diff --git a/htdocs/admin/ldap_users.php b/htdocs/admin/ldap_users.php index 5577c3a15e2..fcb8f077ef8 100644 --- a/htdocs/admin/ldap_users.php +++ b/htdocs/admin/ldap_users.php @@ -62,6 +62,7 @@ if ($_GET["action"] == 'setvalue' && $user->admin) if (! dolibarr_set_const($db, 'LDAP_FIELD_MOBILE',$_POST["fieldmobile"])) $error++; if (! dolibarr_set_const($db, 'LDAP_FIELD_FAX',$_POST["fieldfax"])) $error++; if (! dolibarr_set_const($db, 'LDAP_FIELD_DESCRIPTION',$_POST["fielddescription"])) $error++; + if (! dolibarr_set_const($db, 'LDAP_FIELD_SID',$_POST["fieldsid"])) $error++; if ($error) { @@ -209,6 +210,14 @@ print ''.$langs->trans("LDAPFieldDescriptionExample").''; print 'global->LDAP_KEY_GROUPS==$conf->global->LDAP_FIELD_DESCRIPTION?' checked="true"':'').">"; print ''; +// Sid +$var=!$var; +print ''.$langs->trans("LDAPFieldSid").''; +print ''; +print ''.$langs->trans("LDAPFieldSidExample").''; +print 'global->LDAP_KEY_GROUPS==$conf->global->LDAP_FIELD_SID?' checked="true"':'').">"; +print ''; + $var=!$var; print ''; print ''; diff --git a/htdocs/includes/triggers/interface_ldap.class.php b/htdocs/includes/triggers/interface_ldap.class.php index f6f4779ceef..a092bdde5fd 100644 --- a/htdocs/includes/triggers/interface_ldap.class.php +++ b/htdocs/includes/triggers/interface_ldap.class.php @@ -105,7 +105,7 @@ class InterfaceLdap if ($action == 'USER_CREATE') { dolibarr_syslog("Trigger '".$this->name."' for action '$action' launched by ".__FILE__.". id=".$object->id); - if ($conf->ldap->enabled && $conf->global->LDAP_SYNCHRO_ACTIVE) + if ($conf->ldap->enabled && $conf->global->LDAP_SYNCHRO_ACTIVE == 'dolibarr2ldap') { $ldap=new Ldap(); $ldap->connect_bind(); @@ -119,7 +119,7 @@ class InterfaceLdap elseif ($action == 'USER_MODIFY') { dolibarr_syslog("Trigger '".$this->name."' for action '$action' launched by ".__FILE__.". id=".$object->id); - if ($conf->ldap->enabled && $conf->global->LDAP_SYNCHRO_ACTIVE) + if ($conf->ldap->enabled && $conf->global->LDAP_SYNCHRO_ACTIVE == 'dolibarr2ldap') { $ldap=new Ldap(); $ldap->connect_bind(); @@ -141,7 +141,7 @@ class InterfaceLdap elseif ($action == 'USER_DELETE') { dolibarr_syslog("Trigger '".$this->name."' for action '$action' launched by ".__FILE__.". id=".$object->id); - if ($conf->ldap->enabled && $conf->global->LDAP_SYNCHRO_ACTIVE) + if ($conf->ldap->enabled && $conf->global->LDAP_SYNCHRO_ACTIVE == 'dolibarr2ldap') { $ldap=new Ldap(); $ldap->connect_bind(); @@ -156,7 +156,7 @@ class InterfaceLdap // Groupes elseif ($action == 'GROUP_CREATE') { - if ($conf->ldap->enabled && $conf->global->LDAP_SYNCHRO_ACTIVE) + if ($conf->ldap->enabled && $conf->global->LDAP_SYNCHRO_ACTIVE == 'dolibarr2ldap') { $ldap=new Ldap(); $ldap->connect_bind(); @@ -169,7 +169,7 @@ class InterfaceLdap } elseif ($action == 'GROUP_MODIFY') { - if ($conf->ldap->enabled && $conf->global->LDAP_SYNCHRO_ACTIVE) + if ($conf->ldap->enabled && $conf->global->LDAP_SYNCHRO_ACTIVE == 'dolibarr2ldap') { $ldap=new Ldap(); $ldap->connect_bind(); @@ -182,7 +182,7 @@ class InterfaceLdap } elseif ($action == 'GROUP_DELETE') { - if ($conf->ldap->enabled && $conf->global->LDAP_SYNCHRO_ACTIVE) + if ($conf->ldap->enabled && $conf->global->LDAP_SYNCHRO_ACTIVE == 'dolibarr2ldap') { $ldap=new