Ajout attribut ldap sid.
On fait fonctionner la recup d'un suer depuis LDAP
This commit is contained in:
Laurent Destailleur
parent
46a875111f
commit
ba8a4f8402
@ -62,6 +62,7 @@ if ($_GET["action"] == 'setvalue' && $user->admin)
|
||||
if (! dolibarr_set_const($db, 'LDAP_FIELD_MOBILE',$_POST["fieldmobile"])) $error++;
|
||||
if (! dolibarr_set_const($db, 'LDAP_FIELD_FAX',$_POST["fieldfax"])) $error++;
|
||||
if (! dolibarr_set_const($db, 'LDAP_FIELD_DESCRIPTION',$_POST["fielddescription"])) $error++;
|
||||
if (! dolibarr_set_const($db, 'LDAP_FIELD_SID',$_POST["fieldsid"])) $error++;
|
||||
|
||||
if ($error)
|
||||
{
|
||||
@ -209,6 +210,14 @@ print '</td><td>'.$langs->trans("LDAPFieldDescriptionExample").'</td>';
|
||||
print '<td align="right"><input type="radio" name="key" value="'.$conf->global->LDAP_FIELD_DESCRIPTION.'"'.($conf->global->LDAP_KEY_GROUPS==$conf->global->LDAP_FIELD_DESCRIPTION?' checked="true"':'')."></td>";
|
||||
print '</tr>';
|
||||
|
||||
// Sid
|
||||
$var=!$var;
|
||||
print '<tr '.$bc[$var].'><td>'.$langs->trans("LDAPFieldSid").'</td><td>';
|
||||
print '<input size="25" type="text" name="fieldsid" value="'.$conf->global->LDAP_FIELD_SID.'">';
|
||||
print '</td><td>'.$langs->trans("LDAPFieldSidExample").'</td>';
|
||||
print '<td align="right"><input type="radio" name="key" value="'.$conf->global->LDAP_FIELD_SID.'"'.($conf->global->LDAP_KEY_GROUPS==$conf->global->LDAP_FIELD_SID?' checked="true"':'')."></td>";
|
||||
print '</tr>';
|
||||
|
||||
$var=!$var;
|
||||
print '<tr '.$bc[$var].'><td colspan="4" align="center"><input type="submit" class="button" value="'.$langs->trans("Modify").'"></td></tr>';
|
||||
print '</table>';
|
||||
|
||||
@ -105,7 +105,7 @@ class InterfaceLdap
|
||||
if ($action == 'USER_CREATE')
|
||||
{
|
||||
dolibarr_syslog("Trigger '".$this->name."' for action '$action' launched by ".__FILE__.". id=".$object->id);
|
||||
if ($conf->ldap->enabled && $conf->global->LDAP_SYNCHRO_ACTIVE)
|
||||
if ($conf->ldap->enabled && $conf->global->LDAP_SYNCHRO_ACTIVE == 'dolibarr2ldap')
|
||||
{
|
||||
$ldap=new Ldap();
|
||||
$ldap->connect_bind();
|
||||
@ -119,7 +119,7 @@ class InterfaceLdap
|
||||
elseif ($action == 'USER_MODIFY')
|
||||
{
|
||||
dolibarr_syslog("Trigger '".$this->name."' for action '$action' launched by ".__FILE__.". id=".$object->id);
|
||||
if ($conf->ldap->enabled && $conf->global->LDAP_SYNCHRO_ACTIVE)
|
||||
if ($conf->ldap->enabled && $conf->global->LDAP_SYNCHRO_ACTIVE == 'dolibarr2ldap')
|
||||
{
|
||||
$ldap=new Ldap();
|
||||
$ldap->connect_bind();
|
||||
@ -141,7 +141,7 @@ class InterfaceLdap
|
||||
elseif ($action == 'USER_DELETE')
|
||||
{
|
||||
dolibarr_syslog("Trigger '".$this->name."' for action '$action' launched by ".__FILE__.". id=".$object->id);
|
||||
if ($conf->ldap->enabled && $conf->global->LDAP_SYNCHRO_ACTIVE)
|
||||
if ($conf->ldap->enabled && $conf->global->LDAP_SYNCHRO_ACTIVE == 'dolibarr2ldap')
|
||||
{
|
||||
$ldap=new Ldap();
|
||||
$ldap->connect_bind();
|
||||
@ -156,7 +156,7 @@ class InterfaceLdap
|
||||
// Groupes
|
||||
elseif ($action == 'GROUP_CREATE')
|
||||
{
|
||||
if ($conf->ldap->enabled && $conf->global->LDAP_SYNCHRO_ACTIVE)
|
||||
