From f731545af4adb33b28a0703517654013ce9d194d Mon Sep 17 00:00:00 2001
From: Marc de Lima Lucio <68746600+marc-dll@users.noreply.github.com>
Date: Fri, 5 Mar 2021 11:14:21 +0100
Subject: [PATCH 1/4] NEW: ldap: filter search on usergroups
---
htdocs/admin/ldap_groups.php | 80 +++++++++++++++++++++-
htdocs/core/class/ldap.class.php | 5 +-
htdocs/core/modules/modLdap.class.php | 1 +
htdocs/langs/en_US/admin.lang | 1 +
scripts/user/sync_groups_ldap2dolibarr.php | 8 ++-
5 files changed, 90 insertions(+), 5 deletions(-)
diff --git a/htdocs/admin/ldap_groups.php b/htdocs/admin/ldap_groups.php
index 0cd05a53a74..4b7acd2598c 100644
--- a/htdocs/admin/ldap_groups.php
+++ b/htdocs/admin/ldap_groups.php
@@ -57,7 +57,9 @@ if ($action == 'setvalue' && $user->admin) {
if (!dolibarr_set_const($db, 'LDAP_GROUP_OBJECT_CLASS', GETPOST("objectclass", 'alphanohtml'), 'chaine', 0, '', $conf->entity)) {
$error++;
}
-
+ if (!dolibarr_set_const($db, 'LDAP_GROUP_FILTER', GETPOST("filter"), 'chaine', 0, '', $conf->entity)) {
+ $error++;
+ }
if (!dolibarr_set_const($db, 'LDAP_GROUP_FIELD_FULLNAME', GETPOST("fieldfullname", 'alphanohtml'), 'chaine', 0, '', $conf->entity)) {
$error++;
}
@@ -141,6 +143,13 @@ print '| '.$langs->trans("LDAPGroupObjectClassListExample").' | ';
print ' | ';
print '';
+// Filter, used to filter search
+print '| '.$langs->trans("LDAPFilterConnection").' | ';
+print '';
+print ' | '.$langs->trans("LDAPGroupFilterExample").' | ';
+print ' | ';
+print '
';
+
print '';
print '
';
print '';
@@ -212,10 +221,17 @@ if ($conf->global->LDAP_SYNCHRO_ACTIVE == 'dolibarr2ldap') {
$objectclass = $conf->global->LDAP_GROUP_OBJECT_CLASS;
show_ldap_test_button($butlabel, $testlabel, $key, $dn, $objectclass);
+} elseif ($conf->global->LDAP_SYNCHRO_ACTIVE == 'ldap2dolibarr') {
+ $butlabel = $langs->trans("LDAPTestSearch");
+ $testlabel = 'testsearchgroup';
+ $key = $conf->global->LDAP_KEY_GROUPS;
+ $dn = $conf->global->LDAP_GROUP_DN;
+ $objectclass = $conf->global->LDAP_GROUP_OBJECT_CLASS;
+ show_ldap_test_button($butlabel, $testlabel, $key, $dn, $objectclass);
}
if (function_exists("ldap_connect")) {
- if ($_GET["action"] == 'testgroup') {
+ if ($action == 'testgroup') {
// Creation objet
$object = new UserGroup($db);
$object->initAsSpecimen();
@@ -260,6 +276,66 @@ if (function_exists("ldap_connect")) {
print $langs->trans("ErrorLDAPMakeManualTest", $conf->ldap->dir_temp).'
