 +678,11 @@ class AuthLdap { * Returns the correct user identifier to use, based on the ldap server type */ function getUserIdentifier() { + global $conf; if ($this->serverType == "activedirectory") { - return "samaccountname"; + return $conf->global->LDAP_FIELD_LOGIN_SAMBA; } else { - return "uid"; + return $conf->global->LDAP_FIELD_LOGIN; } } @@ -743,7 +736,7 @@ class AuthLdap { while (list($flag, $val) = each($flags)) { if ($uacf >= $val) { $uacf -= $val; - $retval[] = $flag; + $retval[$val] = $flag; } } diff --git a/htdocs/user/fiche.php b/htdocs/user/fiche.php index c2ad6bd6af9..5f3ffb5af43 100644 --- a/htdocs/user/fiche.php +++ b/htdocs/user/fiche.php @@ -58,6 +58,7 @@ if ($user->id <> $_GET["id"] && ! $canreadperms) $langs->load("users"); $langs->load("companies"); +$langs->load("ldap"); $form = new Form($db); @@ -119,11 +120,12 @@ if ($_GET["action"] == 'reactivate' && $canadduser) $filter = $conf->global->LDAP_FIELD_NAME.'=*'; $user_sid = $reactiveuser->ldap_sid; $entries = $ldap->search($checkDn, $filter); + $identifier = $ldap->getUserIdentifier(); for ($i = 0; $i < $entries["count"] ; $i++) { - $objectsid = $ldap->getObjectSid($entries[$i]["samaccountname"][0]); + $objectsid = $ldap->getObjectSid($entries[$i][$identifier][0]); if ($user_sid == $objectsid){ - $reactiveuser->login = $entries[$i]["samaccountname"][0]; + $reactiveuser->login = $entries[$i][$identifier][0]; } } @@ -587,9 +589,36 @@ else if ($_GET["id"]) { - $fuser = new User($db, $_GET["id"]); - $fuser->fetch(); - + $fuser = new User($db, $_GET["id"]); + $fuser->fetch(); + + // Connexion ldap + if ($conf->ldap->enabled && $fuser->ldap_sid) + { + + $ldap = New AuthLdap(); + if ($ldap->connect()) + { + $entries = $ldap->fetch($fuser->login); + if (!$entries) + { + $message .= $ldap->ldapErrorCode." - ".$ldap->ldapErrorText; + } + } + //On vérifie les options du compte + $control = $ldap->parseUACF(utf8_decode($entries[0]["useraccountcontrol"][0])); + foreach ($control as $key => $statut) + { + if ($key == 65536) + { + $passDoNotExpire = $langs->trans("LdapUacf_".$statut); + } + } + if (utf8_decode($entries[0]["pwdlastset"][0]) == 0 && utf8_decode($entries[0]["pwdlastset"][0]) != "") + { + $userChangePassNextLogon = $langs->trans("UserMustChangePassNextLogon"); + } + } /* * Affichage onglets @@ -711,7 +740,14 @@ else print ''.$langs->trans("Password").''; if ($fuser->ldap_sid) { - print 'Mot de passe du domaine'; + if ($passDoNotExpire) + { + print ''.$passDoNotExpire.''; + } + else if($userChangePassNextLogon) + { + print ''.$userChangePassNextLogon.''; + } } else { @@ -1148,6 +1184,7 @@ else } print ''; + $ldap->close; } }