bn8/ldapsaisie
1
0
Fork 0
mirror of https://gitlab.easter-eggs.com/ee/ldapsaisie.git synced 2024-11-22 18:09:06 +01:00
Code Issues Projects Releases Wiki Activity

LSsession : Add useUserCredentials parameter

Browse source
This commit is contained in:
Benjamin Renard 2014-11-18 13:16:38 +01:00
parent a956658923
commit a73103a576
5 changed files with 117 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
doc/conf/srv-ldap.docbook
View file

@ -16,6 +16,7 @@ serveur LDAP.</para>
'ldap_config'=> array(
// Définition des paramètres de connexion à l'annuaire
),
'useUserCredentials' => [boolean],
'LSauth' => array (
'method' => [LSauth method]
),
@ -71,6 +72,20 @@ serveur LDAP.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>useUserCredentials</term>
<listitem>
<simpara>Booléen définissant si il faut utiliser les identifiants de l'utilisateur pour
se connecter à l'annuaire (<emphasis>false</emphasis> par défaut). Si cette option est
activée, la connexion à l'annuaire LDAP sera établie avec la configuration fournie dans
le paramètre <emphasis>ldap_config</emphasis> en écrasant les informations de connexion
(<emphasis>binddn</emphasis> et <emphasis>bindpwd</emphasis>) par ceux de l'utilisateur.
Si l'utilisateur n'est pas encore connecté, la connexion sera étalie sans modifier la
configuration fournie.
</simpara>
</listitem>
</varlistentry>
<varlistentry>
<term>LSprofiles</term>

13
public_html/includes/class/class.LSauth.php
View file

@ -85,6 +85,19 @@ class LSauth {
return;
}
/**
* Get LDAP credentials
*
* Return LDAP credentials or false
*
* @params[in] $user The LSldapObject of the user authificated
*
* @retval Array|false Array of LDAP credentials array('dn','pwd') or False
**/
public function getLDAPcredentials($user) {
return self :: $provider -> getLDAPcredentials($user);
}
/**
* Logout
*

20
public_html/includes/class/class.LSauthMethod.php
View file

@ -93,7 +93,25 @@ class LSauthMethod {
// Do nothing in the standard LSauthMethod class
return true;
}
/**
* Get LDAP credentials
*
* Return LDAP credentials or false
*
* @params[in] $user The LSldapObject of the user authificated
*
* @retval Array|false Array of LDAP credentials array('dn','pwd') or False
**/
public function getLDAPcredentials($user) {
if (isset($this -> authData['password'])) {
return array(
'dn' => $user -> getDn(),
'pwd' => $this -> authData['password']
);
}
return false;
}
}
?>

40
public_html/includes/class/class.LSldap.php
View file

@ -39,7 +39,7 @@ class LSldap {
*
* @author Benjamin Renard <brenard@easter-eggs.com>
*
* @param[in] $config array Tableau de configuration au formar Net_LDAP2
* @param[in] $config array Tableau de configuration au format Net_LDAP2
*
* @retval void
*/
@ -48,15 +48,15 @@ class LSldap {
}
/**
* Connection
* Connect to LDAP server
*
* Cette methode établie la connexion à l'annuaire Ldap
* This method establish connection to LDAP server
*
* @author Benjamin Renard <brenard@easter-eggs.com>
*
* @param[in] $config array Tableau de configuration au formar Net_LDAP2
* @param[in] $config array LDAP configuration array in format of Net_LDAP2
*
* @retval boolean true si la connection est établie, false sinon
* @retval boolean true if connected, false instead
*/
public static function connect($config = null) {
if ($config) {
@ -71,6 +71,36 @@ class LSldap {
return true;
}
/**
* Reconnect (or connect) with other credentials
*
* @author Benjamin Renard <brenard@easter-eggs.com>
*
* @param[in] $dn string Bind DN
* @param[in] $pwd array Bind password
* @param[in] $config array LDAP configuration array in format of Net_LDAP2
*
* @retval boolean true if connected, false instead
*/
public static function reconnectAs($dn,$pwd,$config) {
if ($config) {
self :: setConfig($config);
}
if (self :: $cnx) {
self :: $cnx -> done();
}
$config=self :: $config;
$config['binddn']=$dn;
$config['bindpw']=$pwd;
self :: $cnx = Net_LDAP2::connect($config);
if (Net_LDAP2::isError(self :: $cnx)) {
LSerror :: addErrorCode('LSldap_01',self :: $cnx -> getMessage());
self :: $cnx = NULL;
return;
}
return true;
}
/**
* Déconnection
*

