Commit 31b4e4251ac17c8988cdb2ee9bb2c97fb7b74602
1 parent
c8fce9e2
Exists in
master
and in
3 other branches
ldap connexion cleanup
Showing
2 changed files
with
26 additions
and
22 deletions
Show diff stats
src/Controller/Component/LdapAuthComponent.php
... | ... | @@ -14,8 +14,7 @@ class LdapAuthComponent extends AuthComponent |
14 | 14 | // Get login and password entered by the current user (who is trying to connect) |
15 | 15 | $login = $this->request->getData('ldap'); |
16 | 16 | $password = $this->request->getData('password'); |
17 | - $resp = TableRegistry::get('LdapConnections')->ldapAuthentication($login, $password); | |
18 | - return $resp; | |
17 | + return TableRegistry::get('LdapConnections')->ldapAuthentication($login, $password); | |
19 | 18 | } catch (Exception $e) { |
20 | 19 | return $e->getMessage(); |
21 | 20 | } |
... | ... |
src/Model/Table/LdapConnectionsTable.php
... | ... | @@ -201,15 +201,28 @@ class LdapConnectionsTable extends AppTable |
201 | 201 | */ |
202 | 202 | if ($this->checkConfiguration()) { |
203 | 203 | if ($this->USE_LDAP) { |
204 | - /* | |
204 | + /* Code inutile car redondant: | |
205 | 205 | $ldapConnection = ldap_connect($this->host, $this->port); |
206 | 206 | ldap_set_option($ldapConnection, LDAP_OPT_PROTOCOL_VERSION, 3); |
207 | 207 | */ |
208 | - // CRAL | |
209 | - //$results = ldap_search($ldapConnection, $this->baseDn, $filter); | |
210 | - //if ($LDAP_ANONYMOUS) | |
211 | - //$results = ldap_search($ldapConnection, $this->baseDn, $filter) or die("Could not search to LDAP server response was: " . ldap_error($ldapConnection) ); | |
212 | - //else | |
208 | + /* (EP) | |
209 | + Fonction ldap_search ($link_identifier, $base_dn, $filter, array $attributes = null, $attrsonly = null, $sizelimit = null, $timelimit = null, $deref = null) | |
210 | + Concernant le paramètre $attributes (ici, $just_these) : | |
211 | + - An array of the required attributes, e.g. array("mail", "sn", "cn"). | |
212 | + - Note that the "dn" is always returned irrespective of which attributes types are requested. | |
213 | + Telle que notre connexion au LDAP est conçue, on s'attend à recevoir AU MINIMUM | |
214 | + ces attributs dans la réponse de la fonction ldap_search(): | |
215 | + - 'sn' | |
216 | + - 'mail' | |
217 | + - 'givenname' | |
218 | + - 'uid' | |
219 | + - 'userpassword' | |
220 | + Pour récupérer tous ces attributs, il ne faut pas utiliser la variable $just_these, | |
221 | + ou alors il faut qu'elle soit égale à un tableau vide ([]). | |
222 | + (par exemple, si elle vaut "['cn']" ça signifie qu'on veut "seulement l'attribut 'cn'") | |
223 | + Quand on n'utilise pas $just_these, la fonction ldap_search() retourne TOUS les attributs disponibles, | |
224 | + donc c'est le comportement qu'on veut ici. | |
225 | + */ | |
213 | 226 | $results = ldap_search($ldapConnection, $this->baseDn, $filter, $just_these) or die("Could not search to LDAP server response was: " . ldap_error($ldapConnection) ); |
214 | 227 | $info = ldap_get_entries($ldapConnection, $results); |
215 | 228 | //echo $info["count"]." entries returned\n"; |
... | ... | @@ -335,23 +348,17 @@ class LdapConnectionsTable extends AppTable |
335 | 348 | { |
336 | 349 | try { |
337 | 350 | if ($this->checkConfiguration()) { |
338 | - /* | |
339 | - if ($this->USE_LDAP) { | |
340 | - if (strlen(trim($password)) == 0) return FALSE; | |
341 | - $ldapConnection = ldap_connect($this->host, $this->port); | |
342 | - ldap_set_option($ldapConnection, LDAP_OPT_PROTOCOL_VERSION, 3); | |
343 | - if (@ldap_bind($ldapConnection, $this->authenticationType . '=' . $user_login . ',' . $this->baseDn, $user_password)) { | |
344 | - return $this->getUserAttributes($user_login)[0]; | |
345 | - } | |
346 | - */ | |
347 | 351 | // We are using LDAP |
348 | 352 | if ($this->USE_LDAP) { |
349 | - $LDAP_ANONYMOUS = true; | |
353 | + // CRAL must set this to FALSE | |
354 | + $LDAP_ANONYMOUS = TRUE; | |
350 | 355 | |
351 | 356 | // No connexion allowed without password |
352 | 357 | if (strlen(trim($user_password)) == 0) return FALSE; |
353 | 358 | |
354 | 359 | // Set LDAP parameters |
360 | + // - Liste des attributs à récupérer dans le ldap (vide = TOUS les attributs) | |
361 | + $just_these = []; | |
355 | 362 | // - Anonymous connection (IRAP, IAS, LATMOS) |
356 | 363 | if ($LDAP_ANONYMOUS) { |
357 | 364 | //$dn = $this->baseDn; // "ou=users,dc=irap,dc=omp,dc=eu" |
... | ... | @@ -359,8 +366,6 @@ class LdapConnectionsTable extends AppTable |
359 | 366 | $binddn = $this->authenticationType . '=' . $user_login; |
360 | 367 | $ldappass = $user_password; |
361 | 368 | $filter = '('.$binddn.')'; |
362 | - //$just_these = array(); | |
363 | - $just_these = []; | |
364 | 369 | } |
365 | 370 | // - Authentified connection (CRAL) |
366 | 371 | else { |
... | ... | @@ -371,7 +376,7 @@ class LdapConnectionsTable extends AppTable |
371 | 376 | $binddn = $auth_dn; |
372 | 377 | $ldappass = "lemotdepasse"; |
373 | 378 | $filter = "(&(objectClass=person)(memberOf:1.2.840.113556.1.4.1941:=cn=ucbl.osu.cral,ou=groups,ou=27,ou=sim,ou=univ-lyon1,dc=univ-lyon1,dc=fr))"; |
374 | - $just_these = array("cn"); | |
379 | + //$just_these = array("cn"); | |
375 | 380 | } |
376 | 381 | $binddn .= ','.$this->baseDn; |
377 | 382 | |
... | ... | @@ -394,7 +399,7 @@ class LdapConnectionsTable extends AppTable |
394 | 399 | } |
395 | 400 | } |
396 | 401 | |
397 | - // We are not using LDAP (use FAKE LDAP instead) | |
402 | + // We are not using LDAP (so, use FAKE LDAP instead) | |
398 | 403 | } else { |
399 | 404 | $user = $this->getFakeLdapUser($user_login); |
400 | 405 | // debug($user); |
... | ... |