Commit 1ac9f214e1c4d93d617eff0336d8005c662d2daf

Authored by Etienne Pallier
1 parent 5138a4a8

Nouvelle version connexion ldap

src/Model/Table/LdapConnectionsTable.php
@@ -20,6 +20,12 @@ class LdapConnectionsTable extends AppTable @@ -20,6 +20,12 @@ class LdapConnectionsTable extends AppTable
20 private $authenticationType; 20 private $authenticationType;
21 21
22 private $filter; 22 private $filter;
  23 +
  24 + /*MCM*/
  25 + private $anonymous;
  26 + private $bindDn;
  27 + private $bindPass;
  28 + /* fin MCM*/
23 29
24 private $USE_LDAP = TRUE; 30 private $USE_LDAP = TRUE;
25 31
@@ -150,6 +156,14 @@ class LdapConnectionsTable extends AppTable @@ -150,6 +156,14 @@ class LdapConnectionsTable extends AppTable
150 $this->baseDn = $config->baseDn_ldap; 156 $this->baseDn = $config->baseDn_ldap;
151 $this->filter = $config->filter_ldap; 157 $this->filter = $config->filter_ldap;
152 $this->authenticationType = $config->authentificationType_ldap; 158 $this->authenticationType = $config->authentificationType_ldap;
  159 + /*MCM*/
  160 + $NEW_CONF=FALSE;
  161 + if ($NEW_CONF) {
  162 + $this->bindDn = $config->bindDn_ldap;
  163 + $this->bindPass = $config->bindPass_ldap;
  164 + $this->anonymous = $config->anonymous_ldap;
  165 + }
  166 + /* fin MCM*/
153 167
154 return true; 168 return true;
155 } 169 }
@@ -354,22 +368,41 @@ class LdapConnectionsTable extends AppTable @@ -354,22 +368,41 @@ class LdapConnectionsTable extends AppTable
354 $just_these = []; 368 $just_these = [];
355 // - Anonymous connection (IRAP, IAS, LATMOS) 369 // - Anonymous connection (IRAP, IAS, LATMOS)
356 if ($LDAP_ANONYMOUS) { 370 if ($LDAP_ANONYMOUS) {
357 - //$dn = $this->baseDn; // "ou=users,dc=irap,dc=omp,dc=eu"  
358 - $auth_dn = ''; //= $this->authDn;  
359 - $binddn = $this->authenticationType . '=' . $user_login; 371 + ///$auth_dn = ''; //= $this->authDn;
  372 + // $this->authenticationType = 'uid'
  373 + // $this->baseDn = "ou=users,dc=irap,dc=omp,dc=eu"
  374 +
  375 + //TODO: à virer, ca n'est pas nécessaire en anonymous
  376 + $binddn = $this->authenticationType . '=' . $user_login; // ex: uid=epallier
360 $ldappass = $user_password; 377 $ldappass = $user_password;
  378 +
361 //$filter = '('.$binddn.')'; // ex: "(uid=epallier)" 379 //$filter = '('.$binddn.')'; // ex: "(uid=epallier)"
362 - $filter = $this->filter . '('.$binddn.')'; // ex: "(uid=epallier)" 380 + ////$filter = $this->filter . '('.$binddn.')'; // ex: "(uid=epallier)"
  381 + //TODO: refactoriser
  382 + $binddn .= ','.$this->baseDn;
363 } 383 }
364 // - Authentified connection (CRAL) 384 // - Authentified connection (CRAL)
365 else { 385 else {
366 - //$dn = $this->baseDn; // "dc=univ-lyon1,dc=fr"; 386 + //$dn = $this->baseDn; // "dc=univ-lyon1,dc=fr"
367 //$binddn="CN=svc_ldap_cral,OU=users,OU=27,OU=sim,OU=univ-lyon1,DC=univ-lyon1,DC=fr"; 387 //$binddn="CN=svc_ldap_cral,OU=users,OU=27,OU=sim,OU=univ-lyon1,DC=univ-lyon1,DC=fr";
368 //$binddn = "CN=svc_ldap_cral,OU=users,OU=27,OU=sim,OU=univ-lyon1,".$dn; 388 //$binddn = "CN=svc_ldap_cral,OU=users,OU=27,OU=sim,OU=univ-lyon1,".$dn;
  389 + /* EP version
369 $auth_dn = "CN=svc_ldap_cral,OU=users,OU=27,OU=sim,OU=univ-lyon1"; //= $this->authDn; 390 $auth_dn = "CN=svc_ldap_cral,OU=users,OU=27,OU=sim,OU=univ-lyon1"; //= $this->authDn;