';
}
}
+
+ if ($action == 'testsearchgroup') {
+ // Creation objet
+ $object = new UserGroup($db);
+ $object->initAsSpecimen();
+
+ // TODO Mutualize code following with other ldap_xxxx.php pages
+
+ // Test synchro
+ $ldap = new Ldap();
+ $result = $ldap->connect_bind();
+
+ if ($result > 0) {
+ $required_fields = array(
+ $conf->global->LDAP_KEY_GROUPS,
+ // $conf->global->LDAP_GROUP_FIELD_NAME,
+ $conf->global->LDAP_GROUP_FIELD_DESCRIPTION,
+ $conf->global->LDAP_GROUP_FIELD_GROUPMEMBERS,
+ $conf->global->LDAP_GROUP_FIELD_GROUPID
+ );
+
+ // Remove from required_fields all entries not configured in LDAP (empty) and duplicated
+ $required_fields = array_unique(array_values(array_filter($required_fields, "dol_validElement")));
+
+ // Get from LDAP database an array of results
+ $ldapgroups = $ldap->getRecords('*', $conf->global->LDAP_GROUP_DN, $conf->global->LDAP_KEY_USERS, $required_fields, 'group');
+ //$ldapgroups = $ldap->getRecords('*', $conf->global->LDAP_GROUP_DN, $conf->global->LDAP_KEY_USERS, '', 'group');
+
+ if (is_array($ldapgroups)) {
+ $liste = array();
+ foreach ($ldapgroups as $key => $ldapgroup) {
+ // Define the label string for this user
+ $label = '';
+ foreach ($required_fields as $value) {
+ if ($value) {
+ $label .= $value."=".$ldapgroup[$value]." ";
+ }
+ }
+ $liste[$key] = $label;
+ }
+ } else {
+ setEventMessages($ldap->error, $ldap->errors, 'errors');
+ }
+
+ print "
\n";
+ print "LDAP search for user:
\n";
+ print "search: *
\n";
+ print "userDN: ".$conf->global->LDAP_GROUP_DN."
\n";
+ print "useridentifier: ".$conf->global->LDAP_KEY_GROUPS."
\n";
+ print "required_fields: ".implode(',', $required_fields)."
\n";
+ print "=> ".count($liste)." records
\n";
+ print "\n
";
+ } else {
+ print img_picto('', 'error').' ';
+ print ''.$langs->trans("LDAPSynchroKO");
+ print ': '.$ldap->error;
+ print '
';
+ print $langs->trans("ErrorLDAPMakeManualTest", $conf->ldap->dir_temp).'
';
+ }
+ }
}
// End of page
diff --git a/htdocs/core/class/ldap.class.php b/htdocs/core/class/ldap.class.php
index 9963a178d1b..296bfcad852 100644
--- a/htdocs/core/class/ldap.class.php
+++ b/htdocs/core/class/ldap.class.php
@@ -139,6 +139,7 @@ class Ldap
$this->groups = $conf->global->LDAP_GROUP_DN;
$this->filter = $conf->global->LDAP_FILTER_CONNECTION; // Filter on user
+ $this->filtergroup = $conf->global->LDAP_GROUP_FILTER; // Filter on groups
$this->filtermember = $conf->global->LDAP_MEMBER_FILTER; // Filter on member
// Users
@@ -935,7 +936,7 @@ class Ldap
* @param string $userDn DN (Ex: ou=adherents,ou=people,dc=parinux,dc=org)
* @param string $useridentifier Name of key field (Ex: uid)
* @param array $attributeArray Array of fields required. Note this array must also contains field $useridentifier (Ex: sn,userPassword)
- * @param int $activefilter '1' or 'user'=use field this->filter as filter instead of parameter $search, 'member'=use field this->filtermember as filter
+ * @param int $activefilter '1' or 'user'=use field this->filter as filter instead of parameter $search, 'group'=user field this->filtergroup as filter, 'member'=use field this->filtermember as filter
* @param array $attributeAsArray Array of fields wanted as an array not a string
* @return array Array of [id_record][ldap_field]=value
*/