if ($conf->ldap->enabled && $conf->global->LDAP_SYNCHRO_ACTIVE == 'dolibarr2ldap')
|
||||
{
|
||||
$ldap=new Ldap();
|
||||
$ldap->connect_bind();
|
||||
@ -169,7 +169,7 @@ class InterfaceLdap
|
||||
}
|
||||
elseif ($action == 'GROUP_MODIFY')
|
||||
{
|
||||
if ($conf->ldap->enabled && $conf->global->LDAP_SYNCHRO_ACTIVE)
|
||||
if ($conf->ldap->enabled && $conf->global->LDAP_SYNCHRO_ACTIVE == 'dolibarr2ldap')
|
||||
{
|
||||
$ldap=new Ldap();
|
||||
$ldap->connect_bind();
|
||||
@ -182,7 +182,7 @@ class InterfaceLdap
|
||||
}
|
||||
elseif ($action == 'GROUP_DELETE')
|
||||
{
|
||||
if ($conf->ldap->enabled && $conf->global->LDAP_SYNCHRO_ACTIVE)
|
||||
if ($conf->ldap->enabled && $conf->global->LDAP_SYNCHRO_ACTIVE == 'dolibarr2ldap')
|
||||
{
|
||||
$ldap=new Ldap();
|
||||
$ldap->connect_bind();
|
||||
|
||||
@ -584,6 +584,8 @@ LDAPFieldTown=Town
|
||||
LDAPFieldTownExample=Example : l
|
||||
LDAPFieldDescription=Description
|
||||
LDAPFieldDescriptionExample=Example : description
|
||||
LDAPFieldSid=SID
|
||||
LDAPFieldSidExample=Example : objectsid
|
||||
LDAPParametersAreStillHardCoded=LDAP parametres are still hardcoded (in contact class)
|
||||
LDAPSetupNotComplete=LDAP setup not complete (go on others tabs)
|
||||
LDAPNoUserOrPasswordProvidedAccessIsReadOnly=No administrator or password provided. LDAP access will be anonymous and in read only mode.
|
||||
|
||||
@ -13,4 +13,7 @@ LDAPAttributes=LDAP attributes
|
||||
LDAPCard=LDAP card
|
||||
LDAPRecordNotFound=Record not found in LDAP database
|
||||
LDAPUsers=Users in LDAP database
|
||||
LDAPGroups=Groups in LDAP database
|
||||
LDAPGroups=Groups in LDAP database
|
||||
SynchronizeDolibarr2Ldap=Synchronize user (Dolibarr -> LDAP)
|
||||
UserSynchronized=User synchronized
|
||||
ForceSynchronize=Force synchronizing Dolibarr -> LDAP
|
||||
@ -584,6 +584,8 @@ LDAPFieldTown=Ville
|
||||
LDAPFieldTownExample=Exemple : l
|
||||
LDAPFieldDescription=Description
|
||||
LDAPFieldDescriptionExample=Exemple : description
|
||||
LDAPFieldSid=SID
|
||||
LDAPFieldSidExample=Exemple : objectsid
|
||||
LDAPParametersAreStillHardCoded=Les parametres LDAP sont codés en dur (dans classe contact)
|
||||
LDAPSetupNotComplete=Configuration LDAP incomplète (à compléter sur les autres onglets)
|
||||
LDAPNoUserOrPasswordProvidedAccessIsReadOnly=Administrateur ou mot de passe non renseigné. Les accès LDAP seront donc anonymes et en lecture seule.
|
||||
|
||||
@ -14,3 +14,6 @@ LDAPCard=Fiche LDAP
|
||||
LDAPRecordNotFound=Enregistrement non trouvé dans la base LDAP
|
||||
LDAPUsers=Utilisateurs en base LDAP
|
||||
LDAPGroups=Groupes en base LDAP
|
||||
SynchronizeDolibarr2Ldap=Synchroniser utilisateur (Dolibarr -> LDAP)
|
||||
UserSynchronized=Utilisateur synchronisé
|
||||
ForceSynchronize=Forcer synchro Dolibarr -> LDAP
|
||||
|
||||
@ -390,13 +390,11 @@ class Ldap
|
||||
return -3;
|
||||
}
|
||||
|
||||
//if (! $conf->ldap->enabled || ! $conf->global->LDAP_SYNCHRO_ACTIVE) return 0;
|
||||
if (! $olddn) $olddn=$dn;
|
||||
|
||||
if (! $olddn) $olddn = $dn;
|
||||
|
||||
// On supprime et on insère
|
||||
dolibarr_syslog("Ldap.class::update dn=".$dn." olddn=".$olddn);
|
||||
|
||||