370 $binddn = $auth_dn; 391 $binddn = $auth_dn;
371 $ldappass = "lemotdepasse"; 392 $ldappass = "lemotdepasse";
372 $filter = "(&(objectClass=person)(memberOf:1.2.840.113556.1.4.1941:=cn=ucbl.osu.cral,ou=groups,ou=27,ou=sim,ou=univ-lyon1,dc=univ-lyon1,dc=fr))"; 393 $filter = "(&(objectClass=person)(memberOf:1.2.840.113556.1.4.1941:=cn=ucbl.osu.cral,ou=groups,ou=27,ou=sim,ou=univ-lyon1,dc=univ-lyon1,dc=fr))";
  394 + */
  395 + ///$auth_dn = $this->baseDn; // dc=univ-lyon1,dc=fr
  396 + // $this->authenticationType = 'sAMAccountName'
  397 + // $this->baseDn = "dc=univ-lyon1,dc=fr"
  398 + $anonymous = $this->anonymous;
  399 + if ($anonymous == '0') {
  400 + $binddn = $this->bindDn; // CN=svc_ldap_cral,OU=users,OU=27,OU=sim,OU=univ-lyon1,DC=univ-lyon1,DC=fr
  401 + $ldappass = $this->bindPass;
  402 + }
  403 + //construction du filtre avec le filtre de la base de données avec un & sur le login de l'utilisateur
  404 + //si aucun filtre n'est défini dans la base de données on aura juste (& ($this->authenticationType=$user_login))
  405 + ////$filter = "(&".$this->filter."(".$this->authenticationType . '=' . $user_login."))";
373 //$just_these = array("cn"); 406 //$just_these = array("cn");
374 /* 407 /*
375 NEW version 408 NEW version
@@ -378,27 +411,33 @@ class LdapConnectionsTable extends AppTable @@ -378,27 +411,33 @@ class LdapConnectionsTable extends AppTable
378 $binddn="CN=svc_ldap_cral,OU=users,OU=27,OU=sim,OU=univ-lyon1,DC=univ-lyon1,DC=fr"; 411 $binddn="CN=svc_ldap_cral,OU=users,OU=27,OU=sim,OU=univ-lyon1,DC=univ-lyon1,DC=fr";
379 */ 412 */
380 } 413 }
381 - $binddn .= ','.$this->baseDn; 414 + $filter = "(&".$this->filter."(".$this->authenticationType . '=' . $user_login."))";
  415 + //TODO: optimisation
  416 + /////////$binddn .= ','.$this->baseDn;
382 417
383 // Connection 418 // Connection
384 $ldapConnection = ldap_connect($this->host, $this->port) or die("Could not connect to $this->host (port $this->port)"); 419 $ldapConnection = ldap_connect($this->host, $this->port) or die("Could not connect to $this->host (port $this->port)");
385 if ($ldapConnection) { 420 if ($ldapConnection) {
386 ldap_set_option($ldapConnection, LDAP_OPT_PROTOCOL_VERSION, 3); 421 ldap_set_option($ldapConnection, LDAP_OPT_PROTOCOL_VERSION, 3);
387 // Binding 422 // Binding
388 - //if (@ldap_bind($ldapConnection, $this->authenticationType . '=' . $login . ',' . $this->baseDn, $password)) {  
389 - $ldapbind = ldap_bind($ldapConnection, $binddn, $ldappass) or die( "Could not bind to LDAP server.". ldap_error($ldapConnection) );  
390 - if ($ldapbind) {  
391 - //return $this->getUserAttributes($login, $LDAP_ANONYMOUS, $filter, $just_these)[0];  
392 - $search = $this->getUserAttributes($user_login, $ldapConnection, $LDAP_ANONYMOUS, $filter, $just_these);  
393 - if ($search === false) die("Could not get user attributes from LDAP server, response was: " . ldap_error($ldapConnection) );  
394 - return $search[0];  
395 - /*  
396 - * } else {  
397 - * return false;  
398 - */  
399 - } 423 + /*MCM*/
  424 + // bind optionnel
  425 + if ($anonymous == '0')
  426 + $ldapbind = ldap_bind($ldapConnection, $binddn, $ldappass) or die("Could not bind to LDAP server.". ldap_error($ldapConnection) );
  427 + // EP: bind obligatoire
  428 + //if ($ldapbind) {
