Commit 1ac9f214e1c4d93d617eff0336d8005c662d2daf
1 parent
5138a4a8
Exists in
master
and in
3 other branches
Nouvelle version connexion ldap
Showing
3 changed files
with
78 additions
and
20 deletions
Show diff stats
src/Model/Table/LdapConnectionsTable.php
@@ -20,6 +20,12 @@ class LdapConnectionsTable extends AppTable | @@ -20,6 +20,12 @@ class LdapConnectionsTable extends AppTable | ||
20 | private $authenticationType; | 20 | private $authenticationType; |
21 | 21 | ||
22 | private $filter; | 22 | private $filter; |
23 | + | ||
24 | + /*MCM*/ | ||
25 | + private $anonymous; | ||
26 | + private $bindDn; | ||
27 | + private $bindPass; | ||
28 | + /* fin MCM*/ | ||
23 | 29 | ||
24 | private $USE_LDAP = TRUE; | 30 | private $USE_LDAP = TRUE; |
25 | 31 | ||
@@ -150,6 +156,14 @@ class LdapConnectionsTable extends AppTable | @@ -150,6 +156,14 @@ class LdapConnectionsTable extends AppTable | ||
150 | $this->baseDn = $config->baseDn_ldap; | 156 | $this->baseDn = $config->baseDn_ldap; |
151 | $this->filter = $config->filter_ldap; | 157 | $this->filter = $config->filter_ldap; |
152 | $this->authenticationType = $config->authentificationType_ldap; | 158 | $this->authenticationType = $config->authentificationType_ldap; |
159 | + /*MCM*/ | ||
160 | + $NEW_CONF=FALSE; | ||
161 | + if ($NEW_CONF) { | ||
162 | + $this->bindDn = $config->bindDn_ldap; | ||
163 | + $this->bindPass = $config->bindPass_ldap; | ||
164 | + $this->anonymous = $config->anonymous_ldap; | ||
165 | + } | ||
166 | + /* fin MCM*/ | ||
153 | 167 | ||
154 | return true; | 168 | return true; |
155 | } | 169 | } |
@@ -354,22 +368,41 @@ class LdapConnectionsTable extends AppTable | @@ -354,22 +368,41 @@ class LdapConnectionsTable extends AppTable | ||
354 | $just_these = []; | 368 | $just_these = []; |
355 | // - Anonymous connection (IRAP, IAS, LATMOS) | 369 | // - Anonymous connection (IRAP, IAS, LATMOS) |
356 | if ($LDAP_ANONYMOUS) { | 370 | if ($LDAP_ANONYMOUS) { |
357 | - //$dn = $this->baseDn; // "ou=users,dc=irap,dc=omp,dc=eu" | ||
358 | - $auth_dn = ''; //= $this->authDn; | ||
359 | - $binddn = $this->authenticationType . '=' . $user_login; | 371 | + ///$auth_dn = ''; //= $this->authDn; |
372 | + // $this->authenticationType = 'uid' | ||
373 | + // $this->baseDn = "ou=users,dc=irap,dc=omp,dc=eu" | ||
374 | + | ||
375 | + //TODO: à virer, ca n'est pas nécessaire en anonymous | ||
376 | + $binddn = $this->authenticationType . '=' . $user_login; // ex: uid=epallier | ||
360 | $ldappass = $user_password; | 377 | $ldappass = $user_password; |
378 | + | ||
361 | //$filter = '('.$binddn.')'; // ex: "(uid=epallier)" | 379 | //$filter = '('.$binddn.')'; // ex: "(uid=epallier)" |
362 | - $filter = $this->filter . '('.$binddn.')'; // ex: "(uid=epallier)" | 380 | + ////$filter = $this->filter . '('.$binddn.')'; // ex: "(uid=epallier)" |
381 | + //TODO: refactoriser | ||
382 | + $binddn .= ','.$this->baseDn; | ||
363 | } | 383 | } |
364 | // - Authentified connection (CRAL) | 384 | // - Authentified connection (CRAL) |
365 | else { | 385 | else { |
366 | - //$dn = $this->baseDn; // "dc=univ-lyon1,dc=fr"; | 386 | + //$dn = $this->baseDn; // "dc=univ-lyon1,dc=fr" |
367 | //$binddn="CN=svc_ldap_cral,OU=users,OU=27,OU=sim,OU=univ-lyon1,DC=univ-lyon1,DC=fr"; | 387 | //$binddn="CN=svc_ldap_cral,OU=users,OU=27,OU=sim,OU=univ-lyon1,DC=univ-lyon1,DC=fr"; |
368 | //$binddn = "CN=svc_ldap_cral,OU=users,OU=27,OU=sim,OU=univ-lyon1,".$dn; | 388 | //$binddn = "CN=svc_ldap_cral,OU=users,OU=27,OU=sim,OU=univ-lyon1,".$dn; |
389 | + /* EP version | ||
369 | $auth_dn = "CN=svc_ldap_cral,OU=users,OU=27,OU=sim,OU=univ-lyon1"; //= $this->authDn; | 390 | $auth_dn = "CN=svc_ldap_cral,OU=users,OU=27,OU=sim,OU=univ-lyon1"; //= $this->authDn; |
