From 6d392e51ee7bff281ecc0d2fdd94955e0533dbac Mon Sep 17 00:00:00 2001 From: Roland Gruber Date: Wed, 31 Jul 2019 21:19:42 +0200 Subject: [PATCH 1/3] refactoring --- lam/lib/account.inc | 1 - lam/lib/modules/asteriskExtension.inc | 3 +-- lam/lib/modules/imapAccess.inc | 19 +++++++------------ lam/lib/modules/inetOrgPerson.inc | 8 +++----- lam/lib/modules/nisMailAliasUser.inc | 27 ++++++++++----------------- lam/lib/modules/nisNetGroupUser.inc | 10 +++------- lam/lib/modules/posixAccount.inc | 20 +++++++++----------- lam/lib/security.inc | 17 ++++++++++++++++- 8 files changed, 49 insertions(+), 56 deletions(-) diff --git a/lam/lib/account.inc b/lam/lib/account.inc index 9afbadfc..c2ee1658 100644 --- a/lam/lib/account.inc +++ b/lam/lib/account.inc @@ -1483,7 +1483,6 @@ function getCallingURL($baseUrl = '') { elseif (!empty($_SERVER['HTTP_REFERER'])) { $url = $_SERVER['HTTP_REFERER']; } - logNewMessage(LOG_DEBUG, 'Calling URL detected as ' . $url); return $url; } diff --git a/lam/lib/modules/asteriskExtension.inc b/lam/lib/modules/asteriskExtension.inc index a123ebe7..006e3286 100644 --- a/lam/lib/modules/asteriskExtension.inc +++ b/lam/lib/modules/asteriskExtension.inc @@ -663,8 +663,7 @@ class asteriskExtension extends baseModule { * @return String owner */ function getDefaultExtensionOwner(){ - $credentials = $_SESSION['ldap']->decrypt_login(); - return $credentials[0]; + return $_SESSION['ldap']->getUserName(); } /** diff --git a/lam/lib/modules/imapAccess.inc b/lam/lib/modules/imapAccess.inc index 75c5d7d5..d08c4d11 100644 --- a/lam/lib/modules/imapAccess.inc +++ b/lam/lib/modules/imapAccess.inc @@ -3,7 +3,7 @@ This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) Copyright (C) 2010 - 2011 Pavel Pozdniak - 2010 - 2018 Roland Gruber + 2010 - 2019 Roland Gruber This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -248,7 +248,6 @@ class imapAccess extends baseModule { $return->addElement(new htmlHelpLink('MailAddress'), true); $return->addElement(new htmlSpacer(null, '10px'), true); - $is_mailbox_exist = false; //default is false $list = imap_list($mbox, "{" . $imap_server_address . "}", $prefix . $this->getSep() . $this->user); if (is_array($list) && sizeof($list) == 1) { $this->renderQuotasForMailbox($return, $mbox, $prefix . $this->getSep() . $this->user); @@ -550,10 +549,9 @@ class imapAccess extends baseModule { */ public function check_configOptions($typeIds, &$options) { $errors = parent::check_configOptions($typeIds, $options); - if ($options['ImapAccess_ImapAdminPasswordSelect'][0] == 'config') { - if (empty($options['ImapAccess_ImapAdminPassword'][0])) { - $errors[] = $this->messages['config'][2]; - } + if (($options['ImapAccess_ImapAdminPasswordSelect'][0] == 'config') + && empty($options['ImapAccess_ImapAdminPassword'][0])) { + $errors[] = $this->messages['config'][2]; } return $errors; } @@ -582,8 +580,7 @@ class imapAccess extends baseModule { $attrNames = array_values(array_unique($attrNames)); $attrNames = array_change_key_case($attrNames, CASE_LOWER); // read LAM login user data - $data = $_SESSION['ldap']->decrypt_login(); - $dn = $data[0]; + $dn = $_SESSION['ldap']->getUserName(); $sr = @ldap_read($_SESSION['ldap']->server(), $dn, '(objectclass=*)', $attrNames, 0, 0, 0, LDAP_DEREF_NEVER); if ($sr) { $info = @ldap_get_entries($_SESSION['ldap']->server(), $sr); @@ -617,8 +614,7 @@ class imapAccess extends baseModule { $imap_admin_password = lamDecrypt($_SESSION['imapAdmPass']); } elseif (isset($this->moduleSettings['ImapAccess_ImapAdminPasswordSelect'][0]) && ($this->moduleSettings['ImapAccess_ImapAdminPasswordSelect'][0] == "lam_user_pass")) { - $credentials = $_SESSION['ldap']->decrypt_login(); - $imap_admin_password = $credentials[1]; + $imap_admin_password = $_SESSION['ldap']->getPassword(); } elseif (!empty($this->moduleSettings['ImapAccess_ImapAdminPasswordSelect'][0]) && ($this->moduleSettings['ImapAccess_ImapAdminPasswordSelect'][0] == "config") && !empty($this->moduleSettings['ImapAccess_ImapAdminPassword'][0])) { @@ -678,8 +674,7 @@ class imapAccess extends baseModule { else { $validate_opt = "validate-cert"; } - $imap_server_address = $imap_server_name . ":" . $imap_port_number . "/" . $imap_encryption_protocol . "/" . $validate_opt; - return $imap_server_address; + return $imap_server_name . ":" . $imap_port_number . "/" . $imap_encryption_protocol . "/" . $validate_opt; } /** diff --git a/lam/lib/modules/inetOrgPerson.inc b/lam/lib/modules/inetOrgPerson.inc index 3742a70c..d8fec8ee 100644 --- a/lam/lib/modules/inetOrgPerson.inc +++ b/lam/lib/modules/inetOrgPerson.inc @@ -6,7 +6,7 @@ use LAM\PDF\PDFImage; This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) Copyright (C) 2003 - 2006 Tilo Lutz - 2005 - 2018 Roland Gruber + 2005 - 2019 Roland Gruber This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -928,19 +928,17 @@ class inetOrgPerson extends baseModule implements passwordService { $dn = 'ou=addressbook,' . $accountContainer->finalDN; $result = ldapGetDN($dn); if (empty($result)) { - $ldapUser = $_SESSION['ldap']->decrypt_login(); - $ldapUser = $ldapUser[0]; $attrs = array( 'objectClass' => array('organizationalUnit'), 'ou' => 'addressbook' ); $success = @ldap_add($_SESSION['ldap']->server(), $dn, $attrs); if (!