@@ -955,6 +956,8 @@ class Ldap
if (!empty($activefilter)) {
if (((string) $activefilter == '1' || (string) $activefilter == 'user') && $this->filter) {
$filter = '('.$this->filter.')';
+ } elseif (((string) $activefilter == 'group') && $this->filtergroup ) {
+ $filter = '('.$this->filtergroup.')';
} elseif (((string) $activefilter == 'member') && $this->filter) {
$filter = '('.$this->filtermember.')';
} else {
diff --git a/htdocs/core/modules/modLdap.class.php b/htdocs/core/modules/modLdap.class.php
index 5f4860d0149..8e3463ff4d4 100644
--- a/htdocs/core/modules/modLdap.class.php
+++ b/htdocs/core/modules/modLdap.class.php
@@ -85,6 +85,7 @@ class modLdap extends DolibarrModules
11=>array('LDAP_FIELD_PHONE', 'chaine', 'telephonenumber', '', 0),
12=>array('LDAP_FIELD_FAX', 'chaine', 'facsimiletelephonenumber', '', 0),
13=>array('LDAP_FIELD_MOBILE', 'chaine', 'mobile', '', 0),
+ 14=>array('LDAP_GROUP_FILTER', 'chaine', '&(objectClass=groupOfNames)', '', 0),
);
// Boxes
diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang
index 6b481e1357b..a94eaa75dcf 100644
--- a/htdocs/langs/en_US/admin.lang
+++ b/htdocs/langs/en_US/admin.lang
@@ -1512,6 +1512,7 @@ LDAPFieldLoginUnix=Login (unix)
LDAPFieldLoginExample=Example: uid
LDAPFilterConnection=Search filter
LDAPFilterConnectionExample=Example: &(objectClass=inetOrgPerson)
+LDAPGroupFilterExample=Example: &(objectClass=groupOfUsers)
LDAPFieldLoginSamba=Login (samba, activedirectory)
LDAPFieldLoginSambaExample=Example: samaccountname
LDAPFieldFullname=Full name
diff --git a/scripts/user/sync_groups_ldap2dolibarr.php b/scripts/user/sync_groups_ldap2dolibarr.php
index af0b117bb5e..f9725067762 100755
--- a/scripts/user/sync_groups_ldap2dolibarr.php
+++ b/scripts/user/sync_groups_ldap2dolibarr.php
@@ -97,7 +97,11 @@ print "port=".$conf->global->LDAP_SERVER_PORT."\n";
print "login=".$conf->global->LDAP_ADMIN_DN."\n";
print "pass=".preg_replace('/./i', '*', $conf->global->LDAP_ADMIN_PASS)."\n";
print "DN to extract=".$conf->global->LDAP_GROUP_DN."\n";
-print 'Filter=('.$conf->global->LDAP_KEY_GROUPS.'=*)'."\n";
+if (!empty($conf->global->LDAP_GROUP_FILTER)) {
+ print 'Filter=('.$conf->global->LDAP_GROUP_FILTER.')'."\n"; // Note: filter is defined into function getRecords
+} else {
+ print 'Filter=('.$conf->global->LDAP_KEY_GROUPS.'=*)'."\n";
+}
print "----- To Dolibarr database:\n";
print "type=".$conf->db->type."\n";
print "host=".$conf->db->host."\n";
@@ -127,7 +131,7 @@ if ($result >= 0) {
// We disable synchro Dolibarr-LDAP
$conf->global->LDAP_SYNCHRO_ACTIVE = 0;
- $ldaprecords = $ldap->getRecords('*', $conf->global->LDAP_GROUP_DN, $conf->global->LDAP_KEY_GROUPS, $required_fields, 0, array($conf->global->LDAP_GROUP_FIELD_GROUPMEMBERS));
+ $ldaprecords = $ldap->getRecords('*', $conf->global->LDAP_GROUP_DN, $conf->global->LDAP_KEY_GROUPS, $required_fields, 'group', array($conf->global->LDAP_GROUP_FIELD_GROUPMEMBERS));
if (is_array($ldaprecords)) {
$db->begin();
From 25b1469b54bcd6319468e91532d088f78c44f8b9 Mon Sep 17 00:00:00 2001
From: Marc de Lima Lucio <68746600+marc-dll@users.noreply.github.com>
Date: Fri, 5 Mar 2021 11:18:51 +0100
Subject: [PATCH 2/4] FIX: ldap group search test: bad key used + edit
label/comments + remove useless code
---