370 | $binddn = $auth_dn; | 391 | $binddn = $auth_dn; |
371 | $ldappass = "lemotdepasse"; | 392 | $ldappass = "lemotdepasse"; |
372 | $filter = "(&(objectClass=person)(memberOf:1.2.840.113556.1.4.1941:=cn=ucbl.osu.cral,ou=groups,ou=27,ou=sim,ou=univ-lyon1,dc=univ-lyon1,dc=fr))"; | 393 | $filter = "(&(objectClass=person)(memberOf:1.2.840.113556.1.4.1941:=cn=ucbl.osu.cral,ou=groups,ou=27,ou=sim,ou=univ-lyon1,dc=univ-lyon1,dc=fr))"; |
394 | + */ | ||
395 | + ///$auth_dn = $this->baseDn; // dc=univ-lyon1,dc=fr | ||
396 | + // $this->authenticationType = 'sAMAccountName' | ||
397 | + // $this->baseDn = "dc=univ-lyon1,dc=fr" | ||
398 | + $anonymous = $this->anonymous; | ||
399 | + if ($anonymous == '0') { | ||
400 | + $binddn = $this->bindDn; // CN=svc_ldap_cral,OU=users,OU=27,OU=sim,OU=univ-lyon1,DC=univ-lyon1,DC=fr | ||
401 | + $ldappass = $this->bindPass; | ||
402 | + } | ||
403 | + //construction du filtre avec le filtre de la base de données avec un & sur le login de l'utilisateur | ||
404 | + //si aucun filtre n'est défini dans la base de données on aura juste (& ($this->authenticationType=$user_login)) | ||
405 | + ////$filter = "(&".$this->filter."(".$this->authenticationType . '=' . $user_login."))"; | ||
373 | //$just_these = array("cn"); | 406 | //$just_these = array("cn"); |
374 | /* | 407 | /* |
375 | NEW version | 408 | NEW version |
@@ -378,27 +411,33 @@ class LdapConnectionsTable extends AppTable | @@ -378,27 +411,33 @@ class LdapConnectionsTable extends AppTable | ||
378 | $binddn="CN=svc_ldap_cral,OU=users,OU=27,OU=sim,OU=univ-lyon1,DC=univ-lyon1,DC=fr"; | 411 | $binddn="CN=svc_ldap_cral,OU=users,OU=27,OU=sim,OU=univ-lyon1,DC=univ-lyon1,DC=fr"; |
379 | */ | 412 | */ |
380 | } | 413 | } |
381 | - $binddn .= ','.$this->baseDn; | 414 | + $filter = "(&".$this->filter."(".$this->authenticationType . '=' . $user_login."))"; |
415 | + //TODO: optimisation | ||
416 | + /////////$binddn .= ','.$this->baseDn; | ||
382 | 417 | ||
383 | // Connection | 418 | // Connection |
384 | $ldapConnection = ldap_connect($this->host, $this->port) or die("Could not connect to $this->host (port $this->port)"); | 419 | $ldapConnection = ldap_connect($this->host, $this->port) or die("Could not connect to $this->host (port $this->port)"); |
385 | if ($ldapConnection) { | 420 | if ($ldapConnection) { |
386 | ldap_set_option($ldapConnection, LDAP_OPT_PROTOCOL_VERSION, 3); | 421 | ldap_set_option($ldapConnection, LDAP_OPT_PROTOCOL_VERSION, 3); |
387 | // Binding | 422 | // Binding |
388 | - //if (@ldap_bind($ldapConnection, $this->authenticationType . '=' . $login . ',' . $this->baseDn, $password)) { | ||
389 | - $ldapbind = ldap_bind($ldapConnection, $binddn, $ldappass) or die( "Could not bind to LDAP server.". ldap_error($ldapConnection) ); | ||
390 | - if ($ldapbind) { | ||
391 | - //return $this->getUserAttributes($login, $LDAP_ANONYMOUS, $filter, $just_these)[0]; | ||
392 | - $search = $this->getUserAttributes($user_login, $ldapConnection, $LDAP_ANONYMOUS, $filter, $just_these); | ||
393 | - if ($search === false) die("Could not get user attributes from LDAP server, response was: " . ldap_error($ldapConnection) ); | ||
394 | - return $search[0]; | ||
395 | - /* | ||
396 | - * } else { | ||
397 | - * return false; | ||
398 | - */ | ||
399 | - } | 423 | + /*MCM*/ |
424 | + // bind optionnel | ||
425 | + if ($anonymous == '0') | ||
426 | + $ldapbind = ldap_bind($ldapConnection, $binddn, $ldappass) or die("Could not bind to LDAP server.". ldap_error($ldapConnection) ); | ||
427 | + // EP: bind obligatoire | ||
428 | + //if ($ldapbind) { | ||
