Changeset 28534 for extensions/Ldap_Login/class.ldap.php
- Timestamp:
- May 25, 2014, 6:52:42 PM (10 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
extensions/Ldap_Login/class.ldap.php
r27285 r28534 44 44 { 45 45 $this->config['host'] = 'localhost'; 46 $this->config['basedn'] = 'ou=people,dc=example,dc=com'; // racine ! 46 $this->config['basedn'] = 'dc=example,dc=com'; // racine ! 47 $this->config['usersbranch'] = 'ou=people'; 48 $this->config['groupbranch'] = 'ou=group'; 49 $this->config['ld_search_users'] = False; 50 $this->config['ld_search_groups'] = False; 47 51 $this->config['port'] = ''; // if port is empty, I count on the software to care of it ! 48 52 $this->config['ld_attr'] = 'uid'; 53 $this->config['ld_group'] = 'cn'; 54 //$this->config['ld_class'] = 'posixAccount'; 49 55 $this->config['ld_use_ssl'] = False; 50 56 $this->config['ld_bindpw'] =''; 51 57 $this->config['ld_binddn'] =''; 52 53 58 $this->config['allow_newusers'] = False; 54 59 $this->config['advertise_admin_new_ldapuser'] = False; 55 60 $this->config['send_password_by_mail_ldap'] = False; 61 62 $this->config['users_group'] = False; 63 $this->config['webmasters_group'] = False; 64 $this->config['admins_group'] = False; 56 65 } 57 66 58 67 function load_config() { 59 // first we load the base config 68 $this->load_default_config(); 69 70 // after the default, we can load the actual conf. That way, no holes ! 60 71 $conf_file = @file_get_contents( LDAP_LOGIN_PATH.'data.dat' ); 61 72 if ($conf_file!==false) 62 73 { 63 74 $this->config = unserialize($conf_file); 75 $this->config['full_usersbranch'] = $this->config['usersbranch'].','.$this->config['basedn']; 76 $this->config['full_groupbranch'] = $this->config['groupbranch'].','.$this->config['basedn']; 64 77 } 65 78 } … … 102 115 } 103 116 117 // first, we initializes connection to ldap 104 118 if ($this->cnx = @ldap_connect($this->config['uri'])){ 105 @ldap_set_option($this->cnx, LDAP_OPT_PROTOCOL_VERSION, 3); // LDAPv3 if possible 106 return true; 107 } 108 return false; 109 110 // connect with rootdn in case not anonymous. 111 if (!empty($obj->config['ld_binddn']) && !empty($obj->config['ld_bindpw'])){ // if empty ld_binddn, anonymous work 112 113 // authentication with rootdn and rootpw for dn search 114 // carefull ! rootdn should be in full ldap style ! Nothing is supposed (to be one of the users the plugin auth…). 115 if (@ldap_bind($obj->config['ld_binddn'],$obj->config['ld_bindpw'])){ 116 return false; 117 } 118 } 119 @ldap_set_option($this->cnx, LDAP_OPT_PROTOCOL_VERSION, 3); // LDAPv3 if possible 120 121 // then we authenticate if anonymous search is forbidden 122 if (!empty($obj->config['ld_binddn']) && !empty($obj->config['ld_bindpw'])){ 123 if (@ldap_bind($this->cnx,$this->config['ld_binddn'],$this->config['ld_bindpw'])){ 124 return true; 125 } 126 else { return false; } 127 } 128 // if anonymous search is allowed, we still need a fake auth using ldap_bind 129 else { 130 if (@ldap_bind($this->cnx)){ 131 return true; 132 } 133 else { return false; } 134 } 135 } 136 else { return false; } 119 137 } 120 138 … … 126 144 // return the name ldap understand 127 145 public function ldap_name($name){ 128 return $this->config['ld_attr'].'='.$name.','.$this->config['basedn']; 146 if ($this->config['ld_search_users']) { 147 return $this->ldap_search_dn($name); 148 } 149 else { return $this->config['ld_attr'].'='.$name.','.$this->config['full_usersbranch']; } 150 } 151 152 public function ldap_group($groupname){ 153 // this should return an array, even if it's only one ! 