From 31b4e4251ac17c8988cdb2ee9bb2c97fb7b74602 Mon Sep 17 00:00:00 2001 From: Etienne Pallier Date: Fri, 14 Dec 2018 18:26:00 +0100 Subject: [PATCH] ldap connexion cleanup --- src/Controller/Component/LdapAuthComponent.php | 3 +-- src/Model/Table/LdapConnectionsTable.php | 45 +++++++++++++++++++++++++-------------------- 2 files changed, 26 insertions(+), 22 deletions(-) diff --git a/src/Controller/Component/LdapAuthComponent.php b/src/Controller/Component/LdapAuthComponent.php index 5c4000a..8ca5928 100755 --- a/src/Controller/Component/LdapAuthComponent.php +++ b/src/Controller/Component/LdapAuthComponent.php @@ -14,8 +14,7 @@ class LdapAuthComponent extends AuthComponent // Get login and password entered by the current user (who is trying to connect) $login = $this->request->getData('ldap'); $password = $this->request->getData('password'); - $resp = TableRegistry::get('LdapConnections')->ldapAuthentication($login, $password); - return $resp; + return TableRegistry::get('LdapConnections')->ldapAuthentication($login, $password); } catch (Exception $e) { return $e->getMessage(); } diff --git a/src/Model/Table/LdapConnectionsTable.php b/src/Model/Table/LdapConnectionsTable.php index 0b607cf..9820527 100755 --- a/src/Model/Table/LdapConnectionsTable.php +++ b/src/Model/Table/LdapConnectionsTable.php @@ -201,15 +201,28 @@ class LdapConnectionsTable extends AppTable */ if ($this->checkConfiguration()) { if ($this->USE_LDAP) { - /* + /* Code inutile car redondant: $ldapConnection = ldap_connect($this->host, $this->port); ldap_set_option($ldapConnection, LDAP_OPT_PROTOCOL_VERSION, 3); */ - // CRAL - //$results = ldap_search($ldapConnection, $this->baseDn, $filter); - //if ($LDAP_ANONYMOUS) - //$results = ldap_search($ldapConnection, $this->baseDn, $filter) or die("Could not search to LDAP server response was: " . ldap_error($ldapConnection) ); - //else + /* (EP) + Fonction ldap_search ($link_identifier, $base_dn, $filter, array $attributes = null, $attrsonly = null, $sizelimit = null, $timelimit = null, $deref = null) + Concernant le paramètre $attributes (ici, $just_these) : + - An array of the required attributes, e.g. array("mail", "sn", "cn"). + - Note that the "dn" is always returned irrespective of which attributes types are requested. + Telle que notre connexion au LDAP est conçue, on s'attend à recevoir AU MINIMUM + ces attributs dans la réponse de la fonction ldap_search(): + - 'sn' + - 'mail' + - 'givenname' + - 'uid' + - 'userpassword' + Pour récupérer tous ces attributs, il ne faut pas utiliser la variable $just_these, + ou alors il faut qu'elle soit égale à un tableau vide ([]). + (par exemple, si elle vaut "['cn']" ça signifie qu'on veut "seulement l'attribut 'cn'") + Quand on n'utilise pas $just_these, la fonction ldap_search() retourne TOUS les attributs disponibles, + donc c'est le comportement qu'on veut ici. + */ $results = ldap_search($ldapConnection, $this->baseDn, $filter, $just_these) or die("Could not search to LDAP server response was: " . ldap_error($ldapConnection) ); $info = ldap_get_entries($ldapConnection, $results); //echo $info["count"]." entries returned\n"; @@ -335,23 +348,17 @@ class LdapConnectionsTable extends AppTable { try { if ($this->checkConfiguration()) { - /* - if ($this->USE_LDAP) { - if (strlen(trim($password)) == 0) return FALSE; - $ldapConnection = ldap_connect($this->host, $this->port); - ldap_set_option($ldapConnection, LDAP_OPT_PROTOCOL_VERSION, 3); - if (@ldap_bind($ldapConnection, $this->authenticationType . '=' . $user_login . ',' . $this->baseDn, $user_password)) { - return $this->getUserAttributes($user_login)[0]; - } - */ // We are using LDAP if ($this->USE_LDAP) { - $LDAP_ANONYMOUS = true; + // CRAL must set this to FALSE + $LDAP_ANONYMOUS = TRUE; // No connexion allowed without password if (strlen(trim($user_password)) == 0) return FALSE; // Set LDAP parameters + // - Liste des attributs à récupérer dans le ldap (vide = TOUS les attributs) + $just_these = []; // - Anonymous connection (IRAP, IAS, LATMOS) if ($LDAP_ANONYMOUS) { //$dn = $this->baseDn; // "ou=users,dc=irap,dc=omp,dc=eu" @@ -359,8 +366,6 @@ class LdapConnectionsTable extends AppTable $binddn = $this->authenticationType . '=' . $user_login; $ldappass = $user_password; $filter = '('.$binddn.')'; - //$just_these = array(); - $just_these = []; } // - Authentified connection (CRAL) else { @@ -371,7 +376,7 @@ class LdapConnectionsTable extends AppTable $binddn = $auth_dn; $ldappass = "lemotdepasse"; $filter = "(&(objectClass=person)(memberOf:1.2.840.113556.1.4.1941:=cn=ucbl.osu.cral,ou=groups,ou=27,ou=sim,ou=univ-lyon1,dc=univ-lyon1,dc=fr))"; - $just_these = array("cn"); + //$just_these = array("cn"); } $binddn .= ','.$this->baseDn; @@ -394,7 +399,7 @@ class LdapConnectionsTable extends AppTable } } - // We are not using LDAP (use FAKE LDAP instead) + // We are not using LDAP (so, use FAKE LDAP instead) } else { $user = $this->getFakeLdapUser($user_login); // debug($user); -- libgit2 0.21.2