$success) { - logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to add addressbook for user ' . $accountContainer->finalDN . ' (' . ldap_error($_SESSION['ldap']->server()) . ').'); + logNewMessage(LOG_ERR, 'Unable to add addressbook for user ' . $accountContainer->finalDN . ' (' . ldap_error($_SESSION['ldap']->server()) . ').'); $messages[] = array('ERROR', sprintf(_("Was unable to create DN: %s."), htmlspecialchars($dn)), getDefaultLDAPErrorString($_SESSION['ldap']->server())); } else { - logNewMessage(LOG_NOTICE, '[' . $ldapUser .'] Added addressbook for user ' . $accountContainer->finalDN); + logNewMessage(LOG_NOTICE, 'Added addressbook for user ' . $accountContainer->finalDN); } } } diff --git a/lam/lib/modules/nisMailAliasUser.inc b/lam/lib/modules/nisMailAliasUser.inc index a4a01588..8b3e6cdd 100644 --- a/lam/lib/modules/nisMailAliasUser.inc +++ b/lam/lib/modules/nisMailAliasUser.inc @@ -1,10 +1,9 @@ colspan = 5; $mailTable->addElement($label, true); } - $found = false; for ($i = 0; $i < $count; $i++) { if (empty($aliases[$i]['rfc822mailmember'])) { continue; @@ -185,7 +183,6 @@ class nisMailAliasUser extends baseModule { if (in_array($mails[$m], $members) && (!isset($this->recipientsToDelete[$dn]) || !in_array($mails[$m], $this->recipientsToDelete[$dn])) && !in_array($dn, $this->aliasesToDelete)) { - $found = true; $mailTable->addSpace('5px'); $mailTable->addElement(new htmlOutputText($aliases[$i]['cn'][0])); $buttonGroup = new htmlGroup(); @@ -334,7 +331,6 @@ class nisMailAliasUser extends baseModule { function display_html_add() { $return = new htmlTable(); $aliases = $this->getMailAliasList(); - $count = sizeof($aliases); $userName = $this->getUserName(); $mails = $this->getMailAddresses(); $recipient = null; @@ -411,7 +407,6 @@ class nisMailAliasUser extends baseModule { */ function process_add() { $errors = array(); - $mails = $this->getMailAddresses(); // create new alias entry if (isset($_POST['form_subpage_' . get_class($this) . '_attributes_create'])) { if (empty($_POST['new_cn']) || !get_preg($_POST['new_cn'], 'nis_alias')) { @@ -421,7 +416,7 @@ class nisMailAliasUser extends baseModule { // build new alias entry $newDN = 'cn=' . $_POST['new_cn'] . ',' . $_POST['new_ou']; $found = false; - foreach ($this->cachedAliasList as $key => $attrs) { + foreach ($this->cachedAliasList as $attrs) { if ($attrs['dn'] == $newDN) { $found = true; break; @@ -471,28 +466,26 @@ class nisMailAliasUser extends baseModule { */ public function postModifyActions($newAccount, $attributes) { $errors = array(); - $ldapUser = $_SESSION['ldap']->decrypt_login(); - $ldapUser = $ldapUser[0]; // delete complete aliases foreach ($this->aliasesToDelete as $dn) { $success = @ldap_delete($_SESSION['ldap']->server(), $dn); if (!$success) { - logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to delete ' . $dn . ' (' . ldap_error($_SESSION['ldap']->server()) . ').'); + logNewMessage(LOG_ERR, 'Unable to delete ' . $dn . ' (' . ldap_error($_SESSION['ldap']->server()) . ').'); $errors[] = array('ERROR', sprintf(_('Was unable to delete DN: %s.'), $dn), getDefaultLDAPErrorString($_SESSION['ldap']->server())); } else { - logNewMessage(LOG_NOTICE, '[' . $ldapUser .'] Removed ' . $dn); + logNewMessage(LOG_NOTICE, 'Removed ' . $dn); } } // delete recipient entries foreach ($this->recipientsToDelete as $dn => $recipients) { $success = @ldap_mod_del($_SESSION['ldap']->server(), $dn, array('rfc822mailmember' => $recipients)); if (!$success) { - logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to remove recipients ' . implode(', ', $recipients) . ' from ' . $dn . ' (' . ldap_error($_SESSION['ldap']->server()) . ').'); + logNewMessage(LOG_ERR, 'Unable to remove recipients ' . implode(', ', $recipients) . ' from ' . $dn . ' (' . ldap_error($_SESSION['ldap']->server()) . ').'); $errors[] = array('ERROR', sprintf(_('Was unable to remove attributes from DN: %s.'), $dn), getDefaultLDAPErrorString($_SESSION['ldap']->server())); } else { - logNewMessage(LOG_NOTICE, '[' . $ldapUser .'] Removed recipients ' . implode(', ', $recipients) . ' from ' . $dn); + logNewMessage(LOG_NOTICE, 'Removed recipients ' . implode(', ', $recipients) . ' from ' . $dn); } } // create new aliases @@ -500,22 +493,22 @@ class nisMailAliasUser extends baseModule { unset($attrs['dn']); $success = @ldap_add($_SESSION['ldap']->server(), $dn, $attrs); if (!$success) { - logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to create mail alias ' . $dn . ' (' . ldap_error($_SESSION['ldap']->server()) . ').'); + logNewMessage(LOG_ERR, 'Unable to create mail alias ' . $dn . ' (' . ldap_error($_SESSION['ldap']->server()) . ').'); $errors[] = array('ERROR', sprintf(_('Was unable to create DN: %s.'), $dn), getDefaultLDAPErrorString($_SESSION['ldap']->server())); } else { - logNewMessage(LOG_NOTICE, '[' . $ldapUser .'] Added mail alias with recipients ' . implode(', ', $attrs['rfc822mailmember']) . ' and DN ' . $dn); + logNewMessage(LOG_NOTICE, 'Added mail alias with recipients ' . implode(', ', $attrs['rfc822mailmember']) . ' and DN ' . $dn); } } // add recipients foreach ($this->recipientsToAdd as $dn => $recipients) { $success = @ldap_mod_add($_SESSION['ldap']->server(), $dn, array('rfc822mailmember' => $recipients)); if (!