154 if ($this->config['ld_search_groups']) { 155 return $this->ldap_search_group($groupname); 156 } 157 else { 158 $result[] = $this->config['ld_group'].'='.$groupname.','.$this->config['full_groupbranch']; 159 return $result; 160 } 129 161 } 130 162 … … 138 170 139 171 public function ldap_mail($name){ 140 141 //echo $this->cnx;142 //echo $this->ldap_name($name);143 172 $sr=@ldap_read($this->cnx, $this->ldap_name($name), "(objectclass=*)", array('mail')); 144 173 $entry = @ldap_get_entries($this->cnx, $sr); … … 150 179 } 151 180 152 // return userdn (and username) for authentication 153 /* public function ldap_search_dn($to_search){ 154 $filter = str_replace('%s',$to_search,$this->config['ld_filter']); 155 //$this->write_log('$filter '.$filter); 156 157 if ($search = @ldap_search($this->cnx,$this->config['basedn'],$filter,array('dn',$this->config['ld_attr']),0,1)){ 158 $entry = @ldap_get_entries($this->cnx, $search); 159 if (!empty($entry[0][strtolower($this->config['ld_attr'])][0])) { 160 return $entry; 161 } 162 } 163 return false; 164 } */ 165 166 167 public function getAttr() { 181 public function ldap_search_group($to_search){ 182 $ld_group = $this->config['ld_group']; 183 184 $sr=@ldap_search($this->cnx, $this->config['full_groupbranch'], "($ld_group=$to_search)", array('dn'),0,0); 185 $groups = @ldap_get_entries($this->cnx, $sr); 186 $result = array(); 187 foreach ($groups as $group) { 188 $result[] = $group['dn']; 189 } 190 return $result; 191 } 192 193 public function ldap_search_dn($to_search){ 194 $ld_attr = $this->config['ld_attr']; 195 196 $sr=@ldap_search($this->cnx, $this->config['full_usersbranch'], "($ld_attr=$to_search)", array('dn','mail'),0,0); 197 $entry = @ldap_get_entries($this->cnx, $sr); 198 199 if (!empty($entry[0]['dn'])) { 200 return $entry[0]['dn']; 201 } 202 else { return False; } 203 } 204 205 public function user_membership($user, $groups){ 206 // $groups is an array of groupdn ! (there is a possibility of several groups, we search the user in each of them). 207 foreach ($groups as $groupdn) { 208 $filter = '(objectClass=*)'; 209 $result = @ldap_read($this->cnx,$groupdn,$filter,array('memberUid')); 210 $result2 = @ldap_get_entries($this->cnx, $result); 211 if(isset($result2[0]['memberuid'])){ 212 foreach($result2[0]['memberuid'] as $item){ 213 if ($item == $user){ 214 return True; 215 } 216 } 217 } 218 } 219 return False; 220 } 221 222 public function ldap_status($username){ 223 if ($this->config['webmasters_group']) { 224 if ($this->user_membership($username,$this->ldap_group($this->config['webmasters_group']))) { 225 // set status to webmaster and quit (more powerfull, no need to get further) 226 return 'webmaster'; 227 } 228 } 229 if ($this->config['admins_group']) { 230 if ($this->user_membership($username,$this->ldap_group($this->config['admins_group']))) { 231 // set status to admin 232 return 'admin'; 233 } 234 } 235 else 236 { 237 return 'normal'; 238 } 239 } 240 241 public function getAttr(){ 168 242 $search = @ldap_read($this->cnx, "cn=subschema", "(objectClass=*)", array('*', 'subschemasubentry')); 169 243 $entries = @ldap_get_entries($this->cnx, $search); 170 echo count($entries); 171 } 172 173 public function getRootDse() { 244 } 245 246 public function getRootDse(){ 174 247 175 248 $search = @ldap_read($this->cnx, NULL, 'objectClass=*', array("*", "+")); … … 177 250 return $entries[0]; 178 251 } 179 180 252 181 253 public function ldap_check_basedn(){
Note: See TracChangeset
for help on using the changeset viewer.