support bind user for login search
This commit is contained in:
parent
b5e6e5f34a
commit
45f674323a
|
@ -1,4 +1,5 @@
|
||||||
March 2012 3.7
|
March 2012 3.7
|
||||||
|
- login: support bind user for login search
|
||||||
- Fixed bugs:
|
- Fixed bugs:
|
||||||
-> DHCP: error message not displayed properly (3441975)
|
-> DHCP: error message not displayed properly (3441975)
|
||||||
-> Profile loading not possible if required fields are not filled (3444948)
|
-> Profile loading not possible if required fields are not filled (3444948)
|
||||||
|
|
|
@ -28,6 +28,7 @@ $Id$
|
||||||
* LDAP Account Manager help entries.
|
* LDAP Account Manager help entries.
|
||||||
*
|
*
|
||||||
* @author Michael Duergner
|
* @author Michael Duergner
|
||||||
|
* @author Roland Gruber
|
||||||
* @package Help
|
* @package Help
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
@ -115,6 +116,8 @@ $helpArray = array (
|
||||||
"Text" => _("Here you can set a limit for LDAP searches. This will restrict the number of results for LDAP searches. Please use this if LAM's LDAP queries produce too much load.")),
|
"Text" => _("Here you can set a limit for LDAP searches. This will restrict the number of results for LDAP searches. Please use this if LAM's LDAP queries produce too much load.")),
|
||||||
"223" => array ("Headline" => _("HTTP authentication"),
|
"223" => array ("Headline" => _("HTTP authentication"),
|
||||||
"Text" => _("If enabled then LAM will use user and password that is provided by the web server via HTTP authentication.")),
|
"Text" => _("If enabled then LAM will use user and password that is provided by the web server via HTTP authentication.")),
|
||||||
|
"224" => array ("Headline" => _("Bind user and password"),
|
||||||
|
"Text" => _("Here you can specify the DN and password of the bind user that will be used for the LDAP search. This is required if your LDAP server does not allow anonymous access.")),
|
||||||
"230" => array ("Headline" => _("Profile management") . " - " . _("Add profile"),
|
"230" => array ("Headline" => _("Profile management") . " - " . _("Add profile"),
|
||||||
"Text" => _("Please enter the name of the new profile and the password to change its settings. Profile names may contain letters, numbers and -/_.")),
|
"Text" => _("Please enter the name of the new profile and the password to change its settings. Profile names may contain letters, numbers and -/_.")),
|
||||||
"231" => array ("Headline" => _("Profile management") . " - " . _("Rename profile"),
|
"231" => array ("Headline" => _("Profile management") . " - " . _("Rename profile"),
|
||||||
|
|
|
@ -254,6 +254,12 @@ class LAMConfig {
|
||||||
/** search filter for login */
|
/** search filter for login */
|
||||||
private $loginSearchFilter = 'uid=%USER%';
|
private $loginSearchFilter = 'uid=%USER%';
|
||||||
|
|
||||||
|
/** bind user for login search */
|
||||||
|
private $loginSearchDN = '';
|
||||||
|
|
||||||
|
/** bind password for login search */
|
||||||
|
private $loginSearchPassword = '';
|
||||||
|
|
||||||
/** specifies if HTTP authentication should be used */
|
/** specifies if HTTP authentication should be used */
|
||||||
private $httpAuthentication = 'false';
|
private $httpAuthentication = 'false';
|
||||||
|
|
||||||
|
@ -277,7 +283,7 @@ class LAMConfig {
|
||||||
"defaultLanguage", "scriptPath", "scriptServer", "scriptRights", "cachetimeout",
|
"defaultLanguage", "scriptPath", "scriptServer", "scriptRights", "cachetimeout",
|
||||||
"modules", "activeTypes", "types", "accessLevel", 'loginMethod', 'loginSearchSuffix',
|
"modules", "activeTypes", "types", "accessLevel", 'loginMethod', 'loginSearchSuffix',
|
||||||
