mirror of
https://gitlab.easter-eggs.com/ee/ldapsaisie.git
synced 2024-12-22 16:33:48 +01:00
LSsession : Add useUserCredentials parameter
This commit is contained in:
parent
a956658923
commit
a73103a576
5 changed files with 117 additions and 13 deletions
|
@ -16,6 +16,7 @@ serveur LDAP.</para>
|
|||
'ldap_config'=> array(
|
||||
// Définition des paramètres de connexion à l'annuaire
|
||||
),
|
||||
'useUserCredentials' => [boolean],
|
||||
'LSauth' => array (
|
||||
'method' => [LSauth method]
|
||||
),
|
||||
|
@ -71,6 +72,20 @@ serveur LDAP.</para>
|
|||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>useUserCredentials</term>
|
||||
<listitem>
|
||||
<simpara>Booléen définissant si il faut utiliser les identifiants de l'utilisateur pour
|
||||
se connecter à l'annuaire (<emphasis>false</emphasis> par défaut). Si cette option est
|
||||
activée, la connexion à l'annuaire LDAP sera établie avec la configuration fournie dans
|
||||
le paramètre <emphasis>ldap_config</emphasis> en écrasant les informations de connexion
|
||||
(<emphasis>binddn</emphasis> et <emphasis>bindpwd</emphasis>) par ceux de l'utilisateur.
|
||||
Si l'utilisateur n'est pas encore connecté, la connexion sera étalie sans modifier la
|
||||
configuration fournie.
|
||||
</simpara>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>LSprofiles</term>
|
||||
|
|
|
@ -85,6 +85,19 @@ class LSauth {
|
|||
return;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get LDAP credentials
|
||||
*
|
||||
* Return LDAP credentials or false
|
||||
*
|
||||
* @params[in] $user The LSldapObject of the user authificated
|
||||
*
|
||||
* @retval Array|false Array of LDAP credentials array('dn','pwd') or False
|
||||
**/
|
||||
public function getLDAPcredentials($user) {
|
||||
return self :: $provider -> getLDAPcredentials($user);
|
||||
}
|
||||
|
||||
/**
|
||||
* Logout
|
||||
*
|
||||
|
|
|
@ -93,7 +93,25 @@ class LSauthMethod {
|
|||
// Do nothing in the standard LSauthMethod class
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Get LDAP credentials
|
||||
*
|
||||
* Return LDAP credentials or false
|
||||
*
|
||||
* @params[in] $user The LSldapObject of the user authificated
|
||||
*
|
||||
* @retval Array|false Array of LDAP credentials array('dn','pwd') or False
|
||||
**/
|
||||
public function getLDAPcredentials($user) {
|
||||
if (isset($this -> authData['password'])) {
|
||||
return array(
|
||||
'dn' => $user -> getDn(),
|
||||
'pwd' => $this -> authData['password']
|
||||
);
|
||||
}
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
|
@ -39,7 +39,7 @@ class LSldap {
|
|||
*
|
||||
* @author Benjamin Renard <brenard@easter-eggs.com>
|
||||
*
|
||||
* @param[in] $config array Tableau de configuration au formar Net_LDAP2
|
||||
* @param[in] $config array Tableau de configuration au format Net_LDAP2
|
||||
*
|
||||
* @retval void
|
||||
*/
|
||||
|
@ -48,15 +48,15 @@ class LSldap {
|
|||
}
|
||||
|
||||
/**
|
||||
* Connection
|
||||
* Connect to LDAP server
|
||||
*
|
||||
* Cette methode établie la connexion à l'annuaire Ldap
|
||||
* This method establish connection to LDAP server
|
||||
*
|
||||
* @author Benjamin Renard <brenard@easter-eggs.com>
|
||||
*
|
||||
* @param[in] $config array Tableau de configuration au formar Net_LDAP2
|
||||
* @param[in] $config array LDAP configuration array in format of Net_LDAP2
|
||||
*
|
||||
* @retval boolean true si la connection est établie, false sinon
|
||||
* @retval boolean true if connected, false instead
|
||||
*/
|
||||
public static function connect($config = null) {
|
||||
if ($config) {
|
||||
|
@ -71,6 +71,36 @@ class LSldap {
|
|||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Reconnect (or connect) with other credentials
|
||||
*
|
||||
* @author Benjamin Renard <brenard@easter-eggs.com>
|
||||
*
|
||||
* @param[in] $dn string Bind DN
|
||||
* @param[in] $pwd array Bind password
|
||||
* @param[in] $config array LDAP configuration array in format of Net_LDAP2
|
||||
*
|
||||
* @retval boolean true if connected, false instead
|
||||
*/
|
||||
public static function reconnectAs($dn,$pwd,$config) {
|
||||
if ($config) {
|
||||
self :: setConfig($config);
|
||||
}
|
||||
if (self :: $cnx) {
|
||||
self :: $cnx -> done();
|
||||
}
|
||||
