removed decrypt_login()
This commit is contained in:
Roland Gruber
parent
6d392e51ee
commit
e0a82bc70d
|
|
@ -955,14 +955,12 @@ function deleteDN($dn, $recursive) {
|
||||||
}
|
}
|
||||||
// delete parent DN
|
// delete parent DN
|
||||||
$success = @ldap_delete($_SESSION['ldap']->server(), $dn);
|
$success = @ldap_delete($_SESSION['ldap']->server(), $dn);
|
||||||
$ldapUser = $_SESSION['ldap']->decrypt_login();
|
|
||||||
$ldapUser = $ldapUser[0];
|
|
||||||
if (!$success) {
|
if (!$success) {
|
||||||
logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to delete DN: ' . $dn . ' (' . ldap_error($_SESSION['ldap']->server()) . ').');
|
logNewMessage(LOG_ERR, 'Unable to delete DN: ' . $dn . ' (' . ldap_error($_SESSION['ldap']->server()) . ').');
|
||||||
$errors[] = array ('ERROR', sprintf(_('Was unable to delete DN: %s.'), $dn), getDefaultLDAPErrorString($_SESSION['ldap']->server()));
|
$errors[] = array ('ERROR', sprintf(_('Was unable to delete DN: %s.'), $dn), getDefaultLDAPErrorString($_SESSION['ldap']->server()));
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
logNewMessage(LOG_NOTICE, '[' . $ldapUser .'] Deleted DN: ' . $dn);
|
logNewMessage(LOG_NOTICE, 'Deleted DN: ' . $dn);
|
||||||
}
|
}
|
||||||
return $errors;
|
return $errors;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -101,12 +101,12 @@ foreach ($toSort as $key => $value) {
|
||||||
</td>
|
</td>
|
||||||
<td align="left" height="30" class="nowrap header-user-label">
|
<td align="left" height="30" class="nowrap header-user-label">
|
||||||
<?php
|
<?php
|
||||||
$userData = $_SESSION['ldap']->decrypt_login();
|
$userData = $_SESSION['ldap']->getUserName();
|
||||||
$userName = extractRDNValue($userData[0]);
|
$userName = extractRDNValue($userData);
|
||||||
?>
|
?>
|
||||||
<span class="hide-on-mobile">
|
<span class="hide-on-mobile">
|
||||||
<?php
|
<?php
|
||||||
echo ' <small title="' . $userData[0] . '">';
|
echo ' <small title="' . $userData . '">';
|
||||||
$serverProfileLabel = $_SESSION['config']->getName() . ' - ';
|
$serverProfileLabel = $_SESSION['config']->getName() . ' - ';
|
||||||
$serverProfileNames = getConfigProfiles();
|
$serverProfileNames = getConfigProfiles();
|
||||||
if (sizeof($serverProfileNames) < 2) {
|
if (sizeof($serverProfileNames) < 2) {
|
||||||
|
|
@ -118,7 +118,7 @@ foreach ($toSort as $key => $value) {
|
||||||
</span>
|
</span>
|
||||||
<span class="hide-on-tablet">
|
<span class="hide-on-tablet">
|
||||||
<?php
|
<?php
|
||||||
echo ' <small title="' . $userData[0] . '">';
|
echo ' <small title="' . $userData . '">';
|
||||||
echo $userName;
|
echo $userName;
|
||||||
echo '</small>';
|
echo '</small>';
|
||||||
?>
|
?>
|
||||||
|
|
|
||||||
|
|
@ -1,9 +1,8 @@
|
||||||
<?php
|
<?php
|
||||||
/*
|
/*
|
||||||
$Id$
|
|
||||||
|
|
||||||
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
||||||
Copyright (C) 2003 - 2018 Roland Gruber
|
Copyright (C) 2003 - 2019 Roland Gruber
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
|
@ -99,9 +98,13 @@ class Ldap{
|
||||||
return $return;
|
return $return;
|
||||||
}
|
}
|
||||||
// return error number
|
// return error number
|
||||||
else return ldap_errno($this->server);
|
else {
|
||||||
|
return ldap_errno($this->server);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
return false;
|
||||||
}
|
}
|
||||||
else return false;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/** Closes connection to server */
|
/** Closes connection to server */
|
||||||
|
|
@ -118,8 +121,7 @@ class Ldap{
|
||||||
*/
|
*/
|
||||||
public function server() {
|
public function server() {
|
||||||
if (!$this->is_connected) {
|
if (!$this->is_connected) {
|
||||||
$data = $this->decrypt_login();
|
$this->connect($this->getUserName(), $this->getPassword());
|
||||||
$this->connect($data[0], $data[1]);
|
|
||||||
$this->is_connected = true;
|
$this->is_connected = true;
|
||||||
}
|
}
|
||||||
return $this->server;
|
return $this->server;
|
||||||
|
|
@ -179,19 +181,6 @@ class Ldap{
|
||||||
$this->password = base64_encode(lamEncrypt($password));
|
$this->password = base64_encode(lamEncrypt($password));
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Decrypts username and password
|
|
||||||
*
|
|
||||||
* @return array array(user name, password)
|
|
||||||
*/
|
|
||||||
public function decrypt_login() {
|
|
||||||
// decrypt username and password
|
|
||||||
$username = lamDecrypt(base64_decode($this->username));
|
|
||||||
$password = lamDecrypt(base64_decode($this->password));
|
|
||||||
$ret = array($username, $password);
|
|
||||||
return $ret;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns the LDAP user name.