$success) { - logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to add recipients ' . implode(', ', $recipients) . ' to ' . $dn . ' (' . ldap_error($_SESSION['ldap']->server()) . ').'); + logNewMessage(LOG_ERR, 'Unable to add recipients ' . implode(', ', $recipients) . ' to ' . $dn . ' (' . ldap_error($_SESSION['ldap']->server()) . ').'); $errors[] = array('ERROR', sprintf(_('Was unable to add attributes to DN: %s.'), $dn), getDefaultLDAPErrorString($_SESSION['ldap']->server())); } else { - logNewMessage(LOG_NOTICE, '[' . $ldapUser .'] Added recipients ' . implode(', ', $recipients) . ' to ' . $dn); + logNewMessage(LOG_NOTICE, 'Added recipients ' . implode(', ', $recipients) . ' to ' . $dn); } } return $errors; diff --git a/lam/lib/modules/nisNetGroupUser.inc b/lam/lib/modules/nisNetGroupUser.inc index 394e2e83..f386d193 100644 --- a/lam/lib/modules/nisNetGroupUser.inc +++ b/lam/lib/modules/nisNetGroupUser.inc @@ -6,7 +6,7 @@ use \LAM\TYPES\TypeManager; /* This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) - Copyright (C) 2015 - 2018 Roland Gruber + Copyright (C) 2015 - 2019 Roland Gruber This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -315,8 +315,6 @@ class nisNetGroupUser extends baseModule { if (empty($uid)) { return array(); } - $ldapUser = $_SESSION['ldap']->decrypt_login(); - $ldapUser = $ldapUser[0]; $messages = array(); // calculate differences $toRem = $this->groupsOrig; @@ -370,7 +368,7 @@ class nisNetGroupUser extends baseModule { ); $success = @ldap_mod_replace($_SESSION['ldap']->server(), $dn, $attributes); if (!$success) { - logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to modify attributes of DN: ' . $dn . ' (' . ldap_error($_SESSION['ldap']->server()) . ').'); + logNewMessage(LOG_ERR, 'Unable to modify attributes of DN: ' . $dn . ' (' . ldap_error($_SESSION['ldap']->server()) . ').'); $messages[] = array('ERROR', sprintf(_('Was unable to modify attributes of DN: %s.'), $dn), getDefaultLDAPErrorString($_SESSION['ldap']->server())); } } @@ -397,8 +395,6 @@ class nisNetGroupUser extends baseModule { if (empty($uid)) { return array(); } - $ldapUser = $_SESSION['ldap']->decrypt_login(); - $ldapUser = $ldapUser[0]; $return = array(); // remove from NIS netgroups $changes = array(); @@ -419,7 +415,7 @@ class nisNetGroupUser extends baseModule { ); $success = @ldap_mod_replace($_SESSION['ldap']->server(), $dn, $attributes); if (!$success) { - logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to modify attributes of DN: ' . $dn . ' (' . ldap_error($_SESSION['ldap']->server()) . ').'); + logNewMessage(LOG_ERR, 'Unable to modify attributes of DN: ' . $dn . ' (' . ldap_error($_SESSION['ldap']->server()) . ').'); $messages[] = array('ERROR', sprintf(_('Was unable to modify attributes of DN: %s.'), $dn), getDefaultLDAPErrorString($_SESSION['ldap']->server())); } } diff --git a/lam/lib/modules/posixAccount.inc b/lam/lib/modules/posixAccount.inc index abf71319..2b4fba86 100644 --- a/lam/lib/modules/posixAccount.inc +++ b/lam/lib/modules/posixAccount.inc @@ -601,7 +601,6 @@ class posixAccount extends baseModule implements passwordService { *
"info" are values with informational value (e.g. to be used later by pre/postModify actions) */ function save_attributes() { - $typeId = $this->getAccountContainer()->get_type()->getId(); if (!$this->skipObjectClass() && (!in_array('posixAccount', $this->attributes['objectClass']) && !in_array('posixAccount', $this->orig['objectClass']))) { // skip saving if the extension was not added/modified return array(); @@ -656,7 +655,7 @@ class posixAccount extends baseModule implements passwordService { $add = array_delete($this->groups_orig, $this->groups); $remove = array_delete($this->groups, $this->groups_orig); $groupList = searchLDAPByAttribute('cn', '*', 'posixGroup', array('cn', 'dn'), array('group')); - $dn2cn = array(); + $cn2dn = array(); for ($i = 0; $i < sizeof($groupList); $i++) { $cn2dn[$groupList[$i]['cn'][0]] = $groupList[$i]['dn']; } @@ -815,8 +814,6 @@ class posixAccount extends baseModule implements passwordService { $gons = $this->findGroupOfNames(); $toAdd = array_values(array_diff($this->gonList, $this->gonList_orig)); $toRem = array_values(array_diff($this->gonList_orig, $this->gonList)); - $ldapUser = $_SESSION['ldap']->decrypt_login(); - $ldapUser = $ldapUser[0]; // update groups if DN changed if (isset($accountContainer->dn_orig) && ($accountContainer->dn_orig != $accountContainer->finalDN)) { // update owner/member/uniqueMember attributes @@ -837,7 +834,7 @@ class posixAccount extends baseModule implements passwordService { $success = @ldap_mod_replace($_SESSION['ldap']->server(), $ownerGroups[$i]['dn'], array($searchAttr => $newOwners)); if (!$success) { $ldapError = getDefaultLDAPErrorString($_SESSION['ldap']->server()); - logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to modify attributes of DN: ' . $ownerGroups[$i]['dn'] . ' (' . $ldapError . ').'); + logNewMessage(LOG_ERR, 'Unable to modify attributes of DN: ' . $ownerGroups[$i]['dn'] . ' (' . $ldapError . ').'); $messages[] = array('ERROR', sprintf(_('Was unable to modify attributes of DN: %s.'), $ownerGroups[$i]['dn']), $ldapError); } } @@ -853,11 +850,11 @@ class posixAccount extends baseModule implements passwordService { } $success = @ldap_mod_add($_SESSION['ldap']->server(), $toAdd[$i], array($attrName => array($accountContainer->finalDN))); if (!