Commit 1afca125b1251b7db7c19d8cea09abc52828f67f

Authored by Etienne Pallier
2 parents 04a2099c 7631cb1b

Merge branch 'dev'

doc/Labinvent Documentation.pdf 0 → 100644
No preview for this file type
src/Controller/Component/LdapAuthComponent.php
@@ -11,6 +11,7 @@ class LdapAuthComponent extends AuthComponent @@ -11,6 +11,7 @@ class LdapAuthComponent extends AuthComponent
11 public function connection() 11 public function connection()
12 { 12 {
13 try { 13 try {
  14 + // Get login and password entered by the current user (who is trying to connect)
14 $login = $this->request->getData('ldap'); 15 $login = $this->request->getData('ldap');
15 $password = $this->request->getData('password'); 16 $password = $this->request->getData('password');
16 $resp = TableRegistry::get('LdapConnections')->ldapAuthentication($login, $password); 17 $resp = TableRegistry::get('LdapConnections')->ldapAuthentication($login, $password);
src/Model/Table/LdapConnectionsTable.php
@@ -187,16 +187,23 @@ class LdapConnectionsTable extends AppTable @@ -187,16 +187,23 @@ class LdapConnectionsTable extends AppTable
187 } 187 }
188 188
189 // $userName = login 189 // $userName = login
190 - public function getUserAttributes($userName) 190 + public function getUserAttributes($userName, $LDAP_ANONYMOUS=true, $filter='', $just_these=[])
191 { 191 {
192 try { 192 try {
193 193
194 if ($this->checkConfiguration()) { 194 if ($this->checkConfiguration()) {
195 if ($this->USE_LDAP) { 195 if ($this->USE_LDAP) {
  196 + /*
196 $ldapConnection = ldap_connect($this->host, $this->port); 197 $ldapConnection = ldap_connect($this->host, $this->port);
197 ldap_set_option($ldapConnection, LDAP_OPT_PROTOCOL_VERSION, 3); 198 ldap_set_option($ldapConnection, LDAP_OPT_PROTOCOL_VERSION, 3);
198 - $results = ldap_search($ldapConnection, $this->baseDn, '(' . $this->authenticationType . '=' . $userName . ')');  
199 - return ldap_get_entries($ldapConnection, $results); 199 + */
  200 + /* CRAL
  201 + */
  202 + //$results = ldap_search($ldapConnection, $this->baseDn, $filter);
  203 + $results = ldap_search($ldapConnection, $this->baseDn, $filter, $just_these) or die("Could not search to LDAP server response was: " . ldap_error($ldapconn) );
  204 + $info = ldap_get_entries($ldapConnection, $results);
  205 + //echo $info["count"]." entries returned\n";
  206 + return $info;
200 } else 207 } else
201 return array( 208 return array(
202 $this->getFakeLdapUser($userName) 209 $this->getFakeLdapUser($userName)
@@ -314,23 +321,58 @@ class LdapConnectionsTable extends AppTable @@ -314,23 +321,58 @@ class LdapConnectionsTable extends AppTable
314 ]; 321 ];
315 } 322 }
316 323
317 - public function ldapAuthentication($login, $password) 324 + public function ldapAuthentication($login, $user_password)
318 { 325 {
319 try { 326 try {
320 if ($this->checkConfiguration()) { 327 if ($this->checkConfiguration()) {
321 328
  329 + // We are using LDAP
322 if ($this->USE_LDAP) { 330 if ($this->USE_LDAP) {
323 - if (strlen(trim($password)) == 0)  
324 - return FALSE; 331 + $LDAP_ANONYMOUS = true;
  332 +
  333 + // No connexion allowed without password
  334 + if (strlen(trim($user_password)) == 0) return FALSE;
  335 +
  336 + // Set LDAP parameters
  337 + // - Anonymous connection (IRAP, IAS, LATMOS)