// On supprime et on insère
|
||||
$result = $this->delete($olddn);
|
||||
$result = $this->add($dn, $info, $user);
|
||||
if ($result <= 0)
|
||||
@ -593,18 +591,15 @@ class Ldap
|
||||
{
|
||||
global $conf;
|
||||
|
||||
// Encode en UTF8
|
||||
if ($conf->global->LDAP_SERVER_TYPE != 'activedirectory')
|
||||
{
|
||||
$dn=utf8_encode($dn);
|
||||
foreach($info as $key => $val)
|
||||
{
|
||||
if (! is_array($val)) $info[$key]=utf8_encode($val);
|
||||
}
|
||||
}
|
||||
|
||||
dolibarr_syslog("Ldap.class::add dn=".$dn." info=".join(',',$info));
|
||||
|
||||
// Encode en UTF8
|
||||
$dn=$this->ldap_utf8_encode($dn);
|
||||
foreach($info as $key => $val)
|
||||
{
|
||||
if (! is_array($val)) $info[$key]=$this->ldap_utf8_encode($val);
|
||||
}
|
||||
|
||||
//print_r($info);
|
||||
$result=@ldap_add($this->connection, $dn, $info);
|
||||
|
||||
@ -621,14 +616,11 @@ class Ldap
|
||||
{
|
||||
global $conf;
|
||||
|
||||
// Encode en UTF8
|
||||
if ($conf->global->LDAP_SERVER_TYPE != 'activedirectory')
|
||||
{
|
||||
$dn=utf8_encode($dn);
|
||||
}
|
||||
|
||||
dolibarr_syslog("Ldap.class::delete Delete LDAP entry dn=".$dn);
|
||||
|
||||
// Encode en UTF8
|
||||
$dn=$this->ldap_utf8_encode($dn);
|
||||
|
||||
$result=@ldap_delete($this->connection, $dn);
|
||||
|
||||
if ($result) return 1;
|
||||
@ -680,53 +672,43 @@ class Ldap
|
||||
* username. The search criteria is a standard LDAP query - * returns all
|
||||
* users. The $attributeArray variable contains the required user detail field names
|
||||
*/
|
||||
function getUsers($search, $attributeArray)
|
||||
function getUsers($search, $userDn, $useridentifier, $attributeArray)
|
||||
{
|
||||
$userslist=array();
|
||||
|
||||
dolibarr_syslog("Ldap.class::getUsers search=".$search." userDn=".$userDn." useridentifier=".$useridentifier." attributeArray=".$attributeArray);
|
||||
|
||||
// Perform the search and get the entry handles
|
||||
|
||||
// if the directory is AD, then bind first with the search user first
|
||||
// if the directory is AD, then bind first with the search user first
|
||||
if ($this->serverType == "activedirectory") {
|
||||
$this->authBind($this->searchUser, $this->searchPassword);
|
||||
}
|
||||
|
||||
$filter = '('.$this->filter.'('.$this->getUserIdentifier().'='.$search.'))';
|
||||
//print "zzz".$filter;
|
||||
$this->result = @ldap_search( $this->connection, $this->people, $filter);
|
||||
$filter = '('.$useridentifier.'='.$search.')';
|
||||
$this->result = @ldap_search($this->connection, $userDn, $filter);
|
||||
|
||||
if (!$this->result)
|
||||
{
|
||||
$this->ldapErrorCode = ldap_errno( $this->connection);
|
||||
$this->ldapErrorText = ldap_error( $this->connection);
|
||||
$this->error = ldap_errno($this->connection)." ".ldap_error($this->connection);
|
||||
return -1;
|
||||
}
|
||||
|
||||
$info = @ldap_get_entries( $this->connection, $this->result);
|
||||
|
||||
for( $i = 0; $i < $info["count"]; $i++)
|
||||
$info = @ldap_get_entries($this->connection, $this->result);
|
||||
//print_r($info);
|
||||
for ($i = 0; $i < $info["count"]; $i++)
|
||||
{
|
||||
// Get the username, and create an array indexed by it...
|
||||
// Modify these as you see fit.
