Etienne Pallier / labinvent

Commit 1ac9f214e1c4d93d617eff0336d8005c662d2daf

Authored by Etienne Pallier
1 parent 5138a4a8
Exists in master and in 3 other branches dev, dev-IRAP, dev-LATMOS

Nouvelle version connexion ldap

Showing 3 changed files with 78 additions and 20 deletions   Show diff stats
Inline Side-by-side
src/Model/Table/LdapConnectionsTable.php
  Diff comments   View file @1ac9f21
... ... @@ -20,6 +20,12 @@ class LdapConnectionsTable extends AppTable
20 20 private $authenticationType;
21 21  
22 22 private $filter;
  23 +
  24 + /*MCM*/
  25 + private $anonymous;
  26 + private $bindDn;
  27 + private $bindPass;
  28 + /* fin MCM*/
23 29  
24 30 private $USE_LDAP = TRUE;
25 31  
... ... @@ -150,6 +156,14 @@ class LdapConnectionsTable extends AppTable
150 156 $this->baseDn = $config->baseDn_ldap;
151 157 $this->filter = $config->filter_ldap;
152 158 $this->authenticationType = $config->authentificationType_ldap;
  159 + /*MCM*/
  160 + $NEW_CONF=FALSE;
  161 + if ($NEW_CONF) {
  162 + $this->bindDn = $config->bindDn_ldap;
  163 + $this->bindPass = $config->bindPass_ldap;
  164 + $this->anonymous = $config->anonymous_ldap;
  165 + }
  166 + /* fin MCM*/
153 167  
154 168 return true;
155 169 }
... ... @@ -354,22 +368,41 @@ class LdapConnectionsTable extends AppTable
354 368 $just_these = [];
355 369 // - Anonymous connection (IRAP, IAS, LATMOS)
356 370 if ($LDAP_ANONYMOUS) {
357   - //$dn = $this->baseDn; // "ou=users,dc=irap,dc=omp,dc=eu"
358   - $auth_dn = ''; //= $this->authDn;
359   - $binddn = $this->authenticationType . '=' . $user_login;
  371 + ///$auth_dn = ''; //= $this->authDn;
  372 + // $this->authenticationType = 'uid'
  373 + // $this->baseDn = "ou=users,dc=irap,dc=omp,dc=eu"
  374 +
  375 + //TODO: à virer, ca n'est pas nécessaire en anonymous
  376 + $binddn = $this->authenticationType . '=' . $user_login; // ex: uid=epallier
360 377 $ldappass = $user_password;
  378 +
361 379 //$filter = '('.$binddn.')'; // ex: "(uid=epallier)"
362   - $filter = $this->filter . '('.$binddn.')'; // ex: "(uid=epallier)"
  380 + ////$filter = $this->filter . '('.$binddn.')'; // ex: "(uid=epallier)"
  381 + //TODO: refactoriser
  382 + $binddn .= ','.$this->baseDn;
363 383 }
364 384 // - Authentified connection (CRAL)
365 385 else {
366   - //$dn = $this->baseDn; // "dc=univ-lyon1,dc=fr";
  386 + //$dn = $this->baseDn; // "dc=univ-lyon1,dc=fr"
367 387 //$binddn="CN=svc_ldap_cral,OU=users,OU=27,OU=sim,OU=univ-lyon1,DC=univ-lyon1,DC=fr";
368 388 //$binddn = "CN=svc_ldap_cral,OU=users,OU=27,OU=sim,OU=univ-lyon1,".$dn;
  389 + /* EP version
369 390 $auth_dn = "CN=svc_ldap_cral,OU=users,OU=27,OU=sim,OU=univ-lyon1"; //= $this->authDn;
370 391 $binddn = $auth_dn;
371 392 $ldappass = "lemotdepasse";
372 393 $filter = "(&(objectClass=person)(memberOf:1.2.840.113556.1.4.1941:=cn=ucbl.osu.cral,ou=groups,ou=27,ou=sim,ou=univ-lyon1,dc=univ-lyon1,dc=fr))";
  394 + */
  395 + ///$auth_dn = $this->baseDn; // dc=univ-lyon1,dc=fr
  396 + // $this->authenticationType = 'sAMAccountName'
  397 + // $this->baseDn = "dc=univ-lyon1,dc=fr"
  398 + $anonymous = $this->anonymous;
  399 + if ($anonymous == '0') {
  400 + $binddn = $this->bindDn; // CN=svc_ldap_cral,OU=users,OU=27,OU=sim,OU=univ-lyon1,DC=univ-lyon1,DC=fr
  401 + $ldappass = $this->bindPass;
  402 + }
  403 + //construction du filtre avec le filtre de la base de données avec un & sur le login de l'utilisateur
  404 + //si aucun filtre n'est défini dans la base de données on aura juste (& ($this->authenticationType=$user_login))
  405 + ////$filter = "(&".$this->filter."(".$this->authenticationType . '=' . $user_login."))";
373 406 //$just_these = array("cn");
374 407 /*
375 408 NEW version
... ... @@ -378,27 +411,33 @@ class LdapConnectionsTable extends AppTable
378 411 $binddn="CN=svc_ldap_cral,OU=users,OU=27,OU=sim,OU=univ-lyon1,DC=univ-lyon1,DC=fr";
379 412 */
380 413 }
381   - $binddn .= ','.$this->baseDn;