|
* Returns the LDAP user name.
|
||||||
*
|
*
|
||||||
|
|
|
||||||
|
|
@ -138,8 +138,8 @@ function get_ldap_filter($typeId) {
|
||||||
else {
|
else {
|
||||||
$finalFilter = "(&" . implode("", $filters['and']) . ")";
|
$finalFilter = "(&" . implode("", $filters['and']) . ")";
|
||||||
}
|
}
|
||||||
$loginData = $_SESSION['ldap']->decrypt_login();
|
$loginData = $_SESSION['ldap']->getUserName();
|
||||||
return str_replace('@@LOGIN_DN@@', $loginData[0], $finalFilter);
|
return str_replace('@@LOGIN_DN@@', $loginData, $finalFilter);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
@ -186,7 +186,9 @@ function getRDNAttributes($typeId, $selectedModules=null) {
|
||||||
// merge arrays
|
// merge arrays
|
||||||
$return = array_values(array_unique($attrs_high));
|
$return = array_values(array_unique($attrs_high));
|
||||||
for ($i = 0; $i < sizeof($attrs_normal); $i++) {
|
for ($i = 0; $i < sizeof($attrs_normal); $i++) {
|
||||||
if (!in_array($attrs_normal[$i], $return)) $return[] = $attrs_normal[$i];
|
if (!in_array($attrs_normal[$i], $return)) {
|
||||||
|
$return[] = $attrs_normal[$i];
|
||||||
|
}
|
||||||
}
|
}
|
||||||
for ($i = 0; $i < sizeof($attrs_low); $i++) {
|
for ($i = 0; $i < sizeof($attrs_low); $i++) {
|
||||||
if (!in_array($attrs_low[$i], $return)) {
|
if (!in_array($attrs_low[$i], $return)) {
|
||||||
|
|
@ -1812,8 +1814,6 @@ class accountContainer {
|
||||||
}
|
}
|
||||||
$this->finalDN = $this->dn_orig;
|
$this->finalDN = $this->dn_orig;
|
||||||
$errors = array();
|
$errors = array();
|
||||||
$ldapUser = $_SESSION['ldap']->decrypt_login();
|
|
||||||
$ldapUser = $ldapUser[0];
|
|
||||||
$module = array_keys($this->module);
|
$module = array_keys($this->module);
|
||||||
$attributes = array();
|
$attributes = array();
|
||||||
// load attributes
|
// load attributes
|
||||||
|
|
@ -1958,7 +1958,7 @@ class accountContainer {
|
||||||
logNewMessage(LOG_DEBUG, 'Rename ' . $this->dn_orig . ' to ' . $this->finalDN);
|
logNewMessage(LOG_DEBUG, 'Rename ' . $this->dn_orig . ' to ' . $this->finalDN);
|
||||||
$success = ldap_rename($_SESSION['ldap']->server(), $this->dn_orig, $this->getRDN($this->finalDN), $this->getParentDN($this->finalDN), $removeOldRDN);
|
$success = ldap_rename($_SESSION['ldap']->server(), $this->dn_orig, $this->getRDN($this->finalDN), $this->getParentDN($this->finalDN), $removeOldRDN);
|
||||||
if ($success) {
|
if ($success) {
|
||||||
logNewMessage(LOG_NOTICE, '[' . $ldapUser .'] Renamed DN ' . $this->dn_orig . " to " . $this->finalDN);
|
logNewMessage(LOG_NOTICE, 'Renamed DN ' . $this->dn_orig . " to " . $this->finalDN);
|
||||||
// do not add attribute value as new one if added via rename operation
|
// do not add attribute value as new one if added via rename operation
|
||||||
if (!empty($attributes[$this->finalDN]['add'][$rdnAttr]) && in_array(extractRDNValue($this->finalDN), $attributes[$this->finalDN]['add'][$rdnAttr])) {
|
if (!empty($attributes[$this->finalDN]['add'][$rdnAttr]) && in_array(extractRDNValue($this->finalDN), $attributes[$this->finalDN]['add'][$rdnAttr])) {
|
||||||
$attributes[$this->finalDN]['add'][$rdnAttr] = array_delete(array(extractRDNValue($this->finalDN)), $attributes[$this->finalDN]['add'][$rdnAttr]);
|
$attributes[$this->finalDN]['add'][$rdnAttr] = array_delete(array(extractRDNValue($this->finalDN)), $attributes[$this->finalDN]['add'][$rdnAttr]);
|
||||||
|
|
@ -1968,7 +1968,7 @@ class accountContainer {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to rename DN: ' . $this->dn_orig . ' (' . ldap_error($_SESSION['ldap']->server()) . '). '
|
logNewMessage(LOG_ERR, 'Unable to rename DN: ' . $this->dn_orig . ' (' . ldap_error($_SESSION['ldap']->server()) . '). '
|
||||||
. getExtendedLDAPErrorMessage($_SESSION['ldap']->server()));
|
. getExtendedLDAPErrorMessage($_SESSION['ldap']->server()));
|
||||||
$errors[] = array('ERROR', sprintf(_('Was unable to rename DN: %s.'), $this->dn_orig), getDefaultLDAPErrorString($_SESSION['ldap']->server()));
|
