added TLS option

This commit is contained in:
Roland Gruber 2009-05-03 17:31:39 +00:00
parent 4dc3bc275e
commit 5b69883c0a
3 changed files with 41 additions and 6 deletions

View File

@ -175,6 +175,9 @@ class LAMConfig {
/** Server address (e.g. ldap://127.0.0.1:389) */ /** Server address (e.g. ldap://127.0.0.1:389) */
private $ServerURL; private $ServerURL;
/** enables/disables TLS encryption */
private $useTLS;
/** Array of string: users with admin rights */ /** Array of string: users with admin rights */
private $Admins; private $Admins;
@ -236,7 +239,7 @@ class LAMConfig {
private $loginSearchFilter = 'uid=%USER%'; private $loginSearchFilter = 'uid=%USER%';
/** List of all settings in config file */ /** List of all settings in config file */
private $settings = array("ServerURL", "Passwd", "Admins", "treesuffix", private $settings = array("ServerURL", "useTLS", "Passwd", "Admins", "treesuffix",
"defaultLanguage", "scriptPath", "scriptServer", "scriptRights", "cachetimeout", "defaultLanguage", "scriptPath", "scriptServer", "scriptRights", "cachetimeout",
"modules", "activeTypes", "types", "accessLevel", 'loginMethod', 'loginSearchSuffix', "modules", "activeTypes", "types", "accessLevel", 'loginMethod', 'loginSearchSuffix',
'loginSearchFilter'); 'loginSearchFilter');
@ -370,6 +373,7 @@ class LAMConfig {
} }
// check if we have to add new entries (e.g. if user upgraded LAM and has an old config file) // check if we have to add new entries (e.g. if user upgraded LAM and has an old config file)
if (!in_array("ServerURL", $saved)) array_push($file_array, "\n\n# server address (e.g. ldap://localhost:389 or ldaps://localhost:636)\n" . "serverURL: " . $this->ServerURL . "\n"); if (!in_array("ServerURL", $saved)) array_push($file_array, "\n\n# server address (e.g. ldap://localhost:389 or ldaps://localhost:636)\n" . "serverURL: " . $this->ServerURL . "\n");
if (!in_array("useTLS", $saved)) array_push($file_array, "\n\n# enable TLS encryption\n" . "useTLS: " . $this->useTLS . "\n");
if (!in_array("Passwd", $saved)) array_push($file_array, "\n\n# password to change these preferences via webfrontend\n" . "passwd: " . $this->Passwd . "\n"); if (!in_array("Passwd", $saved)) array_push($file_array, "\n\n# password to change these preferences via webfrontend\n" . "passwd: " . $this->Passwd . "\n");
if (!in_array("Admins", $saved)) array_push($file_array, "\n\n# list of users who are allowed to use LDAP Account Manager\n" . if (!in_array("Admins", $saved)) array_push($file_array, "\n\n# list of users who are allowed to use LDAP Account Manager\n" .
"# names have to be seperated by semicolons\n" . "# names have to be seperated by semicolons\n" .
@ -464,6 +468,30 @@ class LAMConfig {
return true; return true;
} }
/**
* Returns if TLS is activated.
*
* @return String yes or no
*/
public function getUseTLS() {
return $this->useTLS;
}
/**
* Sets if TLS is activated.
*
* @param String yes or no
* @return boolean true if $useTLS has correct format
*/
public function setUseTLS($useTLS) {
if (($useTLS == "yes") || ($useTLS == "no")) {
$this->useTLS = $useTLS;
return true;
}
return false;
}
/** /**
* Returns an array of string with all admin names * Returns an array of string with all admin names
* *

View File

@ -100,14 +100,13 @@ class Ldap{
if ($this->server) { if ($this->server) {
// use LDAPv3 // use LDAPv3
ldap_set_option($this->server, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($this->server, LDAP_OPT_PROTOCOL_VERSION, 3);
// start TLS if possible // start TLS if specified
if (function_exists('ldap_start_tls')) { $useTLS = $this->conf->getUseTLS();
if (isset($useTLS) && ($useTLS == "yes")) {
@ldap_start_tls($this->server); @ldap_start_tls($this->server);
// connect without TLS if it failed // connect without TLS if it failed
if (ldap_errno($this->server) != 0) { if (ldap_errno($this->server) != 0) {
@ldap_close($this->server); return ldap_errno($this->server);
$this->server = @ldap_connect($this->conf->get_ServerURL());
ldap_set_option($this->server, LDAP_OPT_PROTOCOL_VERSION, 3);
} }
} }
$bind = @ldap_bind($this->server, $user, $passwd); $bind = @ldap_bind($this->server, $user, $passwd);

View File

@ -234,6 +234,14 @@ function display_LoginPage($config_object) {
echo "<br>"; echo "<br>";
} }
} }
// check TLS
$useTLS = $config_object->getUseTLS();
if (isset($useTLS) && ($useTLS == "yes")) {
if (!function_exists('ldap_start_tls')) {
StatusMessage("ERROR", "Your PHP installation does not support TLS encryption!");
echo "<br>";
}
}
// check if session expired // check if session expired
if (isset($_GET['expired'])) { if (isset($_GET['expired'])) {
StatusMessage("ERROR", _("Your session expired, please log in again.")); StatusMessage("ERROR", _("Your session expired, please log in again."));