429 | + $search = $this->getUserAttributes($user_login, $ldapConnection, $LDAP_ANONYMOUS, $filter, $just_these); | ||
430 | + /* fin MCM*/ | ||
431 | + if ($search === false) die("Could not get user attributes from LDAP server, response was: " . ldap_error($ldapConnection) ); | ||
432 | + return $search[0]; | ||
433 | + /* | ||
434 | + * } else { | ||
435 | + * return false; | ||
436 | + */ | ||
437 | + //} | ||
400 | } | 438 | } |
401 | 439 | ||
440 | + | ||
402 | // We are not using LDAP (so, use FAKE LDAP instead) | 441 | // We are not using LDAP (so, use FAKE LDAP instead) |
403 | } else { | 442 | } else { |
404 | $user = $this->getFakeLdapUser($user_login); | 443 | $user = $this->getFakeLdapUser($user_login); |
src/Template/Configurations/edit.ctp
@@ -153,6 +153,19 @@ | @@ -153,6 +153,19 @@ | ||
153 | echo $this->Form->input('filter_ldap', [ | 153 | echo $this->Form->input('filter_ldap', [ |
154 | 'label' => 'Filtre du LDAP' | 154 | 'label' => 'Filtre du LDAP' |
155 | ]); | 155 | ]); |
156 | + | ||
157 | + /*MCM*/ | ||
158 | + echo $this->Form->input('anonymous_ldap', [ | ||
159 | + 'label' => 'LDAP anonyme' | ||
160 | + ]); | ||
161 | + echo $this->Form->input('bindDn_ldap', [ | ||
162 | + 'label' => 'Bind du LDAP' | ||
163 | + ]); | ||
164 | + echo $this->Form->input('bindPass_ldap', [ | ||
165 | + 'label' => 'Password Bind du LDAP' | ||
166 | + ]); | ||
167 | + /* fin MCM */ | ||
168 | + | ||
156 | echo '</div>'; | 169 | echo '</div>'; |
157 | echo '</div>'; | 170 | echo '</div>'; |
158 | 171 |
src/Template/Configurations/view.ctp
@@ -136,7 +136,7 @@ | @@ -136,7 +136,7 @@ | ||
136 | echo '</table>'; | 136 | echo '</table>'; |
137 | echo '</div>'; | 137 | echo '</div>'; |
138 | 138 | ||
139 | - if ($configuration->use_ldap) : | 139 | + //if ($configuration->use_ldap) : |
140 | echo '<h3 id="t_fichiers" style="cursor: pointer;">'; | 140 | echo '<h3 id="t_fichiers" style="cursor: pointer;">'; |
141 | echo '<i class="icon-chevron-down" style="font-size: 14px;" id="i_fichiers"></i>'; | 141 | echo '<i class="icon-chevron-down" style="font-size: 14px;" id="i_fichiers"></i>'; |
142 | echo '<span style="text-decoration: underline;">LDAP</span>'; | 142 | echo '<span style="text-decoration: underline;">LDAP</span>'; |
@@ -150,10 +150,16 @@ | @@ -150,10 +150,16 @@ | ||
150 | $displayElement(__('Type d\'authentification du LDAP'), h($configurationObj->authentificationType_ldap)); | 150 | $displayElement(__('Type d\'authentification du LDAP'), h($configurationObj->authentificationType_ldap)); |
151 | $displayElement(__('Base DN du LDAP'), h($configurationObj->baseDn_ldap)); | 151 | $displayElement(__('Base DN du LDAP'), h($configurationObj->baseDn_ldap)); |
152 | $displayElement(__('Filtre du LDAP'), h($configurationObj->filter_ldap)); | 152 | $displayElement(__('Filtre du LDAP'), h($configurationObj->filter_ldap)); |
153 | + | ||
154 | + /*MCM*/ | ||
155 | + $displayElement(__('LDAP anonyme'), h($configurationObj->anonymous_ldap)); | ||
156 | + $displayElement(__('Bind du LDAP'), h($configurationObj->bindDn_ldap)); | ||
157 | + $displayElement(__('Password Bind du LDAP'), h($configurationObj->bindPass_ldap)); | ||
158 | + /*fin MCM*/ | ||
153 | 159 | ||
154 | echo '</table>'; | 160 | echo '</table>'; |
155 | echo '</div>'; | 161 | echo '</div>'; |
156 | - endif; | 162 | + //endif; |
157 | 163 | ||
158 | echo '<h3 id="t_emprunts" style="cursor: pointer;">'; | 164 | echo '<h3 id="t_emprunts" style="cursor: pointer;">'; |
159 | echo '<i class="icon-chevron-down" style="font-size: 14px;" id="i_emprunts"></i>'; | 165 | echo '<i class="icon-chevron-down" style="font-size: 14px;" id="i_emprunts"></i>'; |