  414 + $filter = "(&".$this->filter."(".$this->authenticationType . '=' . $user_login."))";
  415 + //TODO: optimisation
  416 + /////////$binddn .= ','.$this->baseDn;
382 417  
383 418 // Connection
384 419 $ldapConnection = ldap_connect($this->host, $this->port) or die("Could not connect to $this->host (port $this->port)");
385 420 if ($ldapConnection) {
386 421 ldap_set_option($ldapConnection, LDAP_OPT_PROTOCOL_VERSION, 3);
387 422 // Binding
388   - //if (@ldap_bind($ldapConnection, $this->authenticationType . '=' . $login . ',' . $this->baseDn, $password)) {
389   - $ldapbind = ldap_bind($ldapConnection, $binddn, $ldappass) or die( "Could not bind to LDAP server.". ldap_error($ldapConnection) );
390   - if ($ldapbind) {
391   - //return $this->getUserAttributes($login, $LDAP_ANONYMOUS, $filter, $just_these)[0];
392   - $search = $this->getUserAttributes($user_login, $ldapConnection, $LDAP_ANONYMOUS, $filter, $just_these);
393   - if ($search === false) die("Could not get user attributes from LDAP server, response was: " . ldap_error($ldapConnection) );
394   - return $search[0];
395   - /*
396   - * } else {
397   - * return false;
398   - */
399   - }
  423 + /*MCM*/
  424 + // bind optionnel
  425 + if ($anonymous == '0')
  426 + $ldapbind = ldap_bind($ldapConnection, $binddn, $ldappass) or die("Could not bind to LDAP server.". ldap_error($ldapConnection) );
  427 + // EP: bind obligatoire
  428 + //if ($ldapbind) {
  429 + $search = $this->getUserAttributes($user_login, $ldapConnection, $LDAP_ANONYMOUS, $filter, $just_these);
  430 + /* fin MCM*/
  431 + if ($search === false) die("Could not get user attributes from LDAP server, response was: " . ldap_error($ldapConnection) );
  432 + return $search[0];
  433 + /*
  434 + * } else {
  435 + * return false;
  436 + */
  437 + //}
400 438 }
401 439  
  440 +
402 441 // We are not using LDAP (so, use FAKE LDAP instead)
403 442 } else {
404 443 $user = $this->getFakeLdapUser($user_login);
... ...
src/Template/Configurations/edit.ctp
  Diff comments   View file @1ac9f21
... ... @@ -153,6 +153,19 @@
153 153 echo $this->Form->input('filter_ldap', [
154 154 'label' => 'Filtre du LDAP'
155 155 ]);
  156 +
  157 + /*MCM*/
  158 + echo $this->Form->input('anonymous_ldap', [
  159 + 'label' => 'LDAP anonyme'
  160 + ]);
  161 + echo $this->Form->input('bindDn_ldap', [
  162 + 'label' => 'Bind du LDAP'
  163 + ]);
  164 + echo $this->Form->input('bindPass_ldap', [
  165 + 'label' => 'Password Bind du LDAP'
  166 + ]);
  167 + /* fin MCM */
  168 +
156 169 echo '</div>';
157 170 echo '</div>';
158 171  
... ...
src/Template/Configurations/view.ctp
  Diff comments   View file @1ac9f21
... ... @@ -136,7 +136,7 @@
136 136 echo '</table>';
137 137 echo '</div>';
138 138  
139   - if ($configuration->use_ldap) :
  139 + //if ($configuration->use_ldap) :
140 140 echo '<h3 id="t_fichiers" style="cursor: pointer;">';
141 141 echo '<i class="icon-chevron-down" style="font-size: 14px;" id="i_fichiers"></i>';
142 142 echo '<span style="text-decoration: underline;">LDAP</span>';
... ... @@ -150,10 +150,16 @@
150 150 $displayElement(__('Type d\'authentification du LDAP'), h($configurationObj->authentificationType_ldap));
151 151 $displayElement(__('Base DN du LDAP'), h($configurationObj->baseDn_ldap));
152 152 $displayElement(__('Filtre du LDAP'), h($configurationObj->filter_ldap));
  153 +
  154 + /*MCM*/
  155 + $displayElement(__('LDAP anonyme'), h($configurationObj->anonymous_ldap));
  156 + $displayElement(__('Bind du LDAP'), h($configurationObj->bindDn_ldap));
  157 + $displayElement(__('Password Bind du LDAP'), h($configurationObj->bindPass_ldap));
  158 + /*fin MCM*/
153 159  
154 160 echo '</table>';
155 161 echo '</div>';
156   - endif;
  162 + //endif;
157 163  
158 164 echo '<h3 id="t_emprunts" style="cursor: pointer;">';
159 165 echo '<i class="icon-chevron-down" style="font-size: 14px;" id="i_emprunts"></i>';
... ...