'loginSearchFilter', 'searchLimit', 'lamProMailFrom', 'lamProMailReplyTo', 'lamProMailSubject',
|
'loginSearchFilter', 'searchLimit', 'lamProMailFrom', 'lamProMailReplyTo', 'lamProMailSubject',
|
||||||
'lamProMailText', 'lamProMailIsHTML', 'httpAuthentication');
|
'lamProMailText', 'lamProMailIsHTML', 'httpAuthentication', 'loginSearchDN', 'loginSearchPassword');
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -428,6 +434,8 @@ class LAMConfig {
|
||||||
if (!in_array("loginMethod", $saved)) array_push($file_array, "\n\n# Login method.\n" . "loginMethod: " . $this->loginMethod . "\n");
|
if (!in_array("loginMethod", $saved)) array_push($file_array, "\n\n# Login method.\n" . "loginMethod: " . $this->loginMethod . "\n");
|
||||||
if (!in_array("loginSearchSuffix", $saved)) array_push($file_array, "\n\n# Search suffix for LAM login.\n" . "loginSearchSuffix: " . $this->loginSearchSuffix . "\n");
|
if (!in_array("loginSearchSuffix", $saved)) array_push($file_array, "\n\n# Search suffix for LAM login.\n" . "loginSearchSuffix: " . $this->loginSearchSuffix . "\n");
|
||||||
if (!in_array("loginSearchFilter", $saved)) array_push($file_array, "\n\n# Search filter for LAM login.\n" . "loginSearchFilter: " . $this->loginSearchFilter . "\n");
|
if (!in_array("loginSearchFilter", $saved)) array_push($file_array, "\n\n# Search filter for LAM login.\n" . "loginSearchFilter: " . $this->loginSearchFilter . "\n");
|
||||||
|
if (!in_array("loginSearchDN", $saved)) array_push($file_array, "\n\n# Bind DN for login search.\n" . "loginSearchDN: " . $this->loginSearchDN . "\n");
|
||||||
|
if (!in_array("loginSearchPassword", $saved)) array_push($file_array, "\n\n# Bind password for login search.\n" . "loginSearchPassword: " . $this->loginSearchPassword . "\n");
|
||||||
if (!in_array("httpAuthentication", $saved)) array_push($file_array, "\n\n# HTTP authentication for LAM login.\n" . "httpAuthentication: " . $this->httpAuthentication . "\n");
|
if (!in_array("httpAuthentication", $saved)) array_push($file_array, "\n\n# HTTP authentication for LAM login.\n" . "httpAuthentication: " . $this->httpAuthentication . "\n");
|
||||||
if (!in_array("lamProMailFrom", $saved)) array_push($file_array, "\n\n# Password mail from\n" . "lamProMailFrom: " . $this->lamProMailFrom . "\n");
|
if (!in_array("lamProMailFrom", $saved)) array_push($file_array, "\n\n# Password mail from\n" . "lamProMailFrom: " . $this->lamProMailFrom . "\n");
|
||||||
if (!in_array("lamProMailReplyTo", $saved)) array_push($file_array, "\n\n# Password mail reply-to\n" . "lamProMailReplyTo: " . $this->lamProMailReplyTo . "\n");
|
if (!in_array("lamProMailReplyTo", $saved)) array_push($file_array, "\n\n# Password mail reply-to\n" . "lamProMailReplyTo: " . $this->lamProMailReplyTo . "\n");
|
||||||
|
@ -1026,24 +1034,6 @@ class LAMConfig {
|
||||||
$this->loginSearchFilter = $loginSearchFilter;
|
$this->loginSearchFilter = $loginSearchFilter;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Returns if HTTP authentication should be used.
|
|
||||||
*
|
|
||||||
* @return String $httpAuthentication use HTTP authentication ('true' or 'false')
|
|
||||||
*/
|
|
||||||
public function getHttpAuthentication() {
|
|
||||||
return $this->httpAuthentication;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Specifies if HTTP authentication should be used.
|
|
||||||
*
|
|
||||||
* @param String $httpAuthentication use HTTP authentication ('true' or 'false')
|
|
||||||
*/
|
|
||||||
public function setHttpAuthentication($httpAuthentication) {
|
|
||||||
$this->httpAuthentication = $httpAuthentication;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns the login search suffix.
|
* Returns the login search suffix.