|
||||
$uname = $info[$i][$this->getUserIdentifier()][0];
|
||||
|
||||
// add to the array for each attribute in my list
|
||||
for ( $j = 0; $j < count( $attributeArray); $j++)
|
||||
{
|
||||
if (strtolower($attributeArray[$j]) == "dn")
|
||||
{
|
||||
$userslist["$uname"]["$attributeArray[$j]"] = $info[$i][strtolower($attributeArray[$j])];
|
||||
}
|
||||
else if (strtolower($attributeArray[$j]) == "objectsid")
|
||||
{
|
||||
$objectsid = $this->getObjectSid($uname);
|
||||
$userslist["$uname"]["$attributeArray[$j]"] = $objectsid;
|
||||
//$userslist["$uname"]["$attributeArray[$j]"] = $objectsid[0];
|
||||
}
|
||||
else
|
||||
{
|
||||
$userslist["$uname"]["$attributeArray[$j]"] = $info[$i][strtolower($attributeArray[$j])][0];
|
||||
}
|
||||
}
|
||||
$recordid=$this->ldap_utf8_decode($info[$i][$useridentifier][0]);
|
||||
if ($recordid)
|
||||
{
|
||||
//print "Found record with key $useridentifier=".$recordid."<br>\n";
|
||||
$userslist[$recordid][$useridentifier]=$recordid;
|
||||
|
||||
// Add to the array for each attribute in my list
|
||||
for ($j = 0; $j < count($attributeArray); $j++)
|
||||
{
|
||||
//print " Param ".$attributeArray[$j]."=".$info[$i][$attributeArray[$j]][0]."<br>\n";
|
||||
$userslist[$recordid][$attributeArray[$j]] = $this->ldap_utf8_decode($info[$i][$attributeArray[$j]][0]);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
asort($userslist);
|
||||
@ -736,6 +718,7 @@ class Ldap
|
||||
/**
|
||||
* Récupère le SID de l'utilisateur
|
||||
* ldapuser. le login de l'utilisateur
|
||||
* \deprecated
|
||||
*/
|
||||
function getObjectSid($ldapUser)
|
||||
{
|
||||
@ -753,6 +736,7 @@ class Ldap
|
||||
|
||||
/**
|
||||
* Converts a little-endian hex-number to one, that 'hexdec' can convert
|
||||
* \deprecated
|
||||
*/
|
||||
function littleEndian($hex) {
|
||||
for ($x=strlen($hex)-2; $x >= 0; $x=$x-2) {
|
||||
@ -763,6 +747,7 @@ class Ldap
|
||||
|
||||
/**
|
||||
* Returns the textual SID
|
||||
* \deprecated
|
||||
*/
|
||||
function binSIDtoText($binsid) {
|
||||
$hex_sid=bin2hex($binsid);
|
||||
@ -779,34 +764,30 @@ class Ldap
|
||||
|
||||
/**
|
||||
* \brief Fonction de recherche avec filtre
|
||||
* \param checkDn DN de recherche
|
||||
* \param filter filtre de recherche (ex: sn=nom_personne)
|
||||
* \remarks this->connection doit etre défini donc la methode bind ou authbind doit avoir deja été appelée
|
||||
* \param checkDn DN de recherche (Ex: ou=users,cn=my-domain,cn=com)
|
||||
* \param filter Filtre de recherche (ex: (sn=nom_personne) )
|
||||
* \return array Tableau des reponses
|
||||
*/
|
||||
function search($checkDn, $filter)
|
||||
{
|
||||
// Perform the search and get the entry handles
|
||||
if ($this->serverType != "activedirectory")
|
||||
{
|
||||
$checkDn=utf8_decode($checkDn);
|
||||
}
|
||||
|
||||
dolibarr_syslog("Ldap.class::search checkDn=".$checkDn." filter=".$filter);
|
||||
|
||||
$checkDn=$this->ldap_utf8_encode($checkDn);
|
||||
$filter=$this->ldap_utf8_encode($filter);
|
||||
|
||||
// if the directory is AD, then bind first with the search user first
|
||||
if ($this->serverType == "activedirectory") {
|
||||
$this->authBind($this->searchUser, $this->searchPassword);
|
||||
}
|
||||
|
||||
|
||||
$this->result = @ldap_search($this->connection, $checkDn, $filter);
|
||||
|
||||
$result = @ldap_get_entries($this->connection, $this->result);
|
||||
|
||||
if (!$result)
|
||||
if (! $result)
|
||||
{
|
||||
$this->ldapErrorCode = ldap_errno( $this->connection);
|
||||
$this->ldapErrorText = ldap_error( $this->connection);
|
||||
$this->error = ldap_errno($this->connection)." ".ldap_error($this->connection);
|
||||
return -1;
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -820,8 +801,8 @@ class Ldap
|
||||
* \brief récupère les attributs de l'utilisateur
|
||||
* \param $user : utilisateur ldap