Ldap(); $ldap->connect_bind(); diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang index f047dc84952..ef4c208d4a2 100644 --- a/htdocs/langs/en_US/admin.lang +++ b/htdocs/langs/en_US/admin.lang @@ -584,6 +584,8 @@ LDAPFieldTown=Town LDAPFieldTownExample=Example : l LDAPFieldDescription=Description LDAPFieldDescriptionExample=Example : description +LDAPFieldSid=SID +LDAPFieldSidExample=Example : objectsid LDAPParametersAreStillHardCoded=LDAP parametres are still hardcoded (in contact class) LDAPSetupNotComplete=LDAP setup not complete (go on others tabs) LDAPNoUserOrPasswordProvidedAccessIsReadOnly=No administrator or password provided. LDAP access will be anonymous and in read only mode. diff --git a/htdocs/langs/en_US/ldap.lang b/htdocs/langs/en_US/ldap.lang index a7e3e52425c..55898d1974a 100644 --- a/htdocs/langs/en_US/ldap.lang +++ b/htdocs/langs/en_US/ldap.lang @@ -13,4 +13,7 @@ LDAPAttributes=LDAP attributes LDAPCard=LDAP card LDAPRecordNotFound=Record not found in LDAP database LDAPUsers=Users in LDAP database -LDAPGroups=Groups in LDAP database \ No newline at end of file +LDAPGroups=Groups in LDAP database +SynchronizeDolibarr2Ldap=Synchronize user (Dolibarr -> LDAP) +UserSynchronized=User synchronized +ForceSynchronize=Force synchronizing Dolibarr -> LDAP \ No newline at end of file diff --git a/htdocs/langs/fr_FR/admin.lang b/htdocs/langs/fr_FR/admin.lang index eb88a78facc..771c9f3029b 100644 --- a/htdocs/langs/fr_FR/admin.lang +++ b/htdocs/langs/fr_FR/admin.lang @@ -584,6 +584,8 @@ LDAPFieldTown=Ville LDAPFieldTownExample=Exemple : l LDAPFieldDescription=Description LDAPFieldDescriptionExample=Exemple : description +LDAPFieldSid=SID +LDAPFieldSidExample=Exemple : objectsid LDAPParametersAreStillHardCoded=Les parametres LDAP sont codés en dur (dans classe contact) LDAPSetupNotComplete=Configuration LDAP incomplète (à compléter sur les autres onglets) LDAPNoUserOrPasswordProvidedAccessIsReadOnly=Administrateur ou mot de passe non renseigné. Les accès LDAP seront donc anonymes et en lecture seule. diff --git a/htdocs/langs/fr_FR/ldap.lang b/htdocs/langs/fr_FR/ldap.lang index 564c6cec495..aa7c4377ddf 100644 --- a/htdocs/langs/fr_FR/ldap.lang +++ b/htdocs/langs/fr_FR/ldap.lang @@ -14,3 +14,6 @@ LDAPCard=Fiche LDAP LDAPRecordNotFound=Enregistrement non trouvé dans la base LDAP LDAPUsers=Utilisateurs en base LDAP LDAPGroups=Groupes en base LDAP +SynchronizeDolibarr2Ldap=Synchroniser utilisateur (Dolibarr -> LDAP) +UserSynchronized=Utilisateur synchronisé +ForceSynchronize=Forcer synchro Dolibarr -> LDAP diff --git a/htdocs/lib/ldap.class.php b/htdocs/lib/ldap.class.php index 08db213a5c7..cdffc121284 100644 --- a/htdocs/lib/ldap.class.php +++ b/htdocs/lib/ldap.class.php @@ -390,13 +390,11 @@ class Ldap return -3; } - //if (! $conf->ldap->enabled || ! $conf->global->LDAP_SYNCHRO_ACTIVE) return 0; + if (! $olddn) $olddn=$dn; - if (! $olddn) $olddn = $dn; - - // On supprime et on insère dolibarr_syslog("Ldap.class::update dn=".$dn." olddn=".$olddn); + // On supprime et on insère $result = $this->delete($olddn); $result = $this->add($dn, $info, $user); if ($result <= 0) @@ -593,18 +591,15 @@ class Ldap { global $conf; - // Encode en UTF8 - if ($conf->global->LDAP_SERVER_TYPE != 'activedirectory') - { - $dn=utf8_encode($dn); - foreach($info as $key => $val) - { - if (! is_array($val)) $info[$key]=utf8_encode($val); - } - } - dolibarr_syslog("Ldap.class::add dn=".