|
||||||
*
|
*
|
||||||
|
@ -1062,6 +1052,65 @@ class LAMConfig {
|
||||||
$this->loginSearchSuffix = $loginSearchSuffix;
|
$this->loginSearchSuffix = $loginSearchSuffix;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Sets the DN for the login search bind user.
|
||||||
|
*
|
||||||
|
* @param String $loginSearchDN DN
|
||||||
|
* @return boolean true if DN is valid
|
||||||
|
*/
|
||||||
|
public function setLoginSearchDN($loginSearchDN) {
|
||||||
|
$this->loginSearchDN = $loginSearchDN;
|
||||||
|
if (($loginSearchDN == '') || get_preg($loginSearchDN, 'dn')) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns the DN for the login search bind user.
|
||||||
|
*
|
||||||
|
* @return String DN
|
||||||
|
*/
|
||||||
|
public function getLoginSearchDN() {
|
||||||
|
return $this->loginSearchDN;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Sets the password for the login search bind user.
|
||||||
|
*
|
||||||
|
* @param String $loginSearchPassword password
|
||||||
|
*/
|
||||||
|
public function setLoginSearchPassword($loginSearchPassword) {
|
||||||
|
$this->loginSearchPassword = $loginSearchPassword;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns the password for the login search bind user.
|
||||||
|
*
|
||||||
|
* @return String password
|
||||||
|
*/
|
||||||
|
public function getLoginSearchPassword() {
|
||||||
|
return $this->loginSearchPassword;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns if HTTP authentication should be used.
|
||||||
|
*
|
||||||
|
* @return String $httpAuthentication use HTTP authentication ('true' or 'false')
|
||||||
|
*/
|
||||||
|
public function getHttpAuthentication() {
|
||||||
|
return $this->httpAuthentication;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Specifies if HTTP authentication should be used.
|
||||||
|
*
|
||||||
|
* @param String $httpAuthentication use HTTP authentication ('true' or 'false')
|
||||||
|
*/
|
||||||
|
public function setHttpAuthentication($httpAuthentication) {
|
||||||
|
$this->httpAuthentication = $httpAuthentication;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns the sender address for password reset mails.
|
* Returns the sender address for password reset mails.
|
||||||
*
|
*
|
||||||
|
|
|
@ -358,6 +358,12 @@ $securitySettingsContent->addElement($searchSuffixInput, true);
|
||||||
$searchFilterInput = new htmlTableExtendedInputField(_("LDAP filter"), 'loginSearchFilter', $conf->getLoginSearchFilter(), '221');
|
$searchFilterInput = new htmlTableExtendedInputField(_("LDAP filter"), 'loginSearchFilter', $conf->getLoginSearchFilter(), '221');
|
||||||
$searchFilterInput->setRequired(true);
|
$searchFilterInput->setRequired(true);
|
||||||
$securitySettingsContent->addElement($searchFilterInput, true);
|
$securitySettingsContent->addElement($searchFilterInput, true);
|
||||||
|
// login search bind user
|
||||||
|
$securitySettingsContent->addElement(new htmlTableExtendedInputField(_("Bind user"), 'loginSearchDN', $conf->getLoginSearchDN(), '224'), true);
|
||||||
|
// login search bind password
|
||||||
|
$searchPasswordInput = new htmlTableExtendedInputField(_("Bind password"), 'loginSearchPassword', $conf->getLoginSearchPassword(), '224');
|
||||||
|
$searchPasswordInput->setIsPassword(true);
|
||||||
|
$securitySettingsContent->addElement($searchPasswordInput, true);
|
||||||
// HTTP authentication
|
// HTTP authentication
|
||||||
$securitySettingsContent->addElement(new htmlTableExtendedInputCheckbox('httpAuthentication', ($conf->getHttpAuthentication() == 'true'), _('HTTP authentication'), '223', true), true);