|
||||
*/
|
||||
function fetch( $user) {
|
||||
|
||||
function fetch($user)
|
||||
{
|
||||
// Perform the search and get the entry handles
|
||||
|
||||
// if the directory is AD, then bind first with the search user first
|
||||
@ -832,27 +813,26 @@ class Ldap
|
||||
|
||||
$filter = '('.$this->filter.'('.$userIdentifier.'='.$user.'))';
|
||||
|
||||
$this->result = @ldap_search( $this->connection, $this->people, $filter);
|
||||
$this->result = @ldap_search($this->connection, $this->people, $filter);
|
||||
|
||||
$result = @ldap_get_entries( $this->connection, $this->result);
|
||||
|
||||
if (!$result)
|
||||
if (! $result)
|
||||
{
|
||||
$this->ldapErrorCode = ldap_errno( $this->connection);
|
||||
$this->ldapErrorText = ldap_error( $this->connection);
|
||||
$this->error = ldap_errno($this->connection)." ".ldap_error($this->connection);
|
||||
}
|
||||
else
|
||||
{
|
||||
$this->name = utf8_decode($result[0][$this->attr_name][0]);
|
||||
$this->firstname = utf8_decode($result[0][$this->attr_firstname][0]);
|
||||
$this->login = utf8_decode($result[0][$userIdentifier][0]);
|
||||
$this->phone = utf8_decode($result[0][$this->attr_phone][0]);
|
||||
$this->fax = utf8_decode($result[0][$this->attr_fax][0]);
|
||||
$this->mail = utf8_decode($result[0][$this->attr_mail][0]);
|
||||
$this->mobile = utf8_decode($result[0][$this->attr_mobile][0]);
|
||||
$this->name = $this->ldap_utf8_decode($result[0][$this->attr_name][0]);
|
||||
$this->firstname = $this->ldap_utf8_decode($result[0][$this->attr_firstname][0]);
|
||||
$this->login = $this->ldap_utf8_decode($result[0][$userIdentifier][0]);
|
||||
$this->phone = $this->ldap_utf8_decode($result[0][$this->attr_phone][0]);
|
||||
$this->fax = $this->ldap_utf8_decode($result[0][$this->attr_fax][0]);
|
||||
$this->mail = $this->ldap_utf8_decode($result[0][$this->attr_mail][0]);
|
||||
$this->mobile = $this->ldap_utf8_decode($result[0][$this->attr_mobile][0]);
|
||||
|
||||
$this->uacf = $this->parseUACF(utf8_decode($result[0]["useraccountcontrol"][0]));
|
||||
$this->pwdlastset = utf8_decode($result[0]["pwdlastset"][0]);
|
||||
$this->uacf = $this->parseUACF($this->ldap_utf8_decode($result[0]["useraccountcontrol"][0]));
|
||||
$this->pwdlastset = $this->ldap_utf8_decode($result[0]["pwdlastset"][0]);
|
||||
|
||||
ldap_free_result($this->result);
|
||||
}
|
||||
@ -1004,5 +984,31 @@ class Ldap
|
||||
return($retval);
|
||||
}
|
||||
|
||||
} // End of class
|
||||
|
||||
/*
|
||||
* \brief Encode in UTF8 or not
|
||||
* \param string String to decode
|
||||
* \return string String decoded
|
||||
*/
|
||||
function ldap_utf8_encode($string)
|
||||
{
|
||||
if ($this->serverType != "activedirectory") return utf8_encode($string);
|
||||
else return($string);
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* \brief Decode in UTF8 or not
|
||||
* \param string String to decode
|
||||
* \return string String decoded
|
||||
*/
|
||||
function ldap_utf8_decode($string)
|
||||
{
|
||||
if ($this->serverType != "activedirectory") return utf8_decode($string);
|
||||
else return($string);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
?>
|
||||
@ -808,6 +808,7 @@ class User
|
||||
// Nettoyage parametres
|
||||
$this->nom=trim($this->nom);
|
||||
$this->prenom=trim($this->prenom);
|
||||
$this->fullname=trim($this->prenom." ".$this->nom);
|
||||
$this->login=trim($this->login);
|
||||
$this->pass=trim($this->pass);
|
||||
$this->email=trim($this->email);
|
||||
|
||||
@ -116,43 +116,6 @@ if ($_POST["action"] == 'confirm_delete' && $_POST["confirm"] == "yes")
|
||||
}
|
||||
}
|
||||
|
||||
// Reactive un compte ldap
|
||||
if ($conf->ldap->enabled && $_GET["action"] == 'reactivate' && $candisableuser)
|
||||
{
|
||||
if ($_GET["id"] <> $user->id)
|
||||
{
|
||||
$userid = $_GET["id"];
|
||||
$reactiveuser = new User($db, $userid);