$errors[] = array('ERROR', sprintf(_('Was unable to rename DN: %s.'), $this->dn_orig), getDefaultLDAPErrorString($_SESSION['ldap']->server()));
|
||||||
$stopprocessing = true;
|
$stopprocessing = true;
|
||||||
|
|
@ -1988,13 +1988,13 @@ class accountContainer {
|
||||||
}
|
}
|
||||||
$success = @ldap_add($_SESSION['ldap']->server(), $this->finalDN, $attr);
|
$success = @ldap_add($_SESSION['ldap']->server(), $this->finalDN, $attr);
|
||||||
if (!$success) {
|
if (!$success) {
|
||||||
logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to create DN: ' . $this->finalDN . ' (' . ldap_error($_SESSION['ldap']->server()) . '). '
|
logNewMessage(LOG_ERR, 'Unable to create DN: ' . $this->finalDN . ' (' . ldap_error($_SESSION['ldap']->server()) . '). '
|
||||||
. getExtendedLDAPErrorMessage($_SESSION['ldap']->server()));
|
. getExtendedLDAPErrorMessage($_SESSION['ldap']->server()));
|
||||||
$errors[] = array('ERROR', sprintf(_('Was unable to create DN: %s.'), $this->finalDN), getDefaultLDAPErrorString($_SESSION['ldap']->server()));
|
$errors[] = array('ERROR', sprintf(_('Was unable to create DN: %s.'), $this->finalDN), getDefaultLDAPErrorString($_SESSION['ldap']->server()));
|
||||||
$stopprocessing = true;
|
$stopprocessing = true;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
logNewMessage(LOG_NOTICE, '[' . $ldapUser .'] Created DN: ' . $this->finalDN);
|
logNewMessage(LOG_NOTICE, 'Created DN: ' . $this->finalDN);
|
||||||
}
|
}
|
||||||
unset($attributes[$this->finalDN]);
|
unset($attributes[$this->finalDN]);
|
||||||
}
|
}
|
||||||
|
|
@ -2007,16 +2007,16 @@ class accountContainer {
|
||||||
if (!empty($attributes[$DNs[$i]]['modify']) && !$stopprocessing) {
|
if (!empty($attributes[$DNs[$i]]['modify']) && !$stopprocessing) {
|
||||||
$success = @ldap_mod_replace($_SESSION['ldap']->server(), $DNs[$i], $attributes[$DNs[$i]]['modify']);
|
$success = @ldap_mod_replace($_SESSION['ldap']->server(), $DNs[$i], $attributes[$DNs[$i]]['modify']);
|
||||||
if (!$success) {
|
if (!$success) {
|
||||||
logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to modify attributes of DN: ' . $DNs[$i] . ' (' . ldap_error($_SESSION['ldap']->server()) . '). '
|
logNewMessage(LOG_ERR, 'Unable to modify attributes of DN: ' . $DNs[$i] . ' (' . ldap_error($_SESSION['ldap']->server()) . '). '
|
||||||
. getExtendedLDAPErrorMessage($_SESSION['ldap']->server()));
|
. getExtendedLDAPErrorMessage($_SESSION['ldap']->server()));
|
||||||
$errors[] = array('ERROR', sprintf(_('Was unable to modify attributes of DN: %s.'), $DNs[$i]), getDefaultLDAPErrorString($_SESSION['ldap']->server()));
|
$errors[] = array('ERROR', sprintf(_('Was unable to modify attributes of DN: %s.'), $DNs[$i]), getDefaultLDAPErrorString($_SESSION['ldap']->server()));
|
||||||
$stopprocessing = true;
|
$stopprocessing = true;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
logNewMessage(LOG_NOTICE, '[' . $ldapUser .'] Modified DN: ' . $DNs[$i]);
|
logNewMessage(LOG_NOTICE, 'Modified DN: ' . $DNs[$i]);
|
||||||
// check if the password of the currently logged in user was changed
|
// check if the password of the currently logged in user was changed
|
||||||
$lamAdmin = $_SESSION['ldap']->decrypt_login();
|
$lamAdmin = $_SESSION['ldap']->getUserName();
|
||||||
if ((strtolower($DNs[$i]) == strtolower($lamAdmin[0])) && isset($attributes[$DNs[$i]]['info']['userPasswordClearText'][0])) {
|
if ((strtolower($DNs[$i]) == strtolower($lamAdmin)) && isset($attributes[$DNs[$i]]['info']['userPasswordClearText'][0])) {
|
||||||
$_SESSION['ldap']->encrypt_login($DNs[$i], $attributes[$DNs[$i]]['info']['userPasswordClearText'][0]);
|
$_SESSION['ldap']->encrypt_login($DNs[$i], $attributes[$DNs[$i]]['info']['userPasswordClearText'][0]);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -2025,26 +2025,26 @@ class accountContainer {
|
||||||
if (!empty($attributes[$DNs[$i]]['add']) && !$stopprocessing) {
|
if (!empty($attributes[$DNs[$i]]['add']) && !$stopprocessing) {
|
||||||