$dn." info=".join(',',$info)); + // Encode en UTF8 + $dn=$this->ldap_utf8_encode($dn); + foreach($info as $key => $val) + { + if (! is_array($val)) $info[$key]=$this->ldap_utf8_encode($val); + } + //print_r($info); $result=@ldap_add($this->connection, $dn, $info); @@ -621,14 +616,11 @@ class Ldap { global $conf; - // Encode en UTF8 - if ($conf->global->LDAP_SERVER_TYPE != 'activedirectory') - { - $dn=utf8_encode($dn); - } - dolibarr_syslog("Ldap.class::delete Delete LDAP entry dn=".$dn); + // Encode en UTF8 + $dn=$this->ldap_utf8_encode($dn); + $result=@ldap_delete($this->connection, $dn); if ($result) return 1; @@ -680,53 +672,43 @@ class Ldap * username. The search criteria is a standard LDAP query - * returns all * users. The $attributeArray variable contains the required user detail field names */ - function getUsers($search, $attributeArray) + function getUsers($search, $userDn, $useridentifier, $attributeArray) { $userslist=array(); + + dolibarr_syslog("Ldap.class::getUsers search=".$search." userDn=".$userDn." useridentifier=".$useridentifier." attributeArray=".$attributeArray); - // Perform the search and get the entry handles - - // if the directory is AD, then bind first with the search user first + // if the directory is AD, then bind first with the search user first if ($this->serverType == "activedirectory") { $this->authBind($this->searchUser, $this->searchPassword); } - $filter = '('.$this->filter.'('.$this->getUserIdentifier().'='.$search.'))'; - //print "zzz".$filter; - $this->result = @ldap_search( $this->connection, $this->people, $filter); + $filter = '('.$useridentifier.'='.$search.')'; + $this->result = @ldap_search($this->connection, $userDn, $filter); if (!$this->result) { - $this->ldapErrorCode = ldap_errno( $this->connection); - $this->ldapErrorText = ldap_error( $this->connection); + $this->error = ldap_errno($this->connection)." ".ldap_error($this->connection); + return -1; } - $info = @ldap_get_entries( $this->connection, $this->result); - - for( $i = 0; $i < $info["count"]; $i++) + $info = @ldap_get_entries($this->connection, $this->result); + //print_r($info); + for ($i = 0; $i < $info["count"]; $i++) { - // Get the username, and create an array indexed by it... - // Modify these as you see fit. - $uname = $info[$i][$this->getUserIdentifier()][0]; - - // add to the array for each attribute in my list - for ( $j = 0; $j < count( $attributeArray); $j++) - { - if (strtolower($attributeArray[$j]) == "dn") - { - $userslist["$uname"]["$attributeArray[$j]"] = $info[$i][strtolower($attributeArray[$j])]; - } - else if (strtolower($attributeArray[$j]) == "objectsid") - { - $objectsid = $this->getObjectSid($uname); - $userslist["$uname"]["$attributeArray[$j]"] = $objectsid; - //$userslist["$uname"]["$attributeArray[$j]"] = $objectsid[0]; - } - else - { - $userslist["$uname"]["$attributeArray[$j]"] = $info[$i][strtolower($attributeArray[$j])][0]; - } - } + $recordid=$this->ldap_utf8_decode($info[$i][$useridentifier][0]); + if ($recordid) + { + //print "Found record with key $useridentifier=".$recordid."