|
||||
$reactiveuser->fetch();
|
||||
$ldap = new Ldap();
|
||||
if ($ldap->connect())
|
||||
{
|
||||
$checkDn = $conf->global->LDAP_USER_DN;
|
||||
$filter = $conf->global->LDAP_FIELD_NAME.'=*';
|
||||
$user_sid = $reactiveuser->ldap_sid;
|
||||
$entries = $ldap->search($checkDn, $filter);
|
||||
$identifier = $ldap->getUserIdentifier();
|
||||
|
||||
for ($i = 0; $i < $entries["count"] ; $i++) {
|
||||
$objectsid = $ldap->getObjectSid($entries[$i][$identifier][0]);
|
||||
if ($user_sid == $objectsid){
|
||||
$reactiveuser->login = $entries[$i][$identifier][0];
|
||||
}
|
||||
}
|
||||
|
||||
$reactiveuser->update();
|
||||
|
||||
Header("Location: fiche.php?id=$userid");
|
||||
exit;
|
||||
}
|
||||
else
|
||||
{
|
||||
print $ldap->ldapErrorCode." - ".$ldap->ldapErrorText;
|
||||
}
|
||||
$ldap->close();
|
||||
}
|
||||
}
|
||||
|
||||
// Action ajout user
|
||||
if ($_POST["action"] == 'add' && $canadduser)
|
||||
{
|
||||
@ -303,7 +266,7 @@ if ($_POST["action"] == 'update' && ! $_POST["cancel"] && $caneditfield)
|
||||
$db->commit();
|
||||
} else
|
||||
{
|
||||
$db->rollback;
|
||||
$db->rollback();
|
||||
}
|
||||
|
||||
}
|
||||
@ -344,6 +307,47 @@ if ((($_POST["action"] == 'confirm_password' && $_POST["confirm"] == 'yes')
|
||||
}
|
||||
}
|
||||
|
||||
// Action initialisation donnees depuis record LDAP
|
||||
if ($_POST["action"] == 'adduserldap')
|
||||
{
|
||||
$selecteduser = $_POST['users'];
|
||||
|
||||
$justthese = array(
|
||||
$conf->global->LDAP_FIELD_NAME,
|
||||
$conf->global->LDAP_FIELD_FIRSTNAME,
|
||||
$conf->global->LDAP_FIELD_LOGIN_SAMBA,
|
||||
$conf->global->LDAP_FIELD_MAIL,
|
||||
$conf->global->LDAP_FIELD_PHONE,
|
||||
$conf->global->LDAP_FIELD_FAX,
|
||||
$conf->global->LDAP_FIELD_MOBILE,
|
||||
$conf->global->LDAP_FIELD_SID);
|
||||
|
||||
$ldap = new Ldap();
|
||||
$result = $ldap->connect_bind();
|
||||
if ($result >= 0)
|
||||
{
|
||||
$ldapusers = $ldap->getUsers($selecteduser, $conf->global->LDAP_USER_DN, $conf->global->LDAP_KEY_USERS, $justthese);
|
||||
if (is_array($ldapusers))
|
||||
{
|
||||
foreach ($ldapusers as $key => $attribute)
|
||||
{
|
||||
$ldap_nom = $attribute[$conf->global->LDAP_FIELD_NAME];
|
||||
$ldap_prenom = $attribute[$conf->global->LDAP_FIELD_NAME];
|
||||
$ldap_login = $attribute[$conf->global->LDAP_FIELD_LOGIN_SAMBA];
|
||||
$ldap_phone = $attribute[$conf->global->LDAP_FIELD_LOGIN_PHONE];
|
||||
$ldap_fax = $attribute[$conf->global->LDAP_FIELD_LOGIN_FAX];
|
||||
$ldap_mobile = $attribute[$conf->global->LDAP_FIELD_LOGIN_MOBILE];
|
||||
$ldap_mail = $attribute[$conf->global->LDAP_FIELD_LOGIN_MAIL];
|
||||
$ldap_sid = $attribute[$conf->global->LDAP_FIELD_LOGIN_SID];
|
||||
}
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
$message='<div class="error">'.$ldap->error.'</div>';
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
/*
|
||||
@ -371,58 +375,46 @@ if (($action == 'create') || ($action == 'adduserldap'))
|
||||
|
||||
if ($message) { print $message.'<br>'; }
|
||||
|
||||
/*
|
||||
* Affiche formulaire d'ajout d'un compte depuis LDAP
|
||||
* si on est en synchro LDAP vers Dolibarr
|
||||
*/
|
||||
|
||||
if ($conf->ldap->enabled && $conf->global->LDAP_SYNCHRO_ACTIVE == 'ldap2dolibarr')
|
||||
{
|
||||
$fullname = $conf->global->LDAP_FIELD_FULLNAME;
|
||||
$name = $conf->global->LDAP_FIELD_NAME;
|
||||
$firstname = $conf->global->LDAP_FIELD_FIRSTNAME;
|
||||
$login = $conf->global->LDAP_FIELD_LOGIN_SAMBA;
|
||||
|
||||
$mail = $conf->global->LDAP_FIELD_MAIL;
|
||||
$phone = $conf->global->LDAP_FIELD_PHONE;
|
||||
$fax = $conf->global->LDAP_FIELD_FAX;
|
||||
$mobile = $conf->global->LDAP_FIELD_MOBILE;
|
||||
$SID = "objectsid";
|
||||
/*
|
||||
* Affiche formulaire d'ajout d'un compte depuis LDAP
|
||||
* si on est en synchro LDAP vers Dolibarr
|
||||
*/
|
||||
|
||||
