lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix ldap

Browse Source
This commit is contained in:
Laurent Destailleur 2021-07-05 11:41:55 +02:00
parent dfee489e7e
commit b7c86f3aec
1 changed files with 10 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
htdocs/core/login/functions_ldap.php
View File

@ -29,7 +29,7 @@
*
* @param string $usertotest Login
* @param string $passwordtotest Password
* @param int $entitytotest Number of instance (always 1 if module multicompany not enabled)
* @param int $entitytotest Numero of instance (always 1 if module multicompany not enabled)
* @return string Login if OK, '' if KO
*/
function check_user_password_ldap($usertotest, $passwordtotest, $entitytotest)
@ -151,10 +151,13 @@ function check_user_password_ldap($usertotest, $passwordtotest, $entitytotest)
if ($result > 0) {
if ($result == 2) { // Connection is ok for user/pass into LDAP
$login = $usertotest;
if (!empty($conf->global->LDAP_FIELD_LOGIN)) {
$login = $ldap->login;
}
dol_syslog("functions_ldap::check_user_password_ldap $login authentication ok");
// For the case, we search the user id using a search key without the login (but using other fields like id),
// we need to get the real login to use in the ldap answer.
if (!empty($conf->global->LDAP_FIELD_LOGIN) && !empty($ldap->login)) {
$login = $ldap->login;
dol_syslog("functions_ldap::check_user_password_ldap login is now $login (LDAP_FIELD_LOGIN=".$conf->global->LDAP_FIELD_LOGIN.")");
}
require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php';
@ -207,7 +210,7 @@ function check_user_password_ldap($usertotest, $passwordtotest, $entitytotest)
}
$usertmp = new User($db);
$resultFetchUser = $usertmp->fetch('', $login, $sid);
$resultFetchUser = $usertmp->fetch('', $login, $sid, 1, ($entitytotest > 0 ? $entitytotest : -1));
if ($resultFetchUser > 0) {
dol_syslog("functions_ldap::check_user_password_ldap Sync user found user id=".$usertmp->id);
// On verifie si le login a change et on met a jour les attributs dolibarr
@ -215,7 +218,7 @@ function check_user_password_ldap($usertotest, $passwordtotest, $entitytotest)
if ($usertmp->login != $ldap->login && $ldap->login) {
$usertmp->login = $ldap->login;
$usertmp->update($usertmp);
// TODO Que faire si update echoue car on update avec un login deja existant.
// TODO Que faire si update echoue car on update avec un login deja existant pour un autre compte.
}
//$resultUpdate = $usertmp->update_ldap2dolibarr($ldap);
@ -231,7 +234,7 @@ function check_user_password_ldap($usertotest, $passwordtotest, $entitytotest)
$usertmp->fetch('', $login);
$ret = $mc->checkRight($usertmp->id, $entitytotest);
if ($ret < 0) {
dol_syslog("functions_ldap::check_user_password_ldap Authentication KO entity '".$entitytotest."' not allowed for user '".$usertmp->id."'", LOG_NOTICE);
dol_syslog("functions_ldap::check_user_password_ldap Authentication KO entity '".$entitytotest."' not allowed for user id '".$usertmp->id."'", LOG_NOTICE);
$login = ''; // force authentication failure
}
unset($usertmp);