\n"; + $userslist[$recordid][$useridentifier]=$recordid; + + // Add to the array for each attribute in my list + for ($j = 0; $j < count($attributeArray); $j++) + { + //print " Param ".$attributeArray[$j]."=".$info[$i][$attributeArray[$j]][0]."
\n"; + $userslist[$recordid][$attributeArray[$j]] = $this->ldap_utf8_decode($info[$i][$attributeArray[$j]][0]); + } + } } asort($userslist); @@ -736,6 +718,7 @@ class Ldap /** * Récupère le SID de l'utilisateur * ldapuser. le login de l'utilisateur + * \deprecated */ function getObjectSid($ldapUser) { @@ -753,6 +736,7 @@ class Ldap /** * Converts a little-endian hex-number to one, that 'hexdec' can convert + * \deprecated */ function littleEndian($hex) { for ($x=strlen($hex)-2; $x >= 0; $x=$x-2) { @@ -763,6 +747,7 @@ class Ldap /** * Returns the textual SID + * \deprecated */ function binSIDtoText($binsid) { $hex_sid=bin2hex($binsid); @@ -779,34 +764,30 @@ class Ldap /** * \brief Fonction de recherche avec filtre - * \param checkDn DN de recherche - * \param filter filtre de recherche (ex: sn=nom_personne) * \remarks this->connection doit etre défini donc la methode bind ou authbind doit avoir deja été appelée + * \param checkDn DN de recherche (Ex: ou=users,cn=my-domain,cn=com) + * \param filter Filtre de recherche (ex: (sn=nom_personne) ) + * \return array Tableau des reponses */ function search($checkDn, $filter) { - // Perform the search and get the entry handles - if ($this->serverType != "activedirectory") - { - $checkDn=utf8_decode($checkDn); - } - dolibarr_syslog("Ldap.class::search checkDn=".$checkDn." filter=".$filter); + $checkDn=$this->ldap_utf8_encode($checkDn); + $filter=$this->ldap_utf8_encode($filter); + // if the directory is AD, then bind first with the search user first if ($this->serverType == "activedirectory") { $this->authBind($this->searchUser, $this->searchPassword); } - $this->result = @ldap_search($this->connection, $checkDn, $filter); $result = @ldap_get_entries($this->connection, $this->result); - - if (!$result) + if (! $result) { - $this->ldapErrorCode = ldap_errno( $this->connection); - $this->ldapErrorText = ldap_error( $this->connection); + $this->error = ldap_errno($this->connection)." ".ldap_error($this->connection); + return -1; } else { @@ -820,8 +801,8 @@ class Ldap * \brief récupère les attributs de l'utilisateur * \param $user : utilisateur ldap */ - function fetch( $user) { - + function fetch($user) + { // Perform the search and get the entry handles // if the directory is AD, then bind first with the search user first @@ -832,27 +813,26 @@ class Ldap $filter = '('.$this->filter.'('.$userIdentifier.'='.$user.'))'; - $this->result = @ldap_search( $this->connection, $this->people, $filter); + $this->result = @ldap_search($this->connection, $this->people, $filter); $result = @ldap_get_entries( $this->connection, $this->result); - if (!