print "\n\n<!-- Form liste LDAP debut -->\n";
|
||||
print '<table width="100%" class="border"><tr><td>';
|
||||
|
||||
$ldap = new Ldap();
|
||||
|
||||
if ($ldap->connect())
|
||||
$result = $ldap->connect_bind();
|
||||
if ($result >= 0)
|
||||
{
|
||||
$bind='';
|
||||
if ($conf->global->LDAP_ADMIN_DN && $conf->global->LDAP_ADMIN_PASS)
|
||||
{
|
||||
dolibarr_syslog("user/fiche.php authBind user=".$conf->global->LDAP_ADMIN_DN,LOG_DEBUG);
|
||||
$bind=$ldap->authBind($conf->global->LDAP_ADMIN_DN,$conf->global->LDAP_ADMIN_PASS);
|
||||
}
|
||||
else
|
||||
{
|
||||
dolibarr_syslog("user/fiche.php bind",LOG_DEBUG);
|
||||
$bind=$ldap->bind();
|
||||
}
|
||||
if ($bind)
|
||||
{
|
||||
$justthese = array($fullname, $name, $firstname, $login);
|
||||
$ldapusers = $ldap->getUsers('*', $justthese);
|
||||
|
||||
//print "eee".$justthese." r ".$ldapusers;
|
||||
//print_r($justthese);
|
||||
$justthese=array($conf->global->LDAP_KEY_USERS,
|
||||
$conf->global->LDAP_FIELD_FULLNAME,
|
||||
$conf->global->LDAP_FIELD_NAME,
|
||||
$conf->global->LDAP_FIELD_FIRSTNAME,
|
||||
$conf->global->LDAP_FIELD_LOGIN_SAMBA);
|
||||
|
||||
$ldapusers = $ldap->getUsers('*', $conf->global->LDAP_USER_DN, $conf->global->LDAP_KEY_USERS, $justthese);
|
||||
if (is_array($ldapusers))
|
||||
{
|
||||
$liste=array();
|
||||
foreach ($ldapusers as $key => $ldapuser)
|
||||
{
|
||||
if ($ldapuser[$login])
|
||||
$record='';
|
||||
foreach ($justthese as $value)
|
||||
{
|
||||
if ($ldapuser[$name] != "") $liste[$ldapuser[$login]] = trim($ldapuser[$name]." ".$ldapuser[$firstname]);
|
||||
else if ($ldapuser[$fullname] != "") $liste[$ldapuser[$login]] = $ldapuser[$fullname];
|
||||
if ($value)
|
||||
{
|
||||
$record.=$value."=".$ldapuser[$value]." ";
|
||||
}
|
||||
}
|
||||
$liste[$key] = $record;
|
||||
}
|
||||
|
||||
|
||||
print '<form name="add_user_ldap" action="'.$_SERVER["PHP_SELF"].'" method="post">';
|
||||
print '<table><tr><td>';
|
||||
print '<table class="noborder"><tr><td>';
|
||||
print $langs->trans("LDAPUsers");
|
||||
print '</td>';
|
||||
print '<td>';
|
||||
@ -432,51 +424,20 @@ if (($action == 'create') || ($action == 'adduserldap'))
|
||||
print '<input type="submit" class="button" value="'.$langs->trans('Add').'">';
|
||||
print '</td></tr></table>';
|
||||
print '</form>';
|
||||
print "<br>";
|
||||
|
||||
// Action (a mettre dans actions)
|
||||
if ($action == 'adduserldap')
|
||||
{
|
||||
$selecteduser = $_POST['users'];
|
||||
$justthese = array( $login,
|
||||
$name,
|
||||
$firstname,
|
||||
$mail,
|
||||
$phone,
|
||||
$fax,
|
||||
$mobile,
|
||||
$SID);
|
||||
|
||||
$selectedUser = $ldap->getUsers($selecteduser, $justthese);
|
||||
|
||||
if ($selectedUser)
|
||||
{
|
||||
foreach ($selectedUser as $key => $attribute)
|
||||
{
|
||||
$ldap_nom = utf8_decode($attribute[$name]?$attribute[$name]:'');
|
||||
$ldap_prenom = utf8_decode($attribute[$firstname]?$attribute[$firstname]:'');
|
||||
$ldap_login = utf8_decode($attribute[$login]?$attribute[$login]:'');
|
||||
$ldap_phone = utf8_decode($attribute[$phone]?$attribute[$phone]:'');
|
||||
$ldap_fax = utf8_decode($attribute[$fax]?$attribute[$fax]:'');
|
||||
$ldap_mobile = utf8_decode($attribute[$mobile]?$attribute[$mobile]:'');
|
||||
$ldap_mail = utf8_decode($attribute[$mail]?$attribute[$mail]:'');
|
||||
$ldap_SID = $attribute[$SID];
|
||||
//$ldap_SID = bin2hex($attribute[$SID]);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
$message='<div class="error">'.$ldap->error.'</div>';
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
print $ldap->ldapErrorCode;
|
||||
print $ldap->ldapErrorText;
|
||||
}
|
||||
if (! $ldap->close())
|
||||
{
|
||||
print $ldap->ldapErrorCode;
|
||||
print $ldap->ldapErrorText;
|
||||
$message='<div class="error">'.$ldap->error.'</div>';
|
||||
}
|
||||
|
||||
print "</td></tr></table>";