$success) { - logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to add user ' . $accountContainer->finalDN . ' to group: ' . $toAdd[$i] . ' (' . ldap_error($_SESSION['ldap']->server()) . ').'); + logNewMessage(LOG_ERR, 'Unable to add user ' . $accountContainer->finalDN . ' to group: ' . $toAdd[$i] . ' (' . ldap_error($_SESSION['ldap']->server()) . ').'); $messages[] = array('ERROR', sprintf(_('Was unable to add attributes to DN: %s.'), $toAdd[$i]), getDefaultLDAPErrorString($_SESSION['ldap']->server())); } else { - logNewMessage(LOG_NOTICE, '[' . $ldapUser .'] Added user ' . $accountContainer->finalDN . ' to group: ' . $toAdd[$i]); + logNewMessage(LOG_NOTICE, 'Added user ' . $accountContainer->finalDN . ' to group: ' . $toAdd[$i]); } } } @@ -870,11 +867,11 @@ class posixAccount extends baseModule implements passwordService { } $success = @ldap_mod_del($_SESSION['ldap']->server(), $toRem[$i], array($attrName => array($accountContainer->dn_orig))); if (!$success) { - logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to delete user ' . $accountContainer->finalDN . ' from group: ' . $toRem[$i] . ' (' . ldap_error($_SESSION['ldap']->server()) . ').'); + logNewMessage(LOG_ERR, 'Unable to delete user ' . $accountContainer->finalDN . ' from group: ' . $toRem[$i] . ' (' . ldap_error($_SESSION['ldap']->server()) . ').'); $messages[] = array('ERROR', sprintf(_('Was unable to remove attributes from DN: %s.'), $toRem[$i]), getDefaultLDAPErrorString($_SESSION['ldap']->server())); } else { - logNewMessage(LOG_NOTICE, '[' . $ldapUser .'] Removed user ' . $accountContainer->finalDN . ' from group: ' . $toRem[$i]); + logNewMessage(LOG_NOTICE, 'Removed user ' . $accountContainer->finalDN . ' from group: ' . $toRem[$i]); } } } @@ -3385,10 +3382,10 @@ class posixAccount extends baseModule implements passwordService { } return true; } - + /** * Returns if the module manages the password attribute. - * + * * @param string $typeId account type id * @return boolean manages password */ @@ -3557,6 +3554,7 @@ class posixAccount extends baseModule implements passwordService { $types = $typeManager->getConfiguredTypesForScopes(array('gon', 'group')); foreach ($types as $type) { $typeFilter = get_ldap_filter($type->getId()); + echo $type->getId() . $typeFilter; $results = searchLDAP($type->getSuffix(), $typeFilter, array('cn', 'dn', 'objectClass')); for ($i = 0; $i < sizeof($results); $i++) { if ((in_array_ignore_case('groupOfNames', $results[$i]['objectclass']) diff --git a/lam/lib/security.inc b/lam/lib/security.inc index 82736a4c..a51ba3c4 100644 --- a/lam/lib/security.inc +++ b/lam/lib/security.inc @@ -270,7 +270,7 @@ function logNewMessage($level, $message) { return; } // ok to log, build log message - $prefix = "LDAP Account Manager (" . session_id() . ' - ' . getClientIPForLogging() . ") - " . $possibleLevels[$level] . ": "; + $prefix = "LDAP Account Manager (" . session_id() . ' - ' . getClientIPForLogging() . ' - ' . getLamLdapUser() . ") - " . $possibleLevels[$level] . ": "; $message = $prefix . $message; // Syslog logging if ($cfg->logDestination == 'SYSLOG') { @@ -608,6 +608,21 @@ function getClientIPForLogging() { return $ip; } +/** + * Returns the login dn of the current user. + * + * @return string user DN + */ +function getLamLdapUser() { + if (isset($_SESSION['ldap'])) { + return $_SESSION['ldap']->getUserName(); + } + elseif (isset($_SESSION['selfService_clientDN'])) { + return lamDecrypt($_SESSION['selfService_clientDN'], 'SelfService'); + } + return ''; +} + /** * Adds a security token to the session to prevent CSRF attacks. * From e0a82bc70d6a3e380ee3d5caa53e11c033335dd6 Mon Sep 17 00:00:00 2001 From: Roland Gruber Date: Mon, 5 Aug 2019 21:56:06 +0200 Subject: [PATCH 2/3] removed decrypt_login() --- lam/lib/account.inc | 6 ++-- lam/lib/adminHeader.inc | 8 ++--- lam/lib/ldap.inc | 27 +++++----------- lam/lib/modules.inc | 34 ++++++++++---------- lam/lib/modules/windowsGroup.inc | 13 +++----- lam/lib/modules/windowsUser.inc | 12 +++---- lam/lib/remote.inc | 8 ++--- lam/lib/security.inc | 4 +-- lam/templates/3rdParty/pla/config/config.php | 5 ++- lam/templates/login2Factor.php | 7 ++-- lam/templates/logout.php | 6 ++-- lam/templates/tests/lamdaemonTest.php | 6 ++-- 12 files changed, 56 insertions(+), 80 deletions(-) diff --git a/lam/lib/account.inc b/lam/lib/account.inc index c2ee1658..d822ae75 100644 --- a/lam/lib/account.inc +++ b/lam/lib/account.inc @@ -955,14 +955,12 @@ function deleteDN($dn, $recursive) { } // delete parent DN $success = @ldap_delete($_SESSION['ldap']->server(), $dn); - $ldapUser = $_SESSION['ldap']->decrypt_login(); - $ldapUser = $ldapUser[0]; if (!$success) { - logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to delete DN: ' . $dn . ' (' . ldap_error($_SESSION['ldap']->server()) . ').'); + logNewMessage(LOG_ERR, 'Unable to delete DN: ' . $dn . ' (' . ldap_error($_SESSION['ldap']->server()) . ').'); $errors[] = array ('ERROR', sprintf(_('Was unable to delete DN: %s.'), $dn), getDefaultLDAPErrorString($_SESSION['ldap']->server())); } else { - logNewMessage(LOG_NOTICE, '[' . $ldapUser .'] Deleted DN: ' . $dn); + logNewMessage(LOG_NOTICE, 'Deleted DN: ' . $dn); } return $errors; } diff --git a/lam/lib/adminHeader.inc b/lam/lib/adminHeader.inc index 38e5075a..0ee771df 100644 --- a/lam/lib/adminHeader.inc +++ b/lam/lib/adminHeader.inc @@ -101,12 +101,12 @@ foreach ($toSort as $key => $value) { decrypt_login(); - $userName = extractRDNValue($userData[0]); + $userData = $_SESSION['ldap']->getUserName(); + $userName = extractRDNValue($userData); ?