$success = @ldap_mod_add($_SESSION['ldap']->server(), $DNs[$i], $attributes[$DNs[$i]]['add']);
|
$success = @ldap_mod_add($_SESSION['ldap']->server(), $DNs[$i], $attributes[$DNs[$i]]['add']);
|
||||||
if (!$success) {
|
if (!$success) {
|
||||||
logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to add attributes to DN: ' . $DNs[$i] . ' (' . ldap_error($_SESSION['ldap']->server()) . '). '
|
logNewMessage(LOG_ERR, 'Unable to add attributes to DN: ' . $DNs[$i] . ' (' . ldap_error($_SESSION['ldap']->server()) . '). '
|
||||||
. getExtendedLDAPErrorMessage($_SESSION['ldap']->server()));
|
. getExtendedLDAPErrorMessage($_SESSION['ldap']->server()));
|
||||||
$errors[] = array('ERROR', sprintf(_('Was unable to add attributes to DN: %s.'), $DNs[$i]), getDefaultLDAPErrorString($_SESSION['ldap']->server()));
|
$errors[] = array('ERROR', sprintf(_('Was unable to add attributes to DN: %s.'), $DNs[$i]), getDefaultLDAPErrorString($_SESSION['ldap']->server()));
|
||||||
$stopprocessing = true;
|
$stopprocessing = true;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
logNewMessage(LOG_NOTICE, '[' . $ldapUser .'] Modified DN: ' . $DNs[$i]);
|
logNewMessage(LOG_NOTICE, 'Modified DN: ' . $DNs[$i]);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
// remove attributes
|
// remove attributes
|
||||||
if (!empty($attributes[$DNs[$i]]['remove']) && !$stopprocessing) {
|
if (!empty($attributes[$DNs[$i]]['remove']) && !$stopprocessing) {
|
||||||
$success = @ldap_mod_del($_SESSION['ldap']->server(), $DNs[$i], $attributes[$DNs[$i]]['remove']);
|
$success = @ldap_mod_del($_SESSION['ldap']->server(), $DNs[$i], $attributes[$DNs[$i]]['remove']);
|
||||||
if (!$success) {
|
if (!$success) {
|
||||||
logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to delete attributes from DN: ' . $DNs[$i] . ' (' . ldap_error($_SESSION['ldap']->server()) . '). '
|
logNewMessage(LOG_ERR, 'Unable to delete attributes from DN: ' . $DNs[$i] . ' (' . ldap_error($_SESSION['ldap']->server()) . '). '
|
||||||
. getExtendedLDAPErrorMessage($_SESSION['ldap']->server()));
|
. getExtendedLDAPErrorMessage($_SESSION['ldap']->server()));
|
||||||
$errors[] = array('ERROR', sprintf(_('Was unable to remove attributes from DN: %s.'), $DNs[$i]), getDefaultLDAPErrorString($_SESSION['ldap']->server()));
|
$errors[] = array('ERROR', sprintf(_('Was unable to remove attributes from DN: %s.'), $DNs[$i]), getDefaultLDAPErrorString($_SESSION['ldap']->server()));
|
||||||
$stopprocessing = true;
|
$stopprocessing = true;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
logNewMessage(LOG_NOTICE, '[' . $ldapUser .'] Modified DN: ' . $DNs[$i]);
|
logNewMessage(LOG_NOTICE, 'Modified DN: ' . $DNs[$i]);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -4,10 +4,9 @@ use \LAM\PDF\PDFTableCell;
|
||||||
use \LAM\PDF\PDFTableRow;
|
use \LAM\PDF\PDFTableRow;
|
||||||
use \LAM\TYPES\TypeManager;
|
use \LAM\TYPES\TypeManager;
|
||||||
/*
|
/*
|
||||||
$Id$
|
|
||||||
|
|
||||||
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
||||||
Copyright (C) 2013 - 2017 Roland Gruber
|
Copyright (C) 2013 - 2019 Roland Gruber
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
|
@ -1036,18 +1035,16 @@ class windowsGroup extends baseModule {
|
||||||
$toAdd = array_values(array_diff($this->attributes['memberOf'], $this->orig['memberOf']));
|
$toAdd = array_values(array_diff($this->attributes['memberOf'], $this->orig['memberOf']));
|
||||||
$toRem = array_values(array_diff($this->orig['memberOf'], $this->attributes['memberOf']));
|
$toRem = array_values(array_diff($this->orig['memberOf'], $this->attributes['memberOf']));
|
||||||
$toUpdate = array_values(array_intersect($this->attributes['memberOf'], $this->orig['memberOf']));
|
$toUpdate = array_values(array_intersect($this->attributes['memberOf'], $this->orig['memberOf']));
|
||||||
$ldapUser = $_SESSION['ldap']->decrypt_login();
|
|
||||||
$ldapUser = $ldapUser[0];
|
|
||||||
// add groups
|
// add groups
|
||||||
for ($i = 0; $i < sizeof($toAdd); $i++) {
|