$result) + if (! $result) { - $this->ldapErrorCode = ldap_errno( $this->connection); - $this->ldapErrorText = ldap_error( $this->connection); + $this->error = ldap_errno($this->connection)." ".ldap_error($this->connection); } else { - $this->name = utf8_decode($result[0][$this->attr_name][0]); - $this->firstname = utf8_decode($result[0][$this->attr_firstname][0]); - $this->login = utf8_decode($result[0][$userIdentifier][0]); - $this->phone = utf8_decode($result[0][$this->attr_phone][0]); - $this->fax = utf8_decode($result[0][$this->attr_fax][0]); - $this->mail = utf8_decode($result[0][$this->attr_mail][0]); - $this->mobile = utf8_decode($result[0][$this->attr_mobile][0]); + $this->name = $this->ldap_utf8_decode($result[0][$this->attr_name][0]); + $this->firstname = $this->ldap_utf8_decode($result[0][$this->attr_firstname][0]); + $this->login = $this->ldap_utf8_decode($result[0][$userIdentifier][0]); + $this->phone = $this->ldap_utf8_decode($result[0][$this->attr_phone][0]); + $this->fax = $this->ldap_utf8_decode($result[0][$this->attr_fax][0]); + $this->mail = $this->ldap_utf8_decode($result[0][$this->attr_mail][0]); + $this->mobile = $this->ldap_utf8_decode($result[0][$this->attr_mobile][0]); - $this->uacf = $this->parseUACF(utf8_decode($result[0]["useraccountcontrol"][0])); - $this->pwdlastset = utf8_decode($result[0]["pwdlastset"][0]); + $this->uacf = $this->parseUACF($this->ldap_utf8_decode($result[0]["useraccountcontrol"][0])); + $this->pwdlastset = $this->ldap_utf8_decode($result[0]["pwdlastset"][0]); ldap_free_result($this->result); } @@ -1004,5 +984,31 @@ class Ldap return($retval); } -} // End of class + + /* + * \brief Encode in UTF8 or not + * \param string String to decode + * \return string String decoded + */ + function ldap_utf8_encode($string) + { + if ($this->serverType != "activedirectory") return utf8_encode($string); + else return($string); + } + + + /* + * \brief Decode in UTF8 or not + * \param string String to decode + * \return string String decoded + */ + function ldap_utf8_decode($string) + { + if ($this->serverType != "activedirectory") return utf8_decode($string); + else return($string); + } + +} + + ?> \ No newline at end of file diff --git a/htdocs/user.class.php b/htdocs/user.class.php index 17ed5da0460..6d48430812d 100644 --- a/htdocs/user.class.php +++ b/htdocs/user.class.php @@ -808,6 +808,7 @@ class User // Nettoyage parametres $this->nom=trim($this->nom); $this->prenom=trim($this->prenom); + $this->fullname=trim($this->prenom." ".