|
$securitySettingsContent->addElement(new htmlTableExtendedInputCheckbox('httpAuthentication', ($conf->getHttpAuthentication() == 'true'), _('HTTP authentication'), '223', true), true);
|
||||||
$securitySettingsContent->addElement(new htmlSpacer(null, '10px'), true);
|
$securitySettingsContent->addElement(new htmlSpacer(null, '10px'), true);
|
||||||
|
@ -445,6 +451,10 @@ function checkInput() {
|
||||||
$conf->setLoginMethod($_POST['loginMethod']);
|
$conf->setLoginMethod($_POST['loginMethod']);
|
||||||
$conf->setLoginSearchFilter($_POST['loginSearchFilter']);
|
$conf->setLoginSearchFilter($_POST['loginSearchFilter']);
|
||||||
$conf->setLoginSearchSuffix($_POST['loginSearchSuffix']);
|
$conf->setLoginSearchSuffix($_POST['loginSearchSuffix']);
|
||||||
|
if (!$conf->setLoginSearchDN($_POST['loginSearchDN'])) {
|
||||||
|
$errors[] = array("ERROR", _("Please enter a valid bind user."));
|
||||||
|
}
|
||||||
|
$conf->setLoginSearchPassword($_POST['loginSearchPassword']);
|
||||||
if (isset($_POST['httpAuthentication']) && ($_POST['httpAuthentication'] == 'on')) {
|
if (isset($_POST['httpAuthentication']) && ($_POST['httpAuthentication'] == 'on')) {
|
||||||
$conf->setHttpAuthentication('true');
|
$conf->setHttpAuthentication('true');
|
||||||
}
|
}
|
||||||
|
|
|
@ -157,12 +157,16 @@ function configLoginMethodChanged() {
|
||||||
jQuery('textarea[name=admins]').parent().parent().show();
|
jQuery('textarea[name=admins]').parent().parent().show();
|
||||||
jQuery('input[name=loginSearchSuffix]').parent().parent().hide();
|
jQuery('input[name=loginSearchSuffix]').parent().parent().hide();
|
||||||
jQuery('input[name=loginSearchFilter]').parent().parent().hide();
|
jQuery('input[name=loginSearchFilter]').parent().parent().hide();
|
||||||
|
jQuery('input[name=loginSearchDN]').parent().parent().hide();
|
||||||
|
jQuery('input[name=loginSearchPassword]').parent().parent().hide();
|
||||||
jQuery('input[name=httpAuthentication]').parent().parent().hide();
|
jQuery('input[name=httpAuthentication]').parent().parent().hide();
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
jQuery('textarea[name=admins]').parent().parent().hide();
|
jQuery('textarea[name=admins]').parent().parent().hide();
|
||||||
jQuery('input[name=loginSearchSuffix]').parent().parent().show();
|
jQuery('input[name=loginSearchSuffix]').parent().parent().show();
|
||||||
jQuery('input[name=loginSearchFilter]').parent().parent().show();
|
jQuery('input[name=loginSearchFilter]').parent().parent().show();
|
||||||
|
jQuery('input[name=loginSearchDN]').parent().parent().show();
|
||||||
|
jQuery('input[name=loginSearchPassword]').parent().parent().show();
|
||||||
jQuery('input[name=httpAuthentication]').parent().parent().show();
|
jQuery('input[name=httpAuthentication]').parent().parent().show();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -269,7 +269,7 @@ function display_LoginPage($config_object) {
|
||||||
<tr>
|
<tr>
|
||||||
<td style="border-style:none" height="35" align="right"><b>
|
<td style="border-style:none" height="35" align="right"><b>
|
||||||
<?php
|
<?php
|
||||||
echo _("User name") . ":";
|
echo _("User name");
|
||||||
?>
|
?>
|
||||||
</b> </td>
|
</b> </td>
|
||||||
<td style="border-style:none" height="35" align="left">
|
<td style="border-style:none" height="35" align="left">
|
||||||
|
@ -298,7 +298,7 @@ function display_LoginPage($config_object) {
|
||||||
<tr>
|
<tr>
|