for ($i = 0; $i < sizeof($toAdd); $i++) {
|
||||||
if (in_array($toAdd[$i], $groups)) {
|
if (in_array($toAdd[$i], $groups)) {
|
||||||
$success = @ldap_mod_add($_SESSION['ldap']->server(), $toAdd[$i], array('member' => array($this->getAccountContainer()->finalDN)));
|
$success = @ldap_mod_add($_SESSION['ldap']->server(), $toAdd[$i], array('member' => array($this->getAccountContainer()->finalDN)));
|
||||||
if (!$success) {
|
if (!$success) {
|
||||||
logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to add group ' . $this->getAccountContainer()->finalDN . ' to group: ' . $toAdd[$i] . ' (' . ldap_error($_SESSION['ldap']->server()) . ').');
|
logNewMessage(LOG_ERR, 'Unable to add group ' . $this->getAccountContainer()->finalDN . ' to group: ' . $toAdd[$i] . ' (' . ldap_error($_SESSION['ldap']->server()) . ').');
|
||||||
$messages[] = array('ERROR', sprintf(_('Was unable to add attributes to DN: %s.'), $toAdd[$i]), getDefaultLDAPErrorString($_SESSION['ldap']->server()));
|
$messages[] = array('ERROR', sprintf(_('Was unable to add attributes to DN: %s.'), $toAdd[$i]), getDefaultLDAPErrorString($_SESSION['ldap']->server()));
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
logNewMessage(LOG_NOTICE, '[' . $ldapUser .'] Added group ' . $this->getAccountContainer()->finalDN . ' to group: ' . $toAdd[$i]);
|
logNewMessage(LOG_NOTICE, 'Added group ' . $this->getAccountContainer()->finalDN . ' to group: ' . $toAdd[$i]);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -1056,11 +1053,11 @@ class windowsGroup extends baseModule {
|
||||||
if (in_array($toRem[$i], $groups)) {
|
if (in_array($toRem[$i], $groups)) {
|
||||||
$success = @ldap_mod_del($_SESSION['ldap']->server(), $toRem[$i], array('member' => array($this->getAccountContainer()->dn_orig)));
|
$success = @ldap_mod_del($_SESSION['ldap']->server(), $toRem[$i], array('member' => array($this->getAccountContainer()->dn_orig)));
|
||||||
if (!$success) {
|
if (!$success) {
|
||||||
logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to delete group ' . $this->getAccountContainer()->finalDN . ' from group: ' . $toRem[$i] . ' (' . ldap_error($_SESSION['ldap']->server()) . ').');
|
logNewMessage(LOG_ERR, 'Unable to delete group ' . $this->getAccountContainer()->finalDN . ' from group: ' . $toRem[$i] . ' (' . ldap_error($_SESSION['ldap']->server()) . ').');
|
||||||
$messages[] = array('ERROR', sprintf(_('Was unable to remove attributes from DN: %s.'), $toRem[$i]), getDefaultLDAPErrorString($_SESSION['ldap']->server()));
|
$messages[] = array('ERROR', sprintf(_('Was unable to remove attributes from DN: %s.'), $toRem[$i]), getDefaultLDAPErrorString($_SESSION['ldap']->server()));
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
logNewMessage(LOG_NOTICE, '[' . $ldapUser .'] Removed group ' . $this->getAccountContainer()->finalDN . ' from group: ' . $toRem[$i]);
|
logNewMessage(LOG_NOTICE, 'Removed group ' . $this->getAccountContainer()->finalDN . ' from group: ' . $toRem[$i]);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -2171,18 +2171,16 @@ class windowsUser extends baseModule implements passwordService {
|
||||||
$groups = $this->findGroups();
|
$groups = $this->findGroups();
|
||||||
$toAdd = array_values(array_diff($this->groupList, $this->groupList_orig));
|
$toAdd = array_values(array_diff($this->groupList, $this->groupList_orig));
|
||||||
$toRem = array_values(array_diff($this->groupList_orig, $this->groupList));
|
$toRem = array_values(array_diff($this->groupList_orig, $this->groupList));
|
||||||
$ldapUser = $_SESSION['ldap']->decrypt_login();
|
|
||||||
$ldapUser = $ldapUser[0];
|
|
||||||
// add groups
|
// add groups
|
||||||
for ($i = 0; $i < sizeof($toAdd); $i++) {
|
for ($i = 0; $i < sizeof($toAdd); $i++) {
|
||||||
if (in_array($toAdd[$i], $groups)) {
|
if (in_array($toAdd[$i], $groups)) {
|
||||||
$success = @ldap_mod_add($_SESSION['ldap']->server(), $toAdd[$i], array('member' => array($this->getAccountContainer()->finalDN)));
|