|
||||
print "\n<!-- Form liste LDAP fin -->\n\n";
|
||||
print '<br>';
|
||||
}
|
||||
|
||||
print '<form action="fiche.php" method="post" name="createuser">';
|
||||
@ -667,6 +628,7 @@ else
|
||||
$fuser->fetch();
|
||||
|
||||
// Connexion ldap
|
||||
// pour recuperer passDoNotExpire et userChangePassNextLogon
|
||||
if ($conf->ldap->enabled && $fuser->ldap_sid)
|
||||
{
|
||||
$ldap = new Ldap();
|
||||
@ -676,21 +638,21 @@ else
|
||||
$entries = $ldap->fetch($fuser->login);
|
||||
if (! $entries)
|
||||
{
|
||||
$message .= $ldap->ldapErrorCode." - ".$ldap->ldapErrorText;
|
||||
$message .= $ldap->error;
|
||||
}
|
||||
}
|
||||
|
||||
//On vérifie les options du compte
|
||||
foreach ($ldap->uacf as $key => $statut)
|
||||
{
|
||||
if ($key == 65536)
|
||||
{
|
||||
$passDoNotExpire = $langs->trans("LdapUacf_".$statut);
|
||||
}
|
||||
}
|
||||
if ($ldap->pwdlastset == 0 && $ldap->pwdlastset != "")
|
||||
{
|
||||
$userChangePassNextLogon = $langs->trans("UserMustChangePassNextLogon");
|
||||
//On vérifie les options du compte
|
||||
foreach ($ldap->uacf as $key => $statut)
|
||||
{
|
||||
if ($key == 65536)
|
||||
{
|
||||
$passDoNotExpire = $langs->trans("LdapUacf_".$statut);
|
||||
}
|
||||
}
|
||||
if ($ldap->pwdlastset == 0 && $ldap->pwdlastset != "")
|
||||
{
|
||||
$userChangePassNextLogon = $langs->trans("UserMustChangePassNextLogon");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -45,6 +45,41 @@ if ($user->societe_id > 0)
|
||||
$socid = $user->societe_id;
|
||||
}
|
||||
|
||||
$fuser = new User($db, $_GET["id"]);
|
||||
$fuser->fetch();
|
||||
$fuser->getrights();
|
||||
|
||||
|
||||
/*
|
||||
* Actions
|
||||
*/
|
||||
|
||||
if ($_GET["action"] == 'dolibarr2ldap')
|
||||
{
|
||||
$message="";
|
||||
|
||||
$db->begin();
|
||||
|
||||
$ldap=new Ldap();
|
||||
$ldap->connect_bind();
|
||||
|
||||
$info=$fuser->_load_ldap_info();
|
||||
$dn=$fuser->_load_ldap_dn($info);
|
||||
|
||||
$ret=$ldap->update($dn,$info,$user); // Marche en creation LDAP et mise a jour
|
||||
|
||||
if ($ret >= 0)
|
||||
{
|
||||
$message.='<div class="ok">'.$langs->trans("UserSynchronized").'</div>';
|
||||
$db->commit();
|
||||
}
|
||||
else
|
||||
{
|
||||
$message.='<div class="error">'.$ldap->error.'</div>';
|
||||
$db->rollback();
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* Affichage page
|
||||
@ -54,10 +89,6 @@ llxHeader();
|
||||
|
||||
$form = new Form($db);
|
||||
|
||||
$fuser = new User($db, $_GET["id"]);
|
||||
$fuser->fetch();
|
||||
$fuser->getrights();
|
||||
|
||||
|
||||
/*
|
||||
* Affichage onglets
|
||||
@ -117,12 +148,29 @@ print '</table>';
|
||||
|
||||
print '</div>';
|
||||
|
||||
print '<br>';
|
||||
|
||||
if ($message) { print $message; }
|
||||
|
||||
|
||||
/*
|
||||
* Barre d'actions
|
||||
*/
|
||||
|
||||
print '<div class="tabsAction">';
|
||||
|
||||
if ($conf->global->LDAP_SYNCHRO_ACTIVE == 'dolibarr2ldap')
|
||||
{
|
||||
print '<a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$fuser->id.'&action=dolibarr2ldap">'.$langs->trans("ForceSynchronize").'</a>';
|
||||
}
|
||||
|
||||
print "</div>\n";
|
||||
print "<br>\n";
|
||||
|
||||
|
||||
print_titre($langs->trans("LDAPInformationsForThisUser"));
|
||||
|
||||
// Affichage attributs LDAP
|
||||
print_titre($langs->trans("LDAPInformationsForThisUser"));
|
||||
|
||||
print '<table width="100%" class="noborder">';
|
||||
|
||||
print '<tr class="liste_titre">';
|
||||
@ -139,7 +187,11 @@ if ($result > 0)
|
||||
$dn=$fuser->_load_ldap_dn($info,1);
|
||||
$search = "(".$fuser->_load_ldap_dn($info,2).")";
|
||||
$result=$ldap->search($dn,$search);
|
||||
|
||||
if ($result < 0)
|
||||
{
|
||||
dolibarr_print_error($db,$ldap->error);
|
||||
}
|
||||
|
||||
// Affichage arbre
|
||||
if (sizeof($result))
|
||||
{
|
||||
|
||||
Loading…
Reference in New Issue
Block a user