> '; + echo '  '; $serverProfileLabel = $_SESSION['config']->getName() . ' - '; $serverProfileNames = getConfigProfiles(); if (sizeof($serverProfileNames) < 2) { @@ -118,7 +118,7 @@ foreach ($toSort as $key => $value) { '; + echo '  '; echo $userName; echo ''; ?> diff --git a/lam/lib/ldap.inc b/lam/lib/ldap.inc index 287786a6..c2bbc238 100644 --- a/lam/lib/ldap.inc +++ b/lam/lib/ldap.inc @@ -1,9 +1,8 @@ server); + else { + return ldap_errno($this->server); + } + } + else { + return false; } - else return false; } /** Closes connection to server */ @@ -118,8 +121,7 @@ class Ldap{ */ public function server() { if (!$this->is_connected) { - $data = $this->decrypt_login(); - $this->connect($data[0], $data[1]); + $this->connect($this->getUserName(), $this->getPassword()); $this->is_connected = true; } return $this->server; @@ -179,19 +181,6 @@ class Ldap{ $this->password = base64_encode(lamEncrypt($password)); } - /** - * Decrypts username and password - * - * @return array array(user name, password) - */ - public function decrypt_login() { - // decrypt username and password - $username = lamDecrypt(base64_decode($this->username)); - $password = lamDecrypt(base64_decode($this->password)); - $ret = array($username, $password); - return $ret; - } - /** * Returns the LDAP user name. * diff --git a/lam/lib/modules.inc b/lam/lib/modules.inc index 4d887095..d7876e13 100644 --- a/lam/lib/modules.inc +++ b/lam/lib/modules.inc @@ -138,8 +138,8 @@ function get_ldap_filter($typeId) { else { $finalFilter = "(&" . implode("", $filters['and']) . ")"; } - $loginData = $_SESSION['ldap']->decrypt_login(); - return str_replace('@@LOGIN_DN@@', $loginData[0], $finalFilter); + $loginData = $_SESSION['ldap']->getUserName(); + return str_replace('@@LOGIN_DN@@', $loginData, $finalFilter); } /** @@ -186,7 +186,9 @@ function getRDNAttributes($typeId, $selectedModules=null) { // merge arrays $return = array_values(array_unique($attrs_high)); for ($i = 0; $i < sizeof($attrs_normal); $i++) { - if (!in_array($attrs_normal[$i], $return)) $return[] = $attrs_normal[$i]; + if (!in_array($attrs_normal[$i], $return)) { + $return[] = $attrs_normal[$i]; + } } for ($i = 0; $i < sizeof($attrs_low); $i++) { if (!in_array($attrs_low[$i], $return)) { @@ -1812,8 +1814,6 @@ class accountContainer { } $this->finalDN = $this->dn_orig; $errors = array(); - $ldapUser = $_SESSION['ldap']->decrypt_login(); - $ldapUser = $ldapUser[0]; $module = array_keys($this->module); $attributes = array(); // load attributes @@ -1958,7 +1958,7 @@ class accountContainer { logNewMessage(LOG_DEBUG, 'Rename ' . $this->dn_orig . ' to ' . $this->finalDN); $success = ldap_rename($_SESSION['ldap']->server(), $this->dn_orig, $this->getRDN($this->finalDN), $this->getParentDN($this->finalDN), $removeOldRDN); if ($success) { - logNewMessage(LOG_NOTICE, '[' . $ldapUser .'] Renamed DN ' . $this->dn_orig . " to " . $this->finalDN); + logNewMessage(LOG_NOTICE, 'Renamed DN ' . $this->dn_orig . " to " . $this->finalDN); // do not add attribute value as new one if added via rename operation if (!empty($attributes[$this->finalDN]['add'][$rdnAttr]) && in_array(extractRDNValue($this->finalDN), $attributes[$this->finalDN]['add'][$rdnAttr])) { $attributes[$this->finalDN]['add'][$rdnAttr] = array_delete(array(extractRDNValue($this->finalDN)), $attributes[$this->finalDN]['add'][$rdnAttr]); @@ -1968,7 +1968,7 @@ class accountContainer { } } else { - logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to rename DN: ' . $this->dn_orig . ' (' . ldap_error($_SESSION['ldap']->server()) . '). ' + logNewMessage(LOG_ERR, 'Unable to rename DN: ' . $this->dn_orig . ' (' . ldap_error($_SESSION['ldap']->server()) . '). ' . getExtendedLDAPErrorMessage($_SESSION['ldap']->server())); $errors[] = array('ERROR', sprintf(_('Was unable to rename DN: %s.'), $this->dn_orig), getDefaultLDAPErrorString($_SESSION['ldap']->server())); $stopprocessing = true; @@ -1988,13 +1988,13 @@ class accountContainer { } $success = @ldap_add($_SESSION['ldap']->server(), $this->finalDN, $attr); if (!$success) { - logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to create DN: ' . $this->finalDN . ' (' . ldap_error($_SESSION['ldap']->server()) . '). ' + logNewMessage(LOG_ERR, 'Unable to create DN: ' . $this->finalDN . ' (' . ldap_error($_SESSION['ldap']->server()) . '). ' . getExtendedLDAPErrorMessage($_SESSION['ldap']->server())); $errors[] = array('ERROR', sprintf(_('Was unable to create DN: %s.'), $this->finalDN), getDefaultLDAPErrorString($_SESSION['ldap']->server())); $stopprocessing = true; } else { - logNewMessage(LOG_NOTICE, '[' . $ldapUser .'] Created DN: ' . $this->finalDN); + logNewMessage(LOG_NOTICE, 'Created DN: ' . $this->finalDN); } unset($attributes[$this->finalDN]); } @@ -2007,16 +2007,16 @@ class accountContainer { if (!empty($attributes[$DNs[$i]]['modify']) && !$stopprocessing) { $success = @ldap_mod_replace($_SESSION['ldap']->server(), $DNs[$i], $attributes[$DNs[$i]]['modify']); if (!