$success = @ldap_mod_add($_SESSION['ldap']->server(), $toAdd[$i], array('member' => array($this->getAccountContainer()->finalDN)));
|
||||||
if (!$success) {
|
if (!$success) {
|
||||||
logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to add user ' . $this->getAccountContainer()->finalDN . ' to group: ' . $toAdd[$i] . ' (' . ldap_error($_SESSION['ldap']->server()) . ').');
|
logNewMessage(LOG_ERR, 'Unable to add user ' . $this->getAccountContainer()->finalDN . ' to group: ' . $toAdd[$i] . ' (' . ldap_error($_SESSION['ldap']->server()) . ').');
|
||||||
$messages[] = array('ERROR', sprintf(_('Was unable to add attributes to DN: %s.'), $toAdd[$i]), getDefaultLDAPErrorString($_SESSION['ldap']->server()));
|
$messages[] = array('ERROR', sprintf(_('Was unable to add attributes to DN: %s.'), $toAdd[$i]), getDefaultLDAPErrorString($_SESSION['ldap']->server()));
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
logNewMessage(LOG_NOTICE, '[' . $ldapUser .'] Added user ' . $this->getAccountContainer()->finalDN . ' to group: ' . $toAdd[$i]);
|
logNewMessage(LOG_NOTICE, 'Added user ' . $this->getAccountContainer()->finalDN . ' to group: ' . $toAdd[$i]);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -2191,11 +2189,11 @@ class windowsUser extends baseModule implements passwordService {
|
||||||
if (in_array($toRem[$i], $groups)) {
|
if (in_array($toRem[$i], $groups)) {
|
||||||
$success = @ldap_mod_del($_SESSION['ldap']->server(), $toRem[$i], array('member' => array($this->getAccountContainer()->dn_orig)));
|
$success = @ldap_mod_del($_SESSION['ldap']->server(), $toRem[$i], array('member' => array($this->getAccountContainer()->dn_orig)));
|
||||||
if (!$success) {
|
if (!$success) {
|
||||||
logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to delete user ' . $this->getAccountContainer()->finalDN . ' from group: ' . $toRem[$i] . ' (' . ldap_error($_SESSION['ldap']->server()) . ').');
|
logNewMessage(LOG_ERR, 'Unable to delete user ' . $this->getAccountContainer()->finalDN . ' from group: ' . $toRem[$i] . ' (' . ldap_error($_SESSION['ldap']->server()) . ').');
|
||||||
$messages[] = array('ERROR', sprintf(_('Was unable to remove attributes from DN: %s.'), $toRem[$i]), getDefaultLDAPErrorString($_SESSION['ldap']->server()));
|
$messages[] = array('ERROR', sprintf(_('Was unable to remove attributes from DN: %s.'), $toRem[$i]), getDefaultLDAPErrorString($_SESSION['ldap']->server()));
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
logNewMessage(LOG_NOTICE, '[' . $ldapUser .'] Removed user ' . $this->getAccountContainer()->finalDN . ' from group: ' . $toRem[$i]);
|
logNewMessage(LOG_NOTICE, 'Removed user ' . $this->getAccountContainer()->finalDN . ' from group: ' . $toRem[$i]);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -2204,7 +2202,7 @@ class windowsUser extends baseModule implements passwordService {
|
||||||
$attrs = array('pwdLastSet' => array($this->pwdLastSet));
|
$attrs = array('pwdLastSet' => array($this->pwdLastSet));
|
||||||
$success = @ldap_modify($_SESSION['ldap']->server(), $this->getAccountContainer()->finalDN, $attrs);
|
$success = @ldap_modify($_SESSION['ldap']->server(), $this->getAccountContainer()->finalDN, $attrs);
|
||||||
if (!$success) {
|
if (!$success) {
|
||||||
logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to change pwdLastSet for ' . $this->getAccountContainer()->finalDN . ' (' . ldap_error($_SESSION['ldap']->server()) . ').');
|
logNewMessage(LOG_ERR, 'Unable to change pwdLastSet for ' . $this->getAccountContainer()->finalDN . ' (' . ldap_error($_SESSION['ldap']->server()) . ').');
|
||||||
$messages[] = array('ERROR', sprintf(_('Was unable to modify attributes of DN: %s.'), $this->getAccountContainer()->finalDN), getDefaultLDAPErrorString($_SESSION['ldap']->server()));
|
$messages[] = array('ERROR', sprintf(_('Was unable to modify attributes of DN: %s.'), $this->getAccountContainer()->finalDN), getDefaultLDAPErrorString($_SESSION['ldap']->server()));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -101,10 +101,10 @@ class Remote {