||||||
<td style="border-style:none" height="35" align="right"><b>
|
<td style="border-style:none" height="35" align="right"><b>
|
||||||
<?php
|
<?php
|
||||||
echo _("Password") . ":";
|
echo _("Password");
|
||||||
?>
|
?>
|
||||||
</b> </td>
|
</b> </td>
|
||||||
<td style="border-style:none" height="35" align="left">
|
<td style="border-style:none" height="35" align="left">
|
||||||
|
@ -315,7 +315,7 @@ function display_LoginPage($config_object) {
|
||||||
<tr>
|
<tr>
|
||||||
<td style="border-style:none" align="right"><b>
|
<td style="border-style:none" align="right"><b>
|
||||||
<?php
|
<?php
|
||||||
echo _("Language") . ":";
|
echo _("Language");
|
||||||
?>
|
?>
|
||||||
</b> </td>
|
</b> </td>
|
||||||
<td style="border-style:none" height="35" align="left">
|
<td style="border-style:none" height="35" align="left">
|
||||||
|
@ -370,8 +370,8 @@ function display_LoginPage($config_object) {
|
||||||
<td height="30" style="white-space: nowrap">
|
<td height="30" style="white-space: nowrap">
|
||||||
<b>
|
<b>
|
||||||
<?php
|
<?php
|
||||||
echo _("LDAP server") . ": ";
|
echo _("LDAP server");
|
||||||
?></b>
|
?></b>
|
||||||
</td>
|
</td>
|
||||||
<td width="100%" height="30">
|
<td width="100%" height="30">
|
||||||
<?php echo $config_object->get_ServerURL(); ?>
|
<?php echo $config_object->get_ServerURL(); ?>
|
||||||
|
@ -381,8 +381,8 @@ function display_LoginPage($config_object) {
|
||||||
<td height="30" style="white-space: nowrap">
|
<td height="30" style="white-space: nowrap">
|
||||||
<b>
|
<b>
|
||||||
<?php
|
<?php
|
||||||
echo _("Server profile") . ": ";
|
echo _("Server profile");
|
||||||
?></b>
|
?></b>
|
||||||
</td>
|
</td>
|
||||||
<td height="30">
|
<td height="30">
|
||||||
<select name="profile" size="1" tabindex="5" onchange="loginProfileChanged(this)">
|
<select name="profile" size="1" tabindex="5" onchange="loginProfileChanged(this)">
|
||||||
|
@ -469,10 +469,16 @@ if(!empty($_POST['checklogin'])) {
|
||||||
if ($_SESSION['config']->getLoginMethod() == LAMConfig::LOGIN_SEARCH) {
|
if ($_SESSION['config']->getLoginMethod() == LAMConfig::LOGIN_SEARCH) {
|
||||||
$searchFilter = $_SESSION['config']->getLoginSearchFilter();
|
$searchFilter = $_SESSION['config']->getLoginSearchFilter();
|
||||||
$searchFilter = str_replace('%USER%', $username ,$searchFilter);
|
$searchFilter = str_replace('%USER%', $username ,$searchFilter);
|
||||||
|
$searchDN = '';
|
||||||
|
$searchPassword = '';
|
||||||
|
if (($_SESSION['config']->getLoginSearchDN() != null) && ($_SESSION['config']->getLoginSearchDN() != '')) {
|
||||||
|
$searchDN = $_SESSION['config']->getLoginSearchDN();
|
||||||
|
$searchPassword = $_SESSION['config']->getLoginSearchPassword();
|
||||||
|
}
|
||||||
$searchSuccess = true;
|
$searchSuccess = true;
|
||||||
$searchError = '';
|
$searchError = '';
|
||||||
$searchLDAP = new Ldap($_SESSION['config']);
|
$searchLDAP = new Ldap($_SESSION['config']);
|
||||||
$searchLDAPResult = $searchLDAP->connect('', '', true);
|
$searchLDAPResult = $searchLDAP->connect($searchDN, $searchPassword, true);
|
||||||
if (! ($searchLDAPResult == 0)) {
|
if (! ($searchLDAPResult == 0)) {
|
||||||
$searchSuccess = false;
|
$searchSuccess = false;
|
||||||
$searchError = _('Cannot connect to specified LDAP server. Please try again.') . ' ' . @ldap_error($searchLDAP->server());
|
$searchError = _('Cannot connect to specified LDAP server. Please try again.') . ' ' . @ldap_error($searchLDAP->server());
|
||||||
|
|
Loading…
Reference in New Issue