Commit 1afca125b1251b7db7c19d8cea09abc52828f67f
Exists in
master
and in
3 other branches
Merge branch 'dev'
Showing
3 changed files
with
57 additions
and
14 deletions
Show diff stats
No preview for this file type
src/Controller/Component/LdapAuthComponent.php
... | ... | @@ -11,6 +11,7 @@ class LdapAuthComponent extends AuthComponent |
11 | 11 | public function connection() |
12 | 12 | { |
13 | 13 | try { |
14 | + // Get login and password entered by the current user (who is trying to connect) | |
14 | 15 | $login = $this->request->getData('ldap'); |
15 | 16 | $password = $this->request->getData('password'); |
16 | 17 | $resp = TableRegistry::get('LdapConnections')->ldapAuthentication($login, $password); | ... | ... |
src/Model/Table/LdapConnectionsTable.php
... | ... | @@ -187,16 +187,23 @@ class LdapConnectionsTable extends AppTable |
187 | 187 | } |
188 | 188 | |
189 | 189 | // $userName = login |
190 | - public function getUserAttributes($userName) | |
190 | + public function getUserAttributes($userName, $LDAP_ANONYMOUS=true, $filter='', $just_these=[]) | |
191 | 191 | { |
192 | 192 | try { |
193 | 193 | |
194 | 194 | if ($this->checkConfiguration()) { |
195 | 195 | if ($this->USE_LDAP) { |
196 | + /* | |
196 | 197 | $ldapConnection = ldap_connect($this->host, $this->port); |
197 | 198 | ldap_set_option($ldapConnection, LDAP_OPT_PROTOCOL_VERSION, 3); |
198 | - $results = ldap_search($ldapConnection, $this->baseDn, '(' . $this->authenticationType . '=' . $userName . ')'); | |
199 | - return ldap_get_entries($ldapConnection, $results); | |
199 | + */ | |
200 | + /* CRAL | |
201 | + */ | |
202 | + //$results = ldap_search($ldapConnection, $this->baseDn, $filter); | |
203 | + $results = ldap_search($ldapConnection, $this->baseDn, $filter, $just_these) or die("Could not search to LDAP server response was: " . ldap_error($ldapconn) ); | |
204 | + $info = ldap_get_entries($ldapConnection, $results); | |
205 | + //echo $info["count"]." entries returned\n"; | |
206 | + return $info; | |
200 | 207 | } else |
201 | 208 | return array( |
202 | 209 | $this->getFakeLdapUser($userName) |
... | ... | @@ -314,23 +321,58 @@ class LdapConnectionsTable extends AppTable |
314 | 321 | ]; |
315 | 322 | } |
316 | 323 | |
317 | - public function ldapAuthentication($login, $password) | |
324 | + public function ldapAuthentication($login, $user_password) | |
318 | 325 | { |
319 | 326 | try { |
320 | 327 | if ($this->checkConfiguration()) { |
321 | 328 | |
329 | + // We are using LDAP | |
322 | 330 | if ($this->USE_LDAP) { |
323 | - if (strlen(trim($password)) == 0) | |
324 | - return FALSE; | |
331 | + $LDAP_ANONYMOUS = true; | |
332 | + | |
333 | + // No connexion allowed without password | |
334 | + if (strlen(trim($user_password)) == 0) return FALSE; | |
335 | + | |
336 | + // Set LDAP parameters | |
337 | + // - Anonymous connection (IRAP, IAS, LATMOS) | |
338 | + if ($LDAP_ANONYMOUS) { | |
339 | + //$dn = "ou=users,dc=irap,dc=omp,dc=eu"; | |
340 | + //$dn = $this->baseDn; | |
341 | + $binddn = $this->authenticationType . '=' . $login; | |
342 | + $ldappass = $user_password; | |
343 | + $filter = '('.$binddn.')'; | |
344 | + $just_these = array("cn"); | |
345 | + } | |
346 | + // - Authentified connection (CRAL) | |
347 | + else { | |
348 | + //$dn = "dc=univ-lyon1,dc=fr"; | |
349 | + //$binddn="CN=svc_ldap_cral,OU=users,OU=27,OU=sim,OU=univ-lyon1,DC=univ-lyon1,DC=fr"; | |
350 | + //$binddn = "CN=svc_ldap_cral,OU=users,OU=27,OU=sim,OU=univ-lyon1,".$dn; | |
351 | + $binddn = "CN=svc_ldap_cral,OU=users,OU=27,OU=sim,OU=univ-lyon1"; | |
352 | + $ldappass = "lemotdepasse"; | |
353 | + $filter = "(&(objectClass=person)(memberOf:1.2.840.113556.1.4.1941:=cn=ucbl.osu.cral,ou=groups,ou=27,ou=sim,ou=univ-lyon1,dc=univ-lyon1,dc=fr))"; | |
354 | + //$just_these = array(); | |
355 | + $just_these = []; | |
356 | + } | |
357 | + $binddn .= ','.$this->baseDn; | |
358 | + | |
359 | + // Connection | |
325 | 360 | $ldapConnection = ldap_connect($this->host, $this->port); |
326 | - ldap_set_option($ldapConnection, LDAP_OPT_PROTOCOL_VERSION, 3); | |
327 | - if (@ldap_bind($ldapConnection, $this->authenticationType . '=' . $login . ',' . $this->baseDn, $password)) { | |
328 | - return $this->getUserAttributes($login)[0]; | |
329 | - /* | |
330 | - * } else { | |
331 | - * return false; | |
332 | - */ | |
361 | + if ($ldapConnection) { | |
362 | + ldap_set_option($ldapConnection, LDAP_OPT_PROTOCOL_VERSION, 3); | |
363 | + // Binding | |
364 | + //if (@ldap_bind($ldapConnection, $this->authenticationType . '=' . $login . ',' . $this->baseDn, $password)) { | |
365 | + $ldapbind = ldap_bind($ldapConnection, $binddn, $ldappass); | |
366 | + if ($ldapbind) { | |
367 | + return $this->getUserAttributes($login, $LDAP_ANONYMOUS, $filter, $just_these)[0]; | |
368 | + /* | |
369 | + * } else { | |
370 | + * return false; | |
371 | + */ | |
372 | + } | |
333 | 373 | } |
374 | + | |
375 | + // We are not using LDAP (use FAKE LDAP instead) | |
334 | 376 | } else { |
335 | 377 | $user = $this->getFakeLdapUser($login); |
336 | 378 | // debug($user); |
... | ... | @@ -341,7 +383,7 @@ class LdapConnectionsTable extends AppTable |
341 | 383 | // if ($user[$this->authenticationType][0] == "_NouvelUtilisateur_username" && $user['userpassword'][0] == "_NouvelUtilisateur_password") return $user; |
342 | 384 | if ($user[$this->authenticationType][0] == $this->getTheFakeLdapUser()['login'] && $user['userpassword'][0] == $this->getTheFakeLdapUser()['pass']) |
343 | 385 | return $user; |
344 | - if ((new DefaultPasswordHasher())->check($password, $user['userpassword'][0])) | |
386 | + if ((new DefaultPasswordHasher())->check($user_password, $user['userpassword'][0])) | |
345 | 387 | return $user; |
346 | 388 | // if ($user != false && $user['userpassword'][0] == $password) { |
347 | 389 | } | ... | ... |