|
||||||
*/
|
*/
|
||||||
private function loginSSH($handle) {
|
private function loginSSH($handle) {
|
||||||
$username = $_SESSION['config']->getScriptUserName();
|
$username = $_SESSION['config']->getScriptUserName();
|
||||||
$credentials = $_SESSION['ldap']->decrypt_login();
|
$ldapUser = $_SESSION['ldap']->getUserName();
|
||||||
if (empty($username)) {
|
if (empty($username)) {
|
||||||
// get user name from current LAM user
|
// get user name from current LAM user
|
||||||
$sr = @ldap_read($_SESSION['ldap']->server(), $credentials[0], "objectClass=posixAccount", array('uid'), 0, 0, 0, LDAP_DEREF_NEVER);
|
$sr = @ldap_read($_SESSION['ldap']->server(), $ldapUser, "objectClass=posixAccount", array('uid'), 0, 0, 0, LDAP_DEREF_NEVER);
|
||||||
if ($sr) {
|
if ($sr) {
|
||||||
$entry = @ldap_get_entries($_SESSION['ldap']->server(), $sr);
|
$entry = @ldap_get_entries($_SESSION['ldap']->server(), $sr);
|
||||||
if (!empty($entry[0]['uid'])) {
|
if (!empty($entry[0]['uid'])) {
|
||||||
|
|
@ -112,10 +112,10 @@ class Remote {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (empty($username)) {
|
if (empty($username)) {
|
||||||
throw new LAMException(sprintf(_("Your LAM admin user (%s) must be a valid Unix account to work with lamdaemon!"), getAbstractDN($credentials[0])));
|
throw new LAMException(sprintf(_("Your LAM admin user (%s) must be a valid Unix account to work with lamdaemon!"), getAbstractDN($ldapUser)));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
$password = $credentials[1];
|
$password = $_SESSION['ldap']->getPassword();
|
||||||
$keyPath = $_SESSION['config']->getScriptSSHKey();
|
$keyPath = $_SESSION['config']->getScriptSSHKey();
|
||||||
if (!empty($keyPath)) {
|
if (!empty($keyPath)) {
|
||||||
// use key authentication
|
// use key authentication
|
||||||
|
|
|
||||||
|
|
@ -173,8 +173,8 @@ function checkClientIP() {
|
||||||
function logoffAndBackToLoginPage() {
|
function logoffAndBackToLoginPage() {
|
||||||
// log message
|
// log message
|
||||||
if (isset($_SESSION['ldap'])) {
|
if (isset($_SESSION['ldap'])) {
|
||||||
$ldapUser = $_SESSION['ldap']->decrypt_login();
|
$ldapUser = $_SESSION['ldap']->getUserName();
|
||||||
logNewMessage(LOG_WARNING, 'Session of user ' . $ldapUser[0] . ' expired.');
|
logNewMessage(LOG_WARNING, 'Session of user ' . $ldapUser . ' expired.');
|
||||||
// close LDAP connection
|
// close LDAP connection
|
||||||
@$_SESSION["ldap"]->destroy();
|
@$_SESSION["ldap"]->destroy();
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -4,7 +4,6 @@ app_session_start();
|
||||||
$lamConfig = $_SESSION['config'];
|
$lamConfig = $_SESSION['config'];
|
||||||
$lamCfgMain = $_SESSION['cfgMain'];
|
$lamCfgMain = $_SESSION['cfgMain'];
|
||||||
$lamLdap = $_SESSION['ldap'];
|
$lamLdap = $_SESSION['ldap'];
|
||||||
$lamLogin = $lamLdap->decrypt_login();
|
|
||||||
|
|
||||||
$servers = new Datastore();
|
$servers = new Datastore();
|
||||||
$servers->newServer('ldap_pla');
|
$servers->newServer('ldap_pla');
|
||||||
|
|
@ -12,8 +11,8 @@ $servers->setValue('server','name',null);
|
||||||
$servers->setValue('server','host',$lamConfig->get_ServerURL());
|
$servers->setValue('server','host',$lamConfig->get_ServerURL());
|
||||||
$servers->setValue('server','base',array($lamConfig->get_Suffix('tree')));
|
$servers->setValue('server','base',array($lamConfig->get_Suffix('tree')));
|
||||||
$servers->setValue('login','auth_type','config');
|
$servers->setValue('login','auth_type','config');
|
||||||
$servers->setValue('login','bind_id',$lamLogin[0]);
|
$servers->setValue('login','bind_id', $lamLdap->getUserName());
|
||||||
$servers->setValue('login','bind_pass',$lamLogin[1]);
|
$servers->setValue('login','bind_pass',$lamLdap->getPassword());
|
||||||
if ($lamConfig->getUseTLS() == 'yes') {
|
if ($lamConfig->getUseTLS() == 'yes') {
|
||||||
$servers->setValue('server','tls',true);
|
$servers->setValue('server','tls',true);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -9,10 +9,9 @@ use \htmlSelect;