$this->nom); $this->login=trim($this->login); $this->pass=trim($this->pass); $this->email=trim($this->email); diff --git a/htdocs/user/fiche.php b/htdocs/user/fiche.php index e7065121f47..83682e9e9fc 100644 --- a/htdocs/user/fiche.php +++ b/htdocs/user/fiche.php @@ -116,43 +116,6 @@ if ($_POST["action"] == 'confirm_delete' && $_POST["confirm"] == "yes") } } -// Reactive un compte ldap -if ($conf->ldap->enabled && $_GET["action"] == 'reactivate' && $candisableuser) -{ - if ($_GET["id"] <> $user->id) - { - $userid = $_GET["id"]; - $reactiveuser = new User($db, $userid); - $reactiveuser->fetch(); - $ldap = new Ldap(); - if ($ldap->connect()) - { - $checkDn = $conf->global->LDAP_USER_DN; - $filter = $conf->global->LDAP_FIELD_NAME.'=*'; - $user_sid = $reactiveuser->ldap_sid; - $entries = $ldap->search($checkDn, $filter); - $identifier = $ldap->getUserIdentifier(); - - for ($i = 0; $i < $entries["count"] ; $i++) { - $objectsid = $ldap->getObjectSid($entries[$i][$identifier][0]); - if ($user_sid == $objectsid){ - $reactiveuser->login = $entries[$i][$identifier][0]; - } - } - - $reactiveuser->update(); - - Header("Location: fiche.php?id=$userid"); - exit; - } - else - { - print $ldap->ldapErrorCode." - ".$ldap->ldapErrorText; - } - $ldap->close(); - } -} - // Action ajout user if ($_POST["action"] == 'add' && $canadduser) { @@ -303,7 +266,7 @@ if ($_POST["action"] == 'update' && ! $_POST["cancel"] && $caneditfield) $db->commit(); } else { - $db->rollback; + $db->rollback(); } } @@ -344,6 +307,47 @@ if ((($_POST["action"] == 'confirm_password' && $_POST["confirm"] == 'yes') } } +// Action initialisation donnees depuis record LDAP +if ($_POST["action"] == 'adduserldap') +{ + $selecteduser = $_POST['users']; + + $justthese = array( + $conf->global->LDAP_FIELD_NAME, + $conf->global->LDAP_FIELD_FIRSTNAME, + $conf->global->LDAP_FIELD_LOGIN_SAMBA, + $conf->global->LDAP_FIELD_MAIL, + $conf->global->LDAP_FIELD_PHONE, + $conf->global->LDAP_FIELD_FAX, + $conf->global->LDAP_FIELD_MOBILE, + $conf->global->LDAP_FIELD_SID); + + $ldap = new Ldap(); + $result = $ldap->connect_bind(); + if ($result >= 0) + { + $ldapusers = $ldap->getUsers($selecteduser, $conf->global->LDAP_USER_DN, $conf->global->LDAP_KEY_USERS, $justthese); + if (is_array($ldapusers)) + { + foreach ($ldapusers as $key => $attribute) + { + $ldap_nom = $attribute[$conf->global->LDAP_FIELD_NAME]; + $ldap_prenom = $attribute[$conf->global->LDAP_FIELD_NAME]; + $ldap_login = $attribute[$conf->global->LDAP_FIELD_LOGIN_SAMBA]; + $ldap_phone = $attribute[$conf->global->LDAP_FIELD_LOGIN_PHONE]; + $ldap_fax = $attribute[$conf->global->LDAP_FIELD_LOGIN_FAX]; + $ldap_mobile = $attribute[$conf->global->LDAP_FIELD_LOGIN_MOBILE]; + $ldap_mail = $attribute[$conf->global->LDAP_FIELD_LOGIN_MAIL]; + $ldap_sid = $attribute[$conf->global->LDAP_FIELD_LOGIN_SID]; + } + } + } + else + { + $message='
'.$ldap->error.'
'; + } +} + /* @@ -371,58 +375,46 @@ if (($action == 'create') || ($action == 'adduserldap')) if ($message) { print $message.'
