diff --git a/src/Model/Table/LdapConnectionsTable.php b/src/Model/Table/LdapConnectionsTable.php index ba8caae..b97504b 100755 --- a/src/Model/Table/LdapConnectionsTable.php +++ b/src/Model/Table/LdapConnectionsTable.php @@ -20,6 +20,12 @@ class LdapConnectionsTable extends AppTable private $authenticationType; private $filter; + + /*MCM*/ + private $anonymous; + private $bindDn; + private $bindPass; + /* fin MCM*/ private $USE_LDAP = TRUE; @@ -150,6 +156,14 @@ class LdapConnectionsTable extends AppTable $this->baseDn = $config->baseDn_ldap; $this->filter = $config->filter_ldap; $this->authenticationType = $config->authentificationType_ldap; + /*MCM*/ + $NEW_CONF=FALSE; + if ($NEW_CONF) { + $this->bindDn = $config->bindDn_ldap; + $this->bindPass = $config->bindPass_ldap; + $this->anonymous = $config->anonymous_ldap; + } + /* fin MCM*/ return true; } @@ -354,22 +368,41 @@ class LdapConnectionsTable extends AppTable $just_these = []; // - Anonymous connection (IRAP, IAS, LATMOS) if ($LDAP_ANONYMOUS) { - //$dn = $this->baseDn; // "ou=users,dc=irap,dc=omp,dc=eu" - $auth_dn = ''; //= $this->authDn; - $binddn = $this->authenticationType . '=' . $user_login; + ///$auth_dn = ''; //= $this->authDn; + // $this->authenticationType = 'uid' + // $this->baseDn = "ou=users,dc=irap,dc=omp,dc=eu" + + //TODO: à virer, ca n'est pas nécessaire en anonymous + $binddn = $this->authenticationType . '=' . $user_login; // ex: uid=epallier $ldappass = $user_password; + //$filter = '('.$binddn.')'; // ex: "(uid=epallier)" - $filter = $this->filter . '('.$binddn.')'; // ex: "(uid=epallier)" + ////$filter = $this->filter . '('.$binddn.')'; // ex: "(uid=epallier)" + //TODO: refactoriser + $binddn .= ','.$this->baseDn; } // - Authentified connection (CRAL) else { - //$dn = $this->baseDn; // "dc=univ-lyon1,dc=fr"; + //$dn = $this->baseDn; // "dc=univ-lyon1,dc=fr" //$binddn="CN=svc_ldap_cral,OU=users,OU=27,OU=sim,OU=univ-lyon1,DC=univ-lyon1,DC=fr"; //$binddn = "CN=svc_ldap_cral,OU=users,OU=27,OU=sim,OU=univ-lyon1,".$dn; + /* EP version $auth_dn = "CN=svc_ldap_cral,OU=users,OU=27,OU=sim,OU=univ-lyon1"; //= $this->authDn; $binddn = $auth_dn; $ldappass = "lemotdepasse"; $filter = "(&(objectClass=person)(memberOf:1.2.840.113556.1.4.1941:=cn=ucbl.osu.cral,ou=groups,ou=27,ou=sim,ou=univ-lyon1,dc=univ-lyon1,dc=fr))"; + */ + ///$auth_dn = $this->baseDn; // dc=univ-lyon1,dc=fr + // $this->authenticationType = 'sAMAccountName' + // $this->baseDn = "dc=univ-lyon1,dc=fr" + $anonymous = $this->anonymous; + if ($anonymous == '0') { + $binddn = $this->bindDn; // CN=svc_ldap_cral,OU=users,OU=27,OU=sim,OU=univ-lyon1,DC=univ-lyon1,DC=fr + $ldappass = $this->bindPass; + } + //construction du filtre avec le filtre de la base de données avec un & sur le login de l'utilisateur + //si aucun filtre n'est défini dans la base de données on aura juste (& ($this->authenticationType=$user_login)) + ////$filter = "(&".$this->filter."(".$this->authenticationType . '=' . $user_login."))"; //$just_these = array("cn"); /* NEW version @@ -378,27 +411,33 @@ class LdapConnectionsTable extends AppTable $binddn="CN=svc_ldap_cral,OU=users,OU=27,OU=sim,OU=univ-lyon1,DC=univ-lyon1,DC=fr"; */ } - $binddn .= ','.$this->baseDn; + $filter = "(&".$this->filter."(".$this->authenticationType . '=' . $user_login."))"; + //TODO: optimisation + /////////$binddn .= ','.$this->baseDn; // Connection $ldapConnection = ldap_connect($this->host, $this->port) or die("Could not connect to $this->host (port $this->port)"); if ($ldapConnection) { ldap_set_option($ldapConnection, LDAP_OPT_PROTOCOL_VERSION, 3); // Binding - //if (@ldap_bind($ldapConnection, $this->authenticationType . '=' . $login . ',' . $this->baseDn, $password)) { - $ldapbind = ldap_bind($ldapConnection, $binddn, $ldappass) or die( "Could not bind to LDAP server.". ldap_error($ldapConnection) ); - if ($ldapbind) { - //return $this->getUserAttributes($login, $LDAP_ANONYMOUS, $filter, $just_these)[0]; - $search = $this->getUserAttributes($user_login, $ldapConnection, $LDAP_ANONYMOUS, $filter, $just_these); - if ($search === false) die("Could not get user attributes from LDAP server, response was: " . ldap_error($ldapConnection) ); - return $search[0]; - /* - * } else { - * return false; - */ - } + /*MCM*/ + // bind optionnel + if ($anonymous == '0') + $ldapbind = ldap_bind($ldapConnection, $binddn, $ldappass) or die("Could not bind to LDAP server.". ldap_error($ldapConnection) ); + // EP: bind obligatoire + //if ($ldapbind) { + $search = $this->getUserAttributes($user_login, $ldapConnection, $LDAP_ANONYMOUS, $filter, $just_these); + /* fin MCM*/ + if ($search === false) die("Could not get user attributes from LDAP server, response was: " . ldap_error($ldapConnection) ); + return $search[0]; + /* + * } else { + * return false; + */ + //} } + // We are not using LDAP (so, use FAKE LDAP instead) } else { $user = $this->getFakeLdapUser($user_login); diff --git a/src/Template/Configurations/edit.ctp b/src/Template/Configurations/edit.ctp index 107e915..f80773a 100644 --- a/src/Template/Configurations/edit.ctp +++ b/src/Template/Configurations/edit.ctp @@ -153,6 +153,19 @@ echo $this->Form->input('filter_ldap', [ 'label' => 'Filtre du LDAP' ]); + + /*MCM*/ + echo $this->Form->input('anonymous_ldap', [ + 'label' => 'LDAP anonyme' + ]); + echo $this->Form->input('bindDn_ldap', [ + 'label' => 'Bind du LDAP' + ]); + echo $this->Form->input('bindPass_ldap', [ + 'label' => 'Password Bind du LDAP' + ]); + /* fin MCM */ + echo ''; echo ''; diff --git a/src/Template/Configurations/view.ctp b/src/Template/Configurations/view.ctp index b2a40c2..801da70 100644 --- a/src/Template/Configurations/view.ctp +++ b/src/Template/Configurations/view.ctp @@ -136,7 +136,7 @@ echo ''; echo ''; - if ($configuration->use_ldap) : + //if ($configuration->use_ldap) : echo '