$success) { - logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to modify attributes of DN: ' . $DNs[$i] . ' (' . ldap_error($_SESSION['ldap']->server()) . '). ' + logNewMessage(LOG_ERR, 'Unable to modify attributes of DN: ' . $DNs[$i] . ' (' . ldap_error($_SESSION['ldap']->server()) . '). ' . getExtendedLDAPErrorMessage($_SESSION['ldap']->server())); $errors[] = array('ERROR', sprintf(_('Was unable to modify attributes of DN: %s.'), $DNs[$i]), getDefaultLDAPErrorString($_SESSION['ldap']->server())); $stopprocessing = true; } else { - logNewMessage(LOG_NOTICE, '[' . $ldapUser .'] Modified DN: ' . $DNs[$i]); + logNewMessage(LOG_NOTICE, 'Modified DN: ' . $DNs[$i]); // check if the password of the currently logged in user was changed - $lamAdmin = $_SESSION['ldap']->decrypt_login(); - if ((strtolower($DNs[$i]) == strtolower($lamAdmin[0])) && isset($attributes[$DNs[$i]]['info']['userPasswordClearText'][0])) { + $lamAdmin = $_SESSION['ldap']->getUserName(); + if ((strtolower($DNs[$i]) == strtolower($lamAdmin)) && isset($attributes[$DNs[$i]]['info']['userPasswordClearText'][0])) { $_SESSION['ldap']->encrypt_login($DNs[$i], $attributes[$DNs[$i]]['info']['userPasswordClearText'][0]); } } @@ -2025,26 +2025,26 @@ class accountContainer { if (!empty($attributes[$DNs[$i]]['add']) && !$stopprocessing) { $success = @ldap_mod_add($_SESSION['ldap']->server(), $DNs[$i], $attributes[$DNs[$i]]['add']); if (!$success) { - logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to add attributes to DN: ' . $DNs[$i] . ' (' . ldap_error($_SESSION['ldap']->server()) . '). ' + logNewMessage(LOG_ERR, 'Unable to add attributes to DN: ' . $DNs[$i] . ' (' . ldap_error($_SESSION['ldap']->server()) . '). ' . getExtendedLDAPErrorMessage($_SESSION['ldap']->server())); $errors[] = array('ERROR', sprintf(_('Was unable to add attributes to DN: %s.'), $DNs[$i]), getDefaultLDAPErrorString($_SESSION['ldap']->server())); $stopprocessing = true; } else { - logNewMessage(LOG_NOTICE, '[' . $ldapUser .'] Modified DN: ' . $DNs[$i]); + logNewMessage(LOG_NOTICE, 'Modified DN: ' . $DNs[$i]); } } // remove attributes if (!empty($attributes[$DNs[$i]]['remove']) && !$stopprocessing) { $success = @ldap_mod_del($_SESSION['ldap']->server(), $DNs[$i], $attributes[$DNs[$i]]['remove']); if (!$success) { - logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to delete attributes from DN: ' . $DNs[$i] . ' (' . ldap_error($_SESSION['ldap']->server()) . '). ' + logNewMessage(LOG_ERR, 'Unable to delete attributes from DN: ' . $DNs[$i] . ' (' . ldap_error($_SESSION['ldap']->server()) . '). ' . getExtendedLDAPErrorMessage($_SESSION['ldap']->server())); $errors[] = array('ERROR', sprintf(_('Was unable to remove attributes from DN: %s.'), $DNs[$i]), getDefaultLDAPErrorString($_SESSION['ldap']->server())); $stopprocessing = true; } else { - logNewMessage(LOG_NOTICE, '[' . $ldapUser .'] Modified DN: ' . $DNs[$i]); + logNewMessage(LOG_NOTICE, 'Modified DN: ' . $DNs[$i]); } } } diff --git a/lam/lib/modules/windowsGroup.inc b/lam/lib/modules/windowsGroup.inc index 5d9009a0..6eee3750 100644 --- a/lam/lib/modules/windowsGroup.inc +++ b/lam/lib/modules/windowsGroup.inc @@ -4,10 +4,9 @@ use \LAM\PDF\PDFTableCell; use \LAM\PDF\PDFTableRow; use \LAM\TYPES\TypeManager; /* -$Id$ This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) - Copyright (C) 2013 - 2017 Roland Gruber + Copyright (C) 2013 - 2019 Roland Gruber This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -1036,18 +1035,16 @@ class windowsGroup extends baseModule { $toAdd = array_values(array_diff($this->attributes['memberOf'], $this->orig['memberOf'])); $toRem = array_values(array_diff($this->orig['memberOf'], $this->attributes['memberOf'])); $toUpdate = array_values(array_intersect($this->attributes['memberOf'], $this->orig['memberOf'])); - $ldapUser = $_SESSION['ldap']->decrypt_login(); - $ldapUser = $ldapUser[0]; // add groups for ($i = 0; $i < sizeof($toAdd); $i++) { if (in_array($toAdd[$i], $groups)) { $success = @ldap_mod_add($_SESSION['ldap']->server(), $toAdd[$i], array('member' => array($this->getAccountContainer()->finalDN))); if (!$success) { - logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to add group ' . $this->getAccountContainer()->finalDN . ' to group: ' . $toAdd[$i] . ' (' . ldap_error($_SESSION['ldap']->server()) . ').'); + logNewMessage(LOG_ERR, 'Unable to add group ' . $this->getAccountContainer()->finalDN . ' to group: ' . $toAdd[$i] . ' (' . ldap_error($_SESSION['ldap']->server()) . ').'); $messages[] = array('ERROR', sprintf(_('Was unable to add attributes to DN: %s.'), $toAdd[$i]), getDefaultLDAPErrorString($_SESSION['ldap']->server())); } else { - logNewMessage(LOG_NOTICE, '[' . $ldapUser .'] Added group ' . $this->getAccountContainer()->finalDN . ' to group: ' . $toAdd[$i]); + logNewMessage(LOG_NOTICE, 'Added group ' . $this->getAccountContainer()->finalDN . ' to group: ' . $toAdd[$i]); } } } @@ -1056,11 +1053,11 @@ class windowsGroup extends baseModule { if (in_array($toRem[$i], $groups)) { $success = @ldap_mod_del($_SESSION['ldap']->server(), $toRem[$i], array('member' => array($this->getAccountContainer()->dn_orig))); if (!$success) { - logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to delete group ' . $this->getAccountContainer()->finalDN . ' from group: ' . $toRem[$i] . ' (' . ldap_error($_SESSION['ldap']->server()) . ').'); + logNewMessage(LOG_ERR, 'Unable to delete group ' . $this->getAccountContainer()->finalDN . ' from group: ' . $toRem[$i] . ' (' . ldap_error($_SESSION['ldap']->server()) . ').'); $messages[] = array('ERROR', sprintf(_('Was unable to remove attributes from DN: %s.'), $toRem[$i]), getDefaultLDAPErrorString($_SESSION['ldap']->server())); } else { - logNewMessage(LOG_NOTICE, '[' . $ldapUser .'] Removed group ' . $this->getAccountContainer()->finalDN . ' from group: ' . $toRem[$i]); + logNewMessage(LOG_NOTICE, 'Removed group ' . $this->getAccountContainer()->finalDN . ' from group: ' . $toRem[$i]); } } } diff --git a/lam/lib/modules/windowsUser.inc b/lam/lib/modules/windowsUser.inc index 0b93624f..4849ced7 100644 --- a/lam/lib/modules/windowsUser.inc +++ b/lam/lib/modules/windowsUser.inc @@ -2171,18 +2171,16 @@ class windowsUser extends baseModule implements passwordService { $groups = $this->findGroups(); $toAdd = array_values(array_diff($this->groupList, $this->groupList_orig)); $toRem = array_values(array_diff($this->groupList_orig, $this->groupList)); - $ldapUser = $_SESSION['ldap']->decrypt_login(); - $ldapUser = $ldapUser[0]; // add groups for ($i = 0; $i < sizeof($toAdd); $i++) { if (in_array($toAdd[$i], $groups)) { $success = @ldap_mod_add($_SESSION['ldap']->server(), $toAdd[$i], array('member' => array($this->getAccountContainer()->finalDN))); if (!$success) { - logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to add user ' . $this->getAccountContainer()->finalDN . ' to group: ' . $toAdd[$i] . ' (' . ldap_error($_SESSION['ldap']->server()) . ').'); + logNewMessage(LOG_ERR, 'Unable to add user ' . $this->getAccountContainer()->finalDN . ' to group: ' . $toAdd[$i] . ' (' . ldap_error($_SESSION['ldap']->server()) . ').'); $messages[] = array('ERROR', sprintf(_('Was unable to add attributes to DN: %s.'), $toAdd[$i]), getDefaultLDAPErrorString($_SESSION['ldap']->server())); } else { - logNewMessage(LOG_NOTICE, '[' . $ldapUser .'] Added user ' . $this->getAccountContainer()->finalDN . ' to group: ' . $toAdd[$i]); + logNewMessage(LOG_NOTICE, 'Added user ' . $this->getAccountContainer()->finalDN . ' to group: ' . $toAdd[$i]); } } } @@ -2191,11 +2189,11 @@ class windowsUser extends baseModule implements passwordService { if (in_array($toRem[$i], $groups)) { $success = @ldap_mod_del($_SESSION['ldap']->server(), $toRem[$i], array('member' => array($this->getAccountContainer()->dn_orig))); if (!$success) { - logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to delete user ' . $this->getAccountContainer()->finalDN . ' from group: ' . $toRem[$i] . ' (' . ldap_error($_SESSION['ldap']->server()) . ').'); + logNewMessage(LOG_ERR, 'Unable to delete user ' . $this->getAccountContainer()->finalDN . ' from group: ' . $toRem[$i] . ' (' . ldap_error($_SESSION['ldap']->server()) . ').'); $messages[] = array('ERROR', sprintf(_('Was unable to remove attributes from DN: %s.'), $toRem[$i]), getDefaultLDAPErrorString($_SESSION['ldap']->server())); } else { - logNewMessage(LOG_NOTICE, '[' . $ldapUser .'] Removed user ' . $this->getAccountContainer()->finalDN . ' from group: ' . $toRem[$i]); + logNewMessage(LOG_NOTICE, 'Removed user ' . $this->getAccountContainer()->finalDN . ' from group: ' . $toRem[$i]); } } } @@ -2204,7 +2202,7 @@ class windowsUser extends baseModule implements passwordService { $attrs = array('pwdLastSet' => array($this->pwdLastSet)); $success = @ldap_modify($_SESSION['ldap']->server(), $this->getAccountContainer()->finalDN, $attrs); if (!$success) { - logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to change pwdLastSet for ' . $this->getAccountContainer()->finalDN . ' (' . ldap_error($_SESSION['ldap']->server()) . ').'); + logNewMessage(LOG_ERR, 'Unable to change pwdLastSet for ' . $this->getAccountContainer()->finalDN . ' (' . ldap_error($_SESSION['ldap']->server()) . ').'); $messages[] = array('ERROR', sprintf(_('Was unable to modify attributes of DN: %s.'), $this->getAccountContainer()->finalDN), getDefaultLDAPErrorString($_SESSION['ldap']->server())); } } diff --git a/lam/lib/remote.inc b/lam/lib/remote.inc index 0502a1c1..f5aca48e 100644 --- a/lam/lib/remote.inc +++ b/lam/lib/remote.inc @@ -101,10 +101,10 @@ class Remote { */ private function loginSSH($handle) { $username = $_SESSION['config']->getScriptUserName(); - $credentials = $_SESSION['ldap']->decrypt_login(); + $ldapUser = $_SESSION['ldap']->getUserName(); if (empty($username)) { // get user name from current LAM user - $sr = @ldap_read($_SESSION['ldap']->server(), $credentials[0], "objectClass=posixAccount", array('uid'), 0, 0, 0, LDAP_DEREF_NEVER); + $sr = @ldap_read($_SESSION['ldap']->server(), $ldapUser, "objectClass=posixAccount", array('uid'), 0, 0, 0, LDAP_DEREF_NEVER); if ($sr) { $entry = @ldap_get_entries($_SESSION['ldap']->server(), $sr); if (!empty($entry[0]['uid'])) { @@ -112,10 +112,10 @@ class Remote { } } if (empty($username)) { - throw new LAMException(sprintf(_("Your LAM admin user (%s) must be a valid Unix account to work with lamdaemon!"), getAbstractDN($credentials[0]))); + throw new LAMException(sprintf(_("Your LAM admin user (%s) must be a valid Unix account to work with lamdaemon!"), getAbstractDN($ldapUser))); } } - $password = $credentials[1]; + $password = $_SESSION['ldap']->getPassword(); $keyPath = $_SESSION['config']->getScriptSSHKey(); if (!empty($keyPath)) { // use key authentication diff --git a/lam/lib/security.inc b/lam/lib/security.inc index a51ba3c4..bf9c717a 100644 --- a/lam/lib/security.inc +++ b/lam/lib/security.inc @@ -173,8 +173,8 @@ function checkClientIP() { function logoffAndBackToLoginPage() { // log message if (isset($_SESSION['ldap'])) { - $ldapUser = $_SESSION['ldap']->decrypt_login(); - logNewMessage(LOG_WARNING, 'Session of user ' . $ldapUser[0] . ' expired.'); + $ldapUser = $_SESSION['ldap']->getUserName(); + logNewMessage(LOG_WARNING, 'Session of user ' . $ldapUser . ' expired.'); // close LDAP connection @$_SESSION["ldap"]->destroy(); } diff --git a/lam/templates/3rdParty/pla/config/config.php b/lam/templates/3rdParty/pla/config/config.php index bf182f7f..d9d9d676 100644 --- a/lam/templates/3rdParty/pla/config/config.php +++ b/lam/templates/3rdParty/pla/config/config.php @@ -4,7 +4,6 @@ app_session_start(); $lamConfig = $_SESSION['config']; $lamCfgMain = $_SESSION['cfgMain']; $lamLdap = $_SESSION['ldap']; -$lamLogin = $lamLdap->decrypt_login(); $servers = new Datastore(); $servers->newServer('ldap_pla'); @@ -12,8 +11,8 @@ $servers->setValue('server','name',null); $servers->setValue('server','host',$lamConfig->get_ServerURL()); $servers->setValue('server','base',array($lamConfig->get_Suffix('tree'))); $servers->setValue('login','auth_type','config'); -$servers->setValue('login','bind_id',$lamLogin[0]); -$servers->setValue('login','bind_pass',$lamLogin[1]); +$servers->setValue('login','bind_id', $lamLdap->getUserName()); +$servers->setValue('login','bind_pass',$lamLdap->getPassword()); if ($lamConfig->getUseTLS() == 'yes') { $servers->setValue('server','tls',true); } diff --git a/lam/templates/login2Factor.php b/lam/templates/login2Factor.php index 9c5060b7..9f4b4383 100644 --- a/lam/templates/login2Factor.php +++ b/lam/templates/login2Factor.php @@ -9,10 +9,9 @@ use \htmlSelect; use \htmlInputField; use \htmlButton; /* -$Id$ This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) - Copyright (C) 2017 Roland Gruber + Copyright (C) 2017 - 2019 Roland Gruber This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -46,9 +45,7 @@ startSecureSession(); setlanguage(); $config = $_SESSION['config']; -$ldap = $_SESSION['ldap']; -$credentials = $ldap->decrypt_login(); -$password = $credentials[1]; +$password = $_SESSION['ldap']->getPassword(); $user = $_SESSION['user2factor']; if (get_preg($user, 'dn')) { $user = extractRDNValue($user); diff --git a/lam/templates/logout.php b/lam/templates/logout.php index 42a34d14..73385605 100644 --- a/lam/templates/logout.php +++ b/lam/templates/logout.php @@ -1,9 +1,8 @@ decrypt_login(); - logNewMessage(LOG_NOTICE, 'User ' . $ldapUser[0] . ' logged off.'); + logNewMessage(LOG_NOTICE, 'User logged off.'); // close LDAP connection if (!empty($_SESSION["ldap"])) { diff --git a/lam/templates/tests/lamdaemonTest.php b/lam/templates/tests/lamdaemonTest.php index bd9bc984..f69043af 100644 --- a/lam/templates/tests/lamdaemonTest.php +++ b/lam/templates/tests/lamdaemonTest.php @@ -210,13 +210,13 @@ function lamRunTestSuite($serverName, $serverTitle, $testQuota, $container) { $container->addVerticalSpacer('0.5rem'); // check Unix account of LAM admin - $credentials = $_SESSION['ldap']->decrypt_login(); + $ldapUser = $_SESSION['ldap']->getUserName(); if (!$stopTest) { $scriptUserName = $_SESSION['config']->getScriptUserName(); if (empty($scriptUserName)) { $container->add(new htmlOutputText(_("Unix account")), 10, 4); $unixOk = false; - $sr = @ldap_read($_SESSION['ldap']->server(), $credentials[0], "objectClass=posixAccount", array('uid'), 0, 0, 0, LDAP_DEREF_NEVER); + $sr = @ldap_read($_SESSION['ldap']->server(), $ldapUser, "objectClass=posixAccount", array('uid'), 0, 0, 0, LDAP_DEREF_NEVER); if ($sr) { $entry = @ldap_get_entries($_SESSION['ldap']->server(), $sr); $userName = $entry[0]['uid'][0]; @@ -230,7 +230,7 @@ function lamRunTestSuite($serverName, $serverTitle, $testQuota, $container) { } else { $container->add(new htmlImage($failImage), 2); - $container->add(new htmlOutputText(sprintf(_("Your LAM admin user (%s) must be a valid Unix account to work with lamdaemon!"), $credentials[0])), 12, 6); + $container->add(new htmlOutputText(sprintf(_("Your LAM admin user (%s) must be a valid Unix account to work with lamdaemon!"), $ldapUser)), 12, 6); $stopTest = true; } $container->addVerticalSpacer('0.5rem'); From 5d87fd7037f5227d9d90d602a84c2f8bc32c96ec Mon Sep 17 00:00:00 2001 From: Roland Gruber Date: Tue, 6 Aug 2019 21:44:12 +0200 Subject: [PATCH 3/3] removed debug --- lam/lib/modules/posixAccount.inc | 1 - 1 file changed, 1 deletion(-) diff --git a/lam/lib/modules/posixAccount.inc b/lam/lib/modules/posixAccount.inc index 2b4fba86..ba215ac8 100644 --- a/lam/lib/modules/posixAccount.inc +++ b/lam/lib/modules/posixAccount.inc @@ -3554,7 +3554,6 @@ class posixAccount extends baseModule implements passwordService { $types = $typeManager->getConfiguredTypesForScopes(array('gon', 'group')); foreach ($types as $type) { $typeFilter = get_ldap_filter($type->getId()); - echo $type->getId() . $typeFilter; $results = searchLDAP($type->getSuffix(), $typeFilter, array('cn', 'dn', 'objectClass')); for ($i = 0; $i < sizeof($results); $i++) { if ((in_array_ignore_case('groupOfNames', $results[$i]['objectclass'])