'; } - /* - * Affiche formulaire d'ajout d'un compte depuis LDAP - * si on est en synchro LDAP vers Dolibarr - */ if ($conf->ldap->enabled && $conf->global->LDAP_SYNCHRO_ACTIVE == 'ldap2dolibarr') { - $fullname = $conf->global->LDAP_FIELD_FULLNAME; - $name = $conf->global->LDAP_FIELD_NAME; - $firstname = $conf->global->LDAP_FIELD_FIRSTNAME; - $login = $conf->global->LDAP_FIELD_LOGIN_SAMBA; - - $mail = $conf->global->LDAP_FIELD_MAIL; - $phone = $conf->global->LDAP_FIELD_PHONE; - $fax = $conf->global->LDAP_FIELD_FAX; - $mobile = $conf->global->LDAP_FIELD_MOBILE; - $SID = "objectsid"; + /* + * Affiche formulaire d'ajout d'un compte depuis LDAP + * si on est en synchro LDAP vers Dolibarr + */ + print "\n\n\n"; + print '
'; + $ldap = new Ldap(); - - if ($ldap->connect()) + $result = $ldap->connect_bind(); + if ($result >= 0) { - $bind=''; - if ($conf->global->LDAP_ADMIN_DN && $conf->global->LDAP_ADMIN_PASS) - { - dolibarr_syslog("user/fiche.php authBind user=".$conf->global->LDAP_ADMIN_DN,LOG_DEBUG); - $bind=$ldap->authBind($conf->global->LDAP_ADMIN_DN,$conf->global->LDAP_ADMIN_PASS); - } - else - { - dolibarr_syslog("user/fiche.php bind",LOG_DEBUG); - $bind=$ldap->bind(); - } - if ($bind) - { - $justthese = array($fullname, $name, $firstname, $login); - $ldapusers = $ldap->getUsers('*', $justthese); - - //print "eee".$justthese." r ".$ldapusers; - //print_r($justthese); + $justthese=array($conf->global->LDAP_KEY_USERS, + $conf->global->LDAP_FIELD_FULLNAME, + $conf->global->LDAP_FIELD_NAME, + $conf->global->LDAP_FIELD_FIRSTNAME, + $conf->global->LDAP_FIELD_LOGIN_SAMBA); + $ldapusers = $ldap->getUsers('*', $conf->global->LDAP_USER_DN, $conf->global->LDAP_KEY_USERS, $justthese); + if (is_array($ldapusers)) + { + $liste=array(); foreach ($ldapusers as $key => $ldapuser) { - if ($ldapuser[$login]) + $record=''; + foreach ($justthese as $value) { - if ($ldapuser[$name] != "") $liste[$ldapuser[$login]] = trim($ldapuser[$name]." ".$ldapuser[$firstname]); - else if ($ldapuser[$fullname] != "") $liste[$ldapuser[$login]] = $ldapuser[$fullname]; + if ($value) + { + $record.=$value."=".$ldapuser[$value]." "; + } } + $liste[$key] = $record; } - + print '
'; - print '
'; + print ''; print '
'; print $langs->trans("LDAPUsers"); print ''; @@ -432,51 +424,20 @@ if (($action == 'create') || ($action == 'adduserldap')) print ''; print '
'; print ''; - print "
"; - - // Action (a mettre dans actions) - if ($action == 'adduserldap') - { - $selecteduser = $_POST['users']; - $justthese = array( $login, - $name, - $firstname, - $mail, - $phone, - $fax, - $mobile, - $SID); - - $selectedUser = $ldap->getUsers($selecteduser, $justthese); - - if ($selectedUser) - { - foreach ($selectedUser as $key => $attribute) - { - $ldap_nom = utf8_decode($attribute[$name]?$attribute[$name]:''); - $ldap_prenom = utf8_decode($attribute[$firstname]?$attribute[$firstname]:''); - $ldap_login = utf8_decode($attribute[$login]?$attribute[$login]:''); - $ldap_phone = utf8_decode($attribute[$phone]?$attribute[$phone]:''); - $ldap_fax = utf8_decode($attribute[$fax]?$attribute[$fax]:''); - $ldap_mobile = utf8_decode($attribute[$mobile]?$attribute[$mobile]:''); - $ldap_mail = utf8_decode($attribute[$mail]?$attribute[$mail]:''); - $ldap_SID = $attribute[$SID]; - //$ldap_SID = bin2hex($attribute[$SID]); - } - } - } + } + else + { + $message='
'.$ldap->error.'