|
||||||
use \htmlInputField;
|
use \htmlInputField;
|
||||||
use \htmlButton;
|
use \htmlButton;
|
||||||
/*
|
/*
|
||||||
$Id$
|
|
||||||
|
|
||||||
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
||||||
Copyright (C) 2017 Roland Gruber
|
Copyright (C) 2017 - 2019 Roland Gruber
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
|
@ -46,9 +45,7 @@ startSecureSession();
|
||||||
setlanguage();
|
setlanguage();
|
||||||
|
|
||||||
$config = $_SESSION['config'];
|
$config = $_SESSION['config'];
|
||||||
$ldap = $_SESSION['ldap'];
|
$password = $_SESSION['ldap']->getPassword();
|
||||||
$credentials = $ldap->decrypt_login();
|
|
||||||
$password = $credentials[1];
|
|
||||||
$user = $_SESSION['user2factor'];
|
$user = $_SESSION['user2factor'];
|
||||||
if (get_preg($user, 'dn')) {
|
if (get_preg($user, 'dn')) {
|
||||||
$user = extractRDNValue($user);
|
$user = extractRDNValue($user);
|
||||||
|
|
|
||||||
|
|
@ -1,9 +1,8 @@
|
||||||
<?php
|
<?php
|
||||||
/*
|
/*
|
||||||
$Id$
|
|
||||||
|
|
||||||
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
||||||
Copyright (C) 2003 - 2018 Roland Gruber
|
Copyright (C) 2003 - 2019 Roland Gruber
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
|
@ -47,8 +46,7 @@ startSecureSession();
|
||||||
|
|
||||||
// log message
|
// log message
|
||||||
if (isset($_SESSION['loggedIn']) || ($_SESSION['loggedIn'] === true)) {
|
if (isset($_SESSION['loggedIn']) || ($_SESSION['loggedIn'] === true)) {
|
||||||
$ldapUser = $_SESSION['ldap']->decrypt_login();
|
logNewMessage(LOG_NOTICE, 'User logged off.');
|
||||||
logNewMessage(LOG_NOTICE, 'User ' . $ldapUser[0] . ' logged off.');
|
|
||||||
|
|
||||||
// close LDAP connection
|
// close LDAP connection
|
||||||
if (!empty($_SESSION["ldap"])) {
|
if (!empty($_SESSION["ldap"])) {
|
||||||
|
|
|
||||||
|
|
@ -210,13 +210,13 @@ function lamRunTestSuite($serverName, $serverTitle, $testQuota, $container) {
|
||||||
$container->addVerticalSpacer('0.5rem');
|
$container->addVerticalSpacer('0.5rem');
|
||||||
|
|
||||||
// check Unix account of LAM admin
|
// check Unix account of LAM admin
|
||||||
$credentials = $_SESSION['ldap']->decrypt_login();
|
$ldapUser = $_SESSION['ldap']->getUserName();
|
||||||
if (!$stopTest) {
|
if (!$stopTest) {
|
||||||
$scriptUserName = $_SESSION['config']->getScriptUserName();
|
$scriptUserName = $_SESSION['config']->getScriptUserName();
|
||||||
if (empty($scriptUserName)) {
|
if (empty($scriptUserName)) {
|
||||||
$container->add(new htmlOutputText(_("Unix account")), 10, 4);
|
$container->add(new htmlOutputText(_("Unix account")), 10, 4);
|
||||||
$unixOk = false;
|
$unixOk = false;
|
||||||
$sr = @ldap_read($_SESSION['ldap']->server(), $credentials[0], "objectClass=posixAccount", array('uid'), 0, 0, 0, LDAP_DEREF_NEVER);
|
$sr = @ldap_read($_SESSION['ldap']->server(), $ldapUser, "objectClass=posixAccount", array('uid'), 0, 0, 0, LDAP_DEREF_NEVER);
|
||||||
if ($sr) {
|
if ($sr) {
|
||||||
$entry = @ldap_get_entries($_SESSION['ldap']->server(), $sr);
|
$entry = @ldap_get_entries($_SESSION['ldap']->server(), $sr);
|
||||||
$userName = $entry[0]['uid'][0];
|
$userName = $entry[0]['uid'][0];
|
||||||
|
|
@ -230,7 +230,7 @@ function lamRunTestSuite($serverName, $serverTitle, $testQuota, $container) {
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$container->add(new htmlImage($failImage), 2);
|
$container->add(new htmlImage($failImage), 2);
|
||||||
$container->add(new htmlOutputText(sprintf(_("Your LAM admin user (%s) must be a valid Unix account to work with lamdaemon!"), $credentials[0])), 12, 6);
|
$container->add(new htmlOutputText(sprintf(_("Your LAM admin user (%s) must be a valid Unix account to work with lamdaemon!"), $ldapUser)), 12, 6);
|
||||||
$stopTest = true;
|
$stopTest = true;
|
||||||
}
|
}
|
||||||
$container->addVerticalSpacer('0.5rem');
|
$container->addVerticalSpacer('0.5rem');
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue