Commit 31b4e4251ac17c8988cdb2ee9bb2c97fb7b74602

Authored by Etienne Pallier
1 parent c8fce9e2

ldap connexion cleanup

src/Controller/Component/LdapAuthComponent.php
... ... @@ -14,8 +14,7 @@ class LdapAuthComponent extends AuthComponent
14 14 // Get login and password entered by the current user (who is trying to connect)
15 15 $login = $this->request->getData('ldap');
16 16 $password = $this->request->getData('password');
17   - $resp = TableRegistry::get('LdapConnections')->ldapAuthentication($login, $password);
18   - return $resp;
  17 + return TableRegistry::get('LdapConnections')->ldapAuthentication($login, $password);
19 18 } catch (Exception $e) {
20 19 return $e->getMessage();
21 20 }
... ...
src/Model/Table/LdapConnectionsTable.php
... ... @@ -201,15 +201,28 @@ class LdapConnectionsTable extends AppTable
201 201 */
202 202 if ($this->checkConfiguration()) {
203 203 if ($this->USE_LDAP) {
204   - /*
  204 + /* Code inutile car redondant:
205 205 $ldapConnection = ldap_connect($this->host, $this->port);
206 206 ldap_set_option($ldapConnection, LDAP_OPT_PROTOCOL_VERSION, 3);
207 207 */
208   - // CRAL
209   - //$results = ldap_search($ldapConnection, $this->baseDn, $filter);
210   - //if ($LDAP_ANONYMOUS)
211   - //$results = ldap_search($ldapConnection, $this->baseDn, $filter) or die("Could not search to LDAP server response was: " . ldap_error($ldapConnection) );
212   - //else
  208 + /* (EP)
  209 + Fonction ldap_search ($link_identifier, $base_dn, $filter, array $attributes = null, $attrsonly = null, $sizelimit = null, $timelimit = null, $deref = null)
  210 + Concernant le paramètre $attributes (ici, $just_these) :
  211 + - An array of the required attributes, e.g. array("mail", "sn", "cn").
  212 + - Note that the "dn" is always returned irrespective of which attributes types are requested.
  213 + Telle que notre connexion au LDAP est conçue, on s'attend à recevoir AU MINIMUM
  214 + ces attributs dans la réponse de la fonction ldap_search():
  215 + - 'sn'
  216 + - 'mail'
  217 + - 'givenname'
  218 + - 'uid'
  219 + - 'userpassword'
  220 + Pour récupérer tous ces attributs, il ne faut pas utiliser la variable $just_these,
  221 + ou alors il faut qu'elle soit égale à un tableau vide ([]).
  222 + (par exemple, si elle vaut "['cn']" ça signifie qu'on veut "seulement l'attribut 'cn'")
  223 + Quand on n'utilise pas $just_these, la fonction ldap_search() retourne TOUS les attributs disponibles,
  224 + donc c'est le comportement qu'on veut ici.
  225 + */
213 226 $results = ldap_search($ldapConnection, $this->baseDn, $filter, $just_these) or die("Could not search to LDAP server response was: " . ldap_error($ldapConnection) );
214 227 $info = ldap_get_entries($ldapConnection, $results);
215 228 //echo $info["count"]." entries returned\n";
... ... @@ -335,23 +348,17 @@ class LdapConnectionsTable extends AppTable
335 348 {
336 349 try {
337 350 if ($this->checkConfiguration()) {
338   - /*
339   - if ($this->USE_LDAP) {
340   - if (strlen(trim($password)) == 0) return FALSE;
341   - $ldapConnection = ldap_connect($this->host, $this->port);
342   - ldap_set_option($ldapConnection, LDAP_OPT_PROTOCOL_VERSION, 3);
343   - if (@ldap_bind($ldapConnection, $this->authenticationType . '=' . $user_login . ',' . $this->baseDn, $user_password)) {
344   - return $this->getUserAttributes($user_login)[0];
345   - }
346   - */
347 351 // We are using LDAP
348 352 if ($this->USE_LDAP) {
349   - $LDAP_ANONYMOUS = true;
  353 + // CRAL must set this to FALSE
  354 + $LDAP_ANONYMOUS = TRUE;
350 355  
351 356 // No connexion allowed without password
352 357 if (strlen(trim($user_password)) == 0) return FALSE;
353 358  
354 359 // Set LDAP parameters
  360 + // - Liste des attributs à récupérer dans le ldap (vide = TOUS les attributs)
  361 + $just_these = [];
355 362 // - Anonymous connection (IRAP, IAS, LATMOS)
356 363 if ($LDAP_ANONYMOUS) {
357 364 //$dn = $this->baseDn; // "ou=users,dc=irap,dc=omp,dc=eu"
... ... @@ -359,8 +366,6 @@ class LdapConnectionsTable extends AppTable
359 366 $binddn = $this->authenticationType . '=' . $user_login;
360 367 $ldappass = $user_password;
361 368 $filter = '('.$binddn.')';
362   - //$just_these = array();
363   - $just_these = [];
364 369 }
365 370 // - Authentified connection (CRAL)
366 371 else {
... ... @@ -371,7 +376,7 @@ class LdapConnectionsTable extends AppTable
371 376 $binddn = $auth_dn;
372 377 $ldappass = "lemotdepasse";
373 378 $filter = "(&(objectClass=person)(memberOf:1.2.840.113556.1.4.1941:=cn=ucbl.osu.cral,ou=groups,ou=27,ou=sim,ou=univ-lyon1,dc=univ-lyon1,dc=fr))";
374   - $just_these = array("cn");
  379 + //$just_these = array("cn");
375 380 }
376 381 $binddn .= ','.$this->baseDn;
377 382  
... ... @@ -394,7 +399,7 @@ class LdapConnectionsTable extends AppTable
394 399 }
395 400 }
396 401  
397   - // We are not using LDAP (use FAKE LDAP instead)
  402 + // We are not using LDAP (so, use FAKE LDAP instead)
398 403 } else {
399 404 $user = $this->getFakeLdapUser($user_login);
400 405 // debug($user);
... ...