htdocs/admin/ldap_groups.php | 12 ++++--------
1 file changed, 4 insertions(+), 8 deletions(-)
diff --git a/htdocs/admin/ldap_groups.php b/htdocs/admin/ldap_groups.php
index 4b7acd2598c..d8d12a7e2d3 100644
--- a/htdocs/admin/ldap_groups.php
+++ b/htdocs/admin/ldap_groups.php
@@ -278,10 +278,6 @@ if (function_exists("ldap_connect")) {
}
if ($action == 'testsearchgroup') {
- // Creation objet
- $object = new UserGroup($db);
- $object->initAsSpecimen();
-
// TODO Mutualize code following with other ldap_xxxx.php pages
// Test synchro
@@ -301,13 +297,13 @@ if (function_exists("ldap_connect")) {
$required_fields = array_unique(array_values(array_filter($required_fields, "dol_validElement")));
// Get from LDAP database an array of results
- $ldapgroups = $ldap->getRecords('*', $conf->global->LDAP_GROUP_DN, $conf->global->LDAP_KEY_USERS, $required_fields, 'group');
- //$ldapgroups = $ldap->getRecords('*', $conf->global->LDAP_GROUP_DN, $conf->global->LDAP_KEY_USERS, '', 'group');
+ $ldapgroups = $ldap->getRecords('*', $conf->global->LDAP_GROUP_DN, $conf->global->LDAP_KEY_GROUPS, $required_fields, 'group');
+ //$ldapgroups = $ldap->getRecords('*', $conf->global->LDAP_GROUP_DN, $conf->global->LDAP_KEY_GROUPS, '', 'group');
if (is_array($ldapgroups)) {
$liste = array();
foreach ($ldapgroups as $key => $ldapgroup) {
- // Define the label string for this user
+ // Define the label string for this group
$label = '';
foreach ($required_fields as $value) {
if ($value) {
@@ -321,7 +317,7 @@ if (function_exists("ldap_connect")) {
}
print "
\n";
- print "LDAP search for user:
\n";
+ print "LDAP search for group:
\n";
print "search: *
\n";
print "userDN: ".$conf->global->LDAP_GROUP_DN."
\n";
print "useridentifier: ".$conf->global->LDAP_KEY_GROUPS."
\n";
From 396fb3fae3eff794b4c7c894a26f0f8899463264 Mon Sep 17 00:00:00 2001
From: Marc de Lima Lucio <68746600+marc-dll@users.noreply.github.com>
Date: Fri, 5 Mar 2021 11:21:04 +0100
Subject: [PATCH 3/4] FIX: ldap: bad function comment
---
htdocs/core/class/ldap.class.php | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/htdocs/core/class/ldap.class.php b/htdocs/core/class/ldap.class.php
index 296bfcad852..8757666d0b6 100644
--- a/htdocs/core/class/ldap.class.php
+++ b/htdocs/core/class/ldap.class.php
@@ -936,7 +936,7 @@ class Ldap
* @param string $userDn DN (Ex: ou=adherents,ou=people,dc=parinux,dc=org)
* @param string $useridentifier Name of key field (Ex: uid)
* @param array $attributeArray Array of fields required. Note this array must also contains field $useridentifier (Ex: sn,userPassword)
- * @param int $activefilter '1' or 'user'=use field this->filter as filter instead of parameter $search, 'group'=user field this->filtergroup as filter, 'member'=use field this->filtermember as filter
+ * @param int $activefilter '1' or 'user'=use field this->filter as filter instead of parameter $search, 'group'=use field this->filtergroup as filter, 'member'=use field this->filtermember as filter
* @param array $attributeAsArray Array of fields wanted as an array not a string
* @return array Array of [id_record][ldap_field]=value
*/
From 06cabb35ecb0e570ea0987a1e0b48048ee4d5577 Mon Sep 17 00:00:00 2001
From: stickler-ci
Date: Fri, 5 Mar 2021 10:24:28 +0000
Subject: [PATCH 4/4] Fixing style errors.
---
htdocs/admin/ldap_groups.php | 108 ++++++++++-----------
htdocs/core/class/ldap.class.php | 2 +-
scripts/user/sync_groups_ldap2dolibarr.php | 4 +-
3 files changed, 57 insertions(+), 57 deletions(-)
diff --git a/htdocs/admin/ldap_groups.php b/htdocs/admin/ldap_groups.php
index d8d12a7e2d3..13532474681 100644
--- a/htdocs/admin/ldap_groups.php
+++ b/htdocs/admin/ldap_groups.php
@@ -58,7 +58,7 @@ if ($action == 'setvalue' && $user->admin) {
$error++;
}
if (!dolibarr_set_const($db, 'LDAP_GROUP_FILTER', GETPOST("filter"), 'chaine', 0, '', $conf->entity)) {
- $error++;
+ $error++;
}
if (!dolibarr_set_const($db, 'LDAP_GROUP_FIELD_FULLNAME', GETPOST("fieldfullname", 'alphanohtml'), 'chaine', 0, '', $conf->entity)) {
$error++;
@@ -222,12 +222,12 @@ if ($conf->global->LDAP_SYNCHRO_ACTIVE == 'dolibarr2ldap') {
show_ldap_test_button($butlabel, $testlabel, $key, $dn, $objectclass);
} elseif ($conf->global->LDAP_SYNCHRO_ACTIVE == 'ldap2dolibarr') {
- $butlabel = $langs->trans("LDAPTestSearch");
- $testlabel = 'testsearchgroup';
- $key = $conf->global->LDAP_KEY_GROUPS;
- $dn = $conf->global->LDAP_GROUP_DN;
- $objectclass = $conf->global->LDAP_GROUP_OBJECT_CLASS;
- show_ldap_test_button($butlabel, $testlabel, $key, $dn, $objectclass);
+ $butlabel = $langs->trans("LDAPTestSearch");
+ $testlabel = 'testsearchgroup';
+ $key = $conf->global->LDAP_KEY_GROUPS;
+ $dn = $conf->global->LDAP_GROUP_DN;
+ $objectclass = $conf->global->LDAP_GROUP_OBJECT_CLASS;
+ show_ldap_test_button($butlabel, $testlabel, $key, $dn, $objectclass);
}
if (function_exists("ldap_connect")) {
@@ -278,59 +278,59 @@ if (function_exists("ldap_connect")) {
}
if ($action == 'testsearchgroup') {
- // TODO Mutualize code following with other ldap_xxxx.php pages
+ // TODO Mutualize code following with other ldap_xxxx.php pages
- // Test synchro
- $ldap = new Ldap();
- $result = $ldap->connect_bind();
+ // Test synchro
+ $ldap = new Ldap();
+ $result = $ldap->connect_bind();
- if ($result > 0) {
- $required_fields = array(
- $conf->global->LDAP_KEY_GROUPS,
- // $conf->global->LDAP_GROUP_FIELD_NAME,
- $conf->global->LDAP_GROUP_FIELD_DESCRIPTION,
- $conf->global->LDAP_GROUP_FIELD_GROUPMEMBERS,
- $conf->global->LDAP_GROUP_FIELD_GROUPID
- );
+ if ($result > 0) {
+ $required_fields = array(
+ $conf->global->LDAP_KEY_GROUPS,
+ // $conf->global->LDAP_GROUP_FIELD_NAME,
+ $conf->global->LDAP_GROUP_FIELD_DESCRIPTION,
+ $conf->global->LDAP_GROUP_FIELD_GROUPMEMBERS,
+ $conf->global->LDAP_GROUP_FIELD_GROUPID
+ );
- // Remove from required_fields all entries not configured in LDAP (empty) and duplicated
- $required_fields = array_unique(array_values(array_filter($required_fields, "dol_validElement")));
+ // Remove from required_fields all entries not configured in LDAP (empty) and duplicated
+ $required_fields = array_unique(array_values(array_filter($required_fields, "dol_validElement")));
- // Get from LDAP database an array of results
- $ldapgroups = $ldap->getRecords('*', $conf->global->LDAP_GROUP_DN, $conf->global->LDAP_KEY_GROUPS, $required_fields, 'group');
- //$ldapgroups = $ldap->getRecords('*', $conf->global->LDAP_GROUP_DN, $conf->global->LDAP_KEY_GROUPS, '', 'group');
+ // Get from LDAP database an array of results
+ $ldapgroups = $ldap->getRecords('*', $conf->global->LDAP_GROUP_DN, $conf->global->LDAP_KEY_GROUPS, $required_fields, 'group');
+ //$ldapgroups = $ldap->getRecords('*', $conf->global->LDAP_GROUP_DN, $conf->global->LDAP_KEY_GROUPS, '', 'group');
- if (is_array($ldapgroups)) {
- $liste = array();
- foreach ($ldapgroups as $key => $ldapgroup) {
- // Define the label string for this group
- $label = '';
- foreach ($required_fields as $value) {
- if ($value) {
- $label .= $value."=".$ldapgroup[$value]." ";
- }
- }
- $liste[$key] = $label;
- }
- } else {
- setEventMessages($ldap->error, $ldap->errors, 'errors');
- }
+ if (is_array($ldapgroups)) {
+ $liste = array();
+ foreach ($ldapgroups as $key => $ldapgroup) {
+ // Define the label string for this group
+ $label = '';
+ foreach ($required_fields as $value) {
+ if ($value) {
+ $label .= $value."=".$ldapgroup[$value]." ";
+ }
+ }
+ $liste[$key] = $label;
+ }
+ } else {
+ setEventMessages($ldap->error, $ldap->errors, 'errors');
+ }
- print "
\n";
- print "LDAP search for group:
\n";
- print "search: *
\n";
- print "userDN: ".$conf->global->LDAP_GROUP_DN."