$config=self :: $config;
|
||||
$config['binddn']=$dn;
|
||||
$config['bindpw']=$pwd;
|
||||
self :: $cnx = Net_LDAP2::connect($config);
|
||||
if (Net_LDAP2::isError(self :: $cnx)) {
|
||||
LSerror :: addErrorCode('LSldap_01',self :: $cnx -> getMessage());
|
||||
self :: $cnx = NULL;
|
||||
return;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Déconnection
|
||||
*
|
||||
|
|
|
@ -84,6 +84,9 @@ class LSsession {
|
|||
// The LSauht object of the session
|
||||
private static $LSauthObject = false;
|
||||
|
||||
// User LDAP credentials
|
||||
private static $userLDAPcreds = false;
|
||||
|
||||
/**
|
||||
* Include un fichier PHP
|
||||
*
|
||||
|
@ -475,11 +478,12 @@ class LSsession {
|
|||
if(isset($_SESSION['LSsession']['dn']) && !isset($_GET['LSsession_recoverPassword'])) {
|
||||
LSdebug('LSsession : Session existente');
|
||||
// --------------------- Session existante --------------------- //
|
||||
self :: $topDn = $_SESSION['LSsession']['topDn'];
|
||||
self :: $dn = $_SESSION['LSsession']['dn'];
|
||||
self :: $rdn = $_SESSION['LSsession']['rdn'];
|
||||
self :: $ldapServerId = $_SESSION['LSsession']['ldapServerId'];
|
||||
self :: $tmp_file = $_SESSION['LSsession']['tmp_file'];
|
||||
self :: $topDn = $_SESSION['LSsession']['topDn'];
|
||||
self :: $dn = $_SESSION['LSsession']['dn'];
|
||||
self :: $rdn = $_SESSION['LSsession']['rdn'];
|
||||
self :: $ldapServerId = $_SESSION['LSsession']['ldapServerId'];
|
||||
self :: $tmp_file = $_SESSION['LSsession']['tmp_file'];
|
||||
self :: $userLDAPcreds = $_SESSION['LSsession']['userLDAPcreds'];
|
||||
|
||||
if ( self :: cacheLSprofiles() && !isset($_REQUEST['LSsession_refresh']) ) {
|
||||
self :: setLdapServer(self :: $ldapServerId);
|
||||
|
@ -584,6 +588,18 @@ class LSsession {
|
|||
self :: $LSuserObject = $LSuserObject;
|
||||
self :: $dn = $LSuserObject->getValue('dn');
|
||||
self :: $rdn = $LSuserObject->getValue('rdn');
|
||||
if (isset(self :: $ldapServer['useUserCredentials']) && self :: $ldapServer['useUserCredentials']) {
|
||||
self :: $userLDAPcreds = LSauth :: getLDAPcredentials($LSuserObject);
|
||||
if (!is_array(self :: $userLDAPcreds)) {
|
||||
LSerror :: addErrorCode('LSsession_14');
|
||||
self :: $userLDAPcreds = false;
|
||||
return;
|
||||
}
|
||||
if (!LSldap :: reconnectAs(self :: $userLDAPcreds['dn'],self :: $userLDAPcreds['pwd'])) {
|
||||
LSerror :: addErrorCode('LSsession_15');
|
||||
return;
|
||||
}
|
||||
}
|
||||
self :: loadLSprofiles();
|
||||
self :: loadLSaccess();
|
||||
LStemplate :: assign('LSsession_username',self :: getLSuserObject() -> getDisplayName());
|
||||
|
@ -851,6 +867,7 @@ class LSsession {
|
|||
'topDn' => self :: $topDn,
|
||||
'dn' => self :: $dn,
|
||||
'rdn' => self :: $rdn,
|
||||
'userLDAPcreds' => self :: $userLDAPcreds,
|
||||
'ldapServerId' => self :: $ldapServerId,
|
||||
'ldapServer' => self :: $ldapServer,
|
||||
'LSprofiles' => self :: $LSprofiles,
|
||||
|
@ -955,7 +972,12 @@ class LSsession {
|
|||
if (!self :: loadLSclass('LSldap')) {
|
||||
return;
|
||||
}
|
||||
LSldap :: connect(self :: $ldapServer['ldap_config']);
|
||||
if (self :: $dn && isset(self :: $ldapServer['useUserCredentials']) && self :: $ldapServer['useUserCredentials']) {
|
||||
LSldap :: reconnectAs(self :: $userLDAPcreds['dn'], self :: $userLDAPcreds['pwd'],self :: $ldapServer['ldap_config']);
|
||||
}
|
||||
else {
|
||||
LSldap :: connect(self :: $ldapServer['ldap_config']);
|
||||
}
|
||||
if (LSldap :: isConnected()) {
|
||||
return true;
|
||||
}
|
||||
|
@ -2223,7 +2245,13 @@ class LSsession {
|
|||
LSerror :: defineError('LSsession_13',
|
||||
_("LSsession : The function of the custom action %{name} does not exists or is not configured.")
|
||||
);
|
||||
// 14 -> 16 : not yet used
|
||||
LSerror :: defineError('LSsession_14',
|
||||
_("LSsession : Fail to retreive user's LDAP credentials from LSauth.")
|
||||
);
|
||||
LSerror :: defineError('LSsession_15',
|
||||
_("LSsession : Fail to reconnect to LDAP server with user's LDAP credentials.")
|
||||
);
|
||||
// 16 : not yet used
|
||||
LSerror :: defineError('LSsession_17',
|
||||
_("LSsession : Error during creation of list of levels. Contact administrators. (Code : %{code})")
|
||||
);
|
||||
|
|
Loading…
Reference in a new issue