  429 + $search = $this->getUserAttributes($user_login, $ldapConnection, $LDAP_ANONYMOUS, $filter, $just_these);
  430 + /* fin MCM*/
  431 + if ($search === false) die("Could not get user attributes from LDAP server, response was: " . ldap_error($ldapConnection) );
  432 + return $search[0];
  433 + /*
  434 + * } else {
  435 + * return false;
  436 + */
  437 + //}
400 } 438 }
401 439
  440 +
402 // We are not using LDAP (so, use FAKE LDAP instead) 441 // We are not using LDAP (so, use FAKE LDAP instead)
403 } else { 442 } else {
404 $user = $this->getFakeLdapUser($user_login); 443 $user = $this->getFakeLdapUser($user_login);
src/Template/Configurations/edit.ctp
@@ -153,6 +153,19 @@ @@ -153,6 +153,19 @@
153 echo $this->Form->input('filter_ldap', [ 153 echo $this->Form->input('filter_ldap', [
154 'label' => 'Filtre du LDAP' 154 'label' => 'Filtre du LDAP'
155 ]); 155 ]);
  156 +
  157 + /*MCM*/
  158 + echo $this->Form->input('anonymous_ldap', [
  159 + 'label' => 'LDAP anonyme'
  160 + ]);
  161 + echo $this->Form->input('bindDn_ldap', [
  162 + 'label' => 'Bind du LDAP'
  163 + ]);
  164 + echo $this->Form->input('bindPass_ldap', [
  165 + 'label' => 'Password Bind du LDAP'
  166 + ]);
  167 + /* fin MCM */
  168 +
156 echo '</div>'; 169 echo '</div>';
157 echo '</div>'; 170 echo '</div>';
158 171
src/Template/Configurations/view.ctp
@@ -136,7 +136,7 @@ @@ -136,7 +136,7 @@
136 echo '</table>'; 136 echo '</table>';
137 echo '</div>'; 137 echo '</div>';
138 138
139 - if ($configuration->use_ldap) : 139 + //if ($configuration->use_ldap) :
140 echo '<h3 id="t_fichiers" style="cursor: pointer;">'; 140 echo '<h3 id="t_fichiers" style="cursor: pointer;">';
141 echo '<i class="icon-chevron-down" style="font-size: 14px;" id="i_fichiers"></i>'; 141 echo '<i class="icon-chevron-down" style="font-size: 14px;" id="i_fichiers"></i>';
142 echo '<span style="text-decoration: underline;">LDAP</span>'; 142 echo '<span style="text-decoration: underline;">LDAP</span>';
@@ -150,10 +150,16 @@ @@ -150,10 +150,16 @@
150 $displayElement(__('Type d\'authentification du LDAP'), h($configurationObj->authentificationType_ldap)); 150 $displayElement(__('Type d\'authentification du LDAP'), h($configurationObj->authentificationType_ldap));
151 $displayElement(__('Base DN du LDAP'), h($configurationObj->baseDn_ldap)); 151 $displayElement(__('Base DN du LDAP'), h($configurationObj->baseDn_ldap));
152 $displayElement(__('Filtre du LDAP'), h($configurationObj->filter_ldap)); 152 $displayElement(__('Filtre du LDAP'), h($configurationObj->filter_ldap));
  153 +
  154 + /*MCM*/
  155 + $displayElement(__('LDAP anonyme'), h($configurationObj->anonymous_ldap));
  156 + $displayElement(__('Bind du LDAP'), h($configurationObj->bindDn_ldap));
  157 + $displayElement(__('Password Bind du LDAP'), h($configurationObj->bindPass_ldap));
  158 + /*fin MCM*/
153 159
154 echo '</table>'; 160 echo '</table>';
155 echo '</div>'; 161 echo '</div>';
156 - endif; 162 + //endif;
157 163
158 echo '<h3 id="t_emprunts" style="cursor: pointer;">'; 164 echo '<h3 id="t_emprunts" style="cursor: pointer;">';
159 echo '<i class="icon-chevron-down" style="font-size: 14px;" id="i_emprunts"></i>'; 165 echo '<i class="icon-chevron-down" style="font-size: 14px;" id="i_emprunts"></i>';