\n";
- print "useridentifier: ".$conf->global->LDAP_KEY_GROUPS."
\n";
- print "required_fields: ".implode(',', $required_fields)."
\n";
- print "=> ".count($liste)." records
\n";
- print "\n
";
- } else {
- print img_picto('', 'error').' ';
- print ''.$langs->trans("LDAPSynchroKO");
- print ': '.$ldap->error;
- print '
';
- print $langs->trans("ErrorLDAPMakeManualTest", $conf->ldap->dir_temp).'
';
- }
+ print "
\n";
+ print "LDAP search for group:
\n";
+ print "search: *
\n";
+ print "userDN: ".$conf->global->LDAP_GROUP_DN."
\n";
+ print "useridentifier: ".$conf->global->LDAP_KEY_GROUPS."
\n";
+ print "required_fields: ".implode(',', $required_fields)."
\n";
+ print "=> ".count($liste)." records
\n";
+ print "\n
";
+ } else {
+ print img_picto('', 'error').' ';
+ print ''.$langs->trans("LDAPSynchroKO");
+ print ': '.$ldap->error;
+ print '
';
+ print $langs->trans("ErrorLDAPMakeManualTest", $conf->ldap->dir_temp).'
';
+ }
}
}
diff --git a/htdocs/core/class/ldap.class.php b/htdocs/core/class/ldap.class.php
index 8757666d0b6..0f97ed878cf 100644
--- a/htdocs/core/class/ldap.class.php
+++ b/htdocs/core/class/ldap.class.php
@@ -957,7 +957,7 @@ class Ldap
if (((string) $activefilter == '1' || (string) $activefilter == 'user') && $this->filter) {
$filter = '('.$this->filter.')';
} elseif (((string) $activefilter == 'group') && $this->filtergroup ) {
- $filter = '('.$this->filtergroup.')';
+ $filter = '('.$this->filtergroup.')';
} elseif (((string) $activefilter == 'member') && $this->filter) {
$filter = '('.$this->filtermember.')';
} else {
diff --git a/scripts/user/sync_groups_ldap2dolibarr.php b/scripts/user/sync_groups_ldap2dolibarr.php
index f9725067762..67c14a4ee5d 100755
--- a/scripts/user/sync_groups_ldap2dolibarr.php
+++ b/scripts/user/sync_groups_ldap2dolibarr.php
@@ -98,9 +98,9 @@ print "login=".$conf->global->LDAP_ADMIN_DN."\n";
print "pass=".preg_replace('/./i', '*', $conf->global->LDAP_ADMIN_PASS)."\n";
print "DN to extract=".$conf->global->LDAP_GROUP_DN."\n";
if (!empty($conf->global->LDAP_GROUP_FILTER)) {
- print 'Filter=('.$conf->global->LDAP_GROUP_FILTER.')'."\n"; // Note: filter is defined into function getRecords
+ print 'Filter=('.$conf->global->LDAP_GROUP_FILTER.')'."\n"; // Note: filter is defined into function getRecords
} else {
- print 'Filter=('.$conf->global->LDAP_KEY_GROUPS.'=*)'."\n";
+ print 'Filter=('.$conf->global->LDAP_KEY_GROUPS.'=*)'."\n";
}
print "----- To Dolibarr database:\n";
print "type=".$conf->db->type."\n";