'; } } else { - print $ldap->ldapErrorCode; - print $ldap->ldapErrorText; - } - if (! $ldap->close()) - { - print $ldap->ldapErrorCode; - print $ldap->ldapErrorText; + $message='
'.$ldap->error.'
'; } + + print "
"; + print "\n\n\n"; + print '
'; } print '
'; @@ -667,6 +628,7 @@ else $fuser->fetch(); // Connexion ldap + // pour recuperer passDoNotExpire et userChangePassNextLogon if ($conf->ldap->enabled && $fuser->ldap_sid) { $ldap = new Ldap(); @@ -676,21 +638,21 @@ else $entries = $ldap->fetch($fuser->login); if (! $entries) { - $message .= $ldap->ldapErrorCode." - ".$ldap->ldapErrorText; + $message .= $ldap->error; } - } - //On vérifie les options du compte - foreach ($ldap->uacf as $key => $statut) - { - if ($key == 65536) - { - $passDoNotExpire = $langs->trans("LdapUacf_".$statut); - } - } - if ($ldap->pwdlastset == 0 && $ldap->pwdlastset != "") - { - $userChangePassNextLogon = $langs->trans("UserMustChangePassNextLogon"); + //On vérifie les options du compte + foreach ($ldap->uacf as $key => $statut) + { + if ($key == 65536) + { + $passDoNotExpire = $langs->trans("LdapUacf_".$statut); + } + } + if ($ldap->pwdlastset == 0 && $ldap->pwdlastset != "") + { + $userChangePassNextLogon = $langs->trans("UserMustChangePassNextLogon"); + } } } diff --git a/htdocs/user/ldap.php b/htdocs/user/ldap.php index 2a7e3e5c09d..4ab15454996 100644 --- a/htdocs/user/ldap.php +++ b/htdocs/user/ldap.php @@ -45,6 +45,41 @@ if ($user->societe_id > 0) $socid = $user->societe_id; } +$fuser = new User($db, $_GET["id"]); +$fuser->fetch(); +$fuser->getrights(); + + +/* +* Actions +*/ + +if ($_GET["action"] == 'dolibarr2ldap') +{ + $message=""; + + $db->begin(); + + $ldap=new Ldap(); + $ldap->connect_bind(); + + $info=$fuser->_load_ldap_info(); + $dn=$fuser->_load_ldap_dn($info); + + $ret=$ldap->update($dn,$info,$user); // Marche en creation LDAP et mise a jour + + if ($ret >= 0) + { + $message.='
'.$langs->trans("UserSynchronized").'
'; + $db->commit(); + } + else + { + $message.='
'.$ldap->error.'
'; + $db->rollback(); + } +} + /* * Affichage page @@ -54,10 +89,6 @@ llxHeader(); $form = new Form($db); -$fuser = new User($db, $_GET["id"]); -$fuser->fetch(); -$fuser->getrights(); - /* * Affichage onglets @@ -117,12 +148,29 @@ print '
'; print ''; -print '
'; + +if ($message) { print $message; } + + +/* + * Barre d'actions + */ + +print '
'; + +if ($conf->global->LDAP_SYNCHRO_ACTIVE == 'dolibarr2ldap') +{ + print ''.$langs->trans("ForceSynchronize").''; +} + +print "
\n"; +print "
\n"; -print_titre($langs->trans("LDAPInformationsForThisUser")); // Affichage attributs LDAP +print_titre($langs->trans("LDAPInformationsForThisUser")); + print ''; print ''; @@ -139,7 +187,11 @@ if ($result > 0) $dn=$fuser->_load_ldap_dn($info,1); $search = "(".$fuser->_load_ldap_dn($info,2).")"; $result=$ldap->search($dn,$search); - + if ($result < 0) + { + dolibarr_print_error($db,$ldap->error); + } + // Affichage arbre if (sizeof($result)) {