  338 + if ($LDAP_ANONYMOUS) {
  339 + //$dn = "ou=users,dc=irap,dc=omp,dc=eu";
  340 + //$dn = $this->baseDn;
  341 + $binddn = $this->authenticationType . '=' . $login;
  342 + $ldappass = $user_password;
  343 + $filter = '('.$binddn.')';
  344 + $just_these = array("cn");
  345 + }
  346 + // - Authentified connection (CRAL)
  347 + else {
  348 + //$dn = "dc=univ-lyon1,dc=fr";
  349 + //$binddn="CN=svc_ldap_cral,OU=users,OU=27,OU=sim,OU=univ-lyon1,DC=univ-lyon1,DC=fr";
  350 + //$binddn = "CN=svc_ldap_cral,OU=users,OU=27,OU=sim,OU=univ-lyon1,".$dn;
  351 + $binddn = "CN=svc_ldap_cral,OU=users,OU=27,OU=sim,OU=univ-lyon1";
  352 + $ldappass = "lemotdepasse";
  353 + $filter = "(&(objectClass=person)(memberOf:1.2.840.113556.1.4.1941:=cn=ucbl.osu.cral,ou=groups,ou=27,ou=sim,ou=univ-lyon1,dc=univ-lyon1,dc=fr))";
  354 + //$just_these = array();
  355 + $just_these = [];
  356 + }
  357 + $binddn .= ','.$this->baseDn;
  358 +
  359 + // Connection
325 $ldapConnection = ldap_connect($this->host, $this->port); 360 $ldapConnection = ldap_connect($this->host, $this->port);
326 - ldap_set_option($ldapConnection, LDAP_OPT_PROTOCOL_VERSION, 3);  
327 - if (@ldap_bind($ldapConnection, $this->authenticationType . '=' . $login . ',' . $this->baseDn, $password)) {  
328 - return $this->getUserAttributes($login)[0];  
329 - /*  
330 - * } else {  
331 - * return false;  
332 - */ 361 + if ($ldapConnection) {
  362 + ldap_set_option($ldapConnection, LDAP_OPT_PROTOCOL_VERSION, 3);
  363 + // Binding
  364 + //if (@ldap_bind($ldapConnection, $this->authenticationType . '=' . $login . ',' . $this->baseDn, $password)) {
  365 + $ldapbind = ldap_bind($ldapConnection, $binddn, $ldappass);
  366 + if ($ldapbind) {
  367 + return $this->getUserAttributes($login, $LDAP_ANONYMOUS, $filter, $just_these)[0];
  368 + /*
  369 + * } else {
  370 + * return false;
  371 + */
  372 + }
333 } 373 }
  374 +
  375 + // We are not using LDAP (use FAKE LDAP instead)
334 } else { 376 } else {
335 $user = $this->getFakeLdapUser($login); 377 $user = $this->getFakeLdapUser($login);
336 // debug($user); 378 // debug($user);
@@ -341,7 +383,7 @@ class LdapConnectionsTable extends AppTable @@ -341,7 +383,7 @@ class LdapConnectionsTable extends AppTable
341 // if ($user[$this->authenticationType][0] == "_NouvelUtilisateur_username" && $user['userpassword'][0] == "_NouvelUtilisateur_password") return $user; 383 // if ($user[$this->authenticationType][0] == "_NouvelUtilisateur_username" && $user['userpassword'][0] == "_NouvelUtilisateur_password") return $user;
342 if ($user[$this->authenticationType][0] == $this->getTheFakeLdapUser()['login'] && $user['userpassword'][0] == $this->getTheFakeLdapUser()['pass']) 384 if ($user[$this->authenticationType][0] == $this->getTheFakeLdapUser()['login'] && $user['userpassword'][0] == $this->getTheFakeLdapUser()['pass'])
343 return $user; 385 return $user;
344 - if ((new DefaultPasswordHasher())->check($password, $user['userpassword'][0])) 386 + if ((new DefaultPasswordHasher())->check($user_password, $user['userpassword'][0]))
345 return $user; 387 return $user;
346 // if ($user != false && $user['userpassword'][0] == $password) { 388 // if ($user != false && $user['userpassword'][0] == $password) {
347 } 389 }