42
public_html/includes/class/class.LSsession.php
View file

@ -84,6 +84,9 @@ class LSsession {
// The LSauht object of the session
private static $LSauthObject = false;
// User LDAP credentials
private static $userLDAPcreds = false;
/**
* Include un fichier PHP
*
@ -475,11 +478,12 @@ class LSsession {
if(isset($_SESSION['LSsession']['dn']) && !isset($_GET['LSsession_recoverPassword'])) {
LSdebug('LSsession : Session existente');
// --------------------- Session existante --------------------- //
self :: $topDn = $_SESSION['LSsession']['topDn'];
self :: $dn = $_SESSION['LSsession']['dn'];
self :: $rdn = $_SESSION['LSsession']['rdn'];
self :: $ldapServerId = $_SESSION['LSsession']['ldapServerId'];
self :: $tmp_file = $_SESSION['LSsession']['tmp_file'];
self :: $topDn = $_SESSION['LSsession']['topDn'];
self :: $dn = $_SESSION['LSsession']['dn'];
self :: $rdn = $_SESSION['LSsession']['rdn'];
self :: $ldapServerId = $_SESSION['LSsession']['ldapServerId'];
self :: $tmp_file = $_SESSION['LSsession']['tmp_file'];
self :: $userLDAPcreds = $_SESSION['LSsession']['userLDAPcreds'];
if ( self :: cacheLSprofiles() && !isset($_REQUEST['LSsession_refresh']) ) {
self :: setLdapServer(self :: $ldapServerId);
@ -584,6 +588,18 @@ class LSsession {
self :: $LSuserObject = $LSuserObject;
self :: $dn = $LSuserObject->getValue('dn');
self :: $rdn = $LSuserObject->getValue('rdn');
if (isset(self :: $ldapServer['useUserCredentials']) && self :: $ldapServer['useUserCredentials']) {
self :: $userLDAPcreds = LSauth :: getLDAPcredentials($LSuserObject);
if (!is_array(self :: $userLDAPcreds)) {
LSerror :: addErrorCode('LSsession_14');
self :: $userLDAPcreds = false;
return;
}
if (!LSldap :: reconnectAs(self :: $userLDAPcreds['dn'],self :: $userLDAPcreds['pwd'])) {
LSerror :: addErrorCode('LSsession_15');
return;
}
}
self :: loadLSprofiles();
self :: loadLSaccess();
LStemplate :: assign('LSsession_username',self :: getLSuserObject() -> getDisplayName());
@ -851,6 +867,7 @@ class LSsession {
'topDn' => self :: $topDn,
'dn' => self :: $dn,
'rdn' => self :: $rdn,
'userLDAPcreds' => self :: $userLDAPcreds,
'ldapServerId' => self :: $ldapServerId,
'ldapServer' => self :: $ldapServer,
'LSprofiles' => self :: $LSprofiles,
@ -955,7 +972,12 @@ class LSsession {
if (!self :: loadLSclass('LSldap')) {
return;
}
LSldap :: connect(self :: $ldapServer['ldap_config']);
if (self :: $dn && isset(self :: $ldapServer['useUserCredentials']) && self :: $ldapServer['useUserCredentials']) {
LSldap :: reconnectAs(self :: $userLDAPcreds['dn'], self :: $userLDAPcreds['pwd'],self :: $ldapServer['ldap_config']);
}
else {
LSldap :: connect(self :: $ldapServer['ldap_config']);
}
if (LSldap :: isConnected()) {
return true;
}
@ -2223,7 +2245,13 @@ class LSsession {
LSerror :: defineError('LSsession_13',
_("LSsession : The function of the custom action %{name} does not exists or is not configured.")
);
// 14 -> 16 : not yet used
LSerror :: defineError('LSsession_14',
_("LSsession : Fail to retreive user's LDAP credentials from LSauth.")
);
LSerror :: defineError('LSsession_15',
_("LSsession : Fail to reconnect to LDAP server with user's LDAP credentials.")
);
// 16 : not yet used
LSerror :: defineError('LSsession_17',
_("LSsession : Error during creation of list of levels. Contact administrators. (Code : %{code})")
);