Commit 49f325e20691e5a115b73f925b799b544541284a
1 parent
2a6a6d62
Exists in
master
and in
2 other branches
LDAP refactorisation && optimisation (5)
- LdapConnectionsTable.php/getAllLdapUsers() remplacé par getAllLdapUsersNEW - LDAP refactor progressif pour remettre le mode LDAP authentifié (pour CRAL)
Showing
2 changed files
with
51 additions
and
36 deletions
Show diff stats
README.md
... | ... | @@ -53,13 +53,11 @@ Logiciel testé et validé sur les configurations suivantes : |
53 | 53 | |
54 | 54 | VERSION ACTUELLE |
55 | 55 | |
56 | -Date: 22/02/2019 | |
57 | -Version: 2.10.18 | |
56 | +Date: 25/02/2019 | |
57 | +Version: 2.10.19 | |
58 | 58 | Author: EP |
59 | - LDAP refactorisation && optimisation (4) | |
60 | - - LdapConnectionsTable.php/searchLdap() simplification : | |
61 | - - suppression getUserAttributes() | |
62 | - - suppression getLdap1UserOrAllUsersAttributes() | |
59 | + LDAP refactorisation && optimisation (5) | |
60 | + - LdapConnectionsTable.php/getAllLdapUsers() remplacé par getAllLdapUsersNEW | |
63 | 61 | - LDAP refactor progressif pour remettre le mode LDAP authentifié (pour CRAL) |
64 | 62 | |
65 | 63 | IMPORTANT: | ... | ... |
src/Model/Table/LdapConnectionsTable.php
... | ... | @@ -8,9 +8,12 @@ DONE: |
8 | 8 | - 1) remplacer ldapAuthentication() par ldapAuthenticationNEW() |
9 | 9 | - 2) remplacer getUserAttributes() par getLdap1UserOrAllUsersAttributes() |
10 | 10 | - 3) virer getLdap1UserOrAllUsersAttributes() et merger son code dans la seule fonction qui l'appelle : searchLdap() |
11 | +- 4) virer getUserAttributes() et getLdap1UserOrAllUsersAttributes() | |
12 | + | |
13 | +- 5) getAllLdapUsersNEW() pour remplacer getAllLdapUsers() | |
11 | 14 | |
12 | 15 | TODO: |
13 | -- 4) getAllLdapUsersNEW() pour remplacer getAllLdapUsers() | |
16 | +- ajouter just_these ? | |
14 | 17 | - TableRegistry::get() à remplacer par TableRegistry::getTableLocator()->get() |
15 | 18 | |
16 | 19 | * |
... | ... | @@ -231,7 +234,7 @@ class LdapConnectionsTable extends AppTable |
231 | 234 | * @return $users_fetched or FALSE |
232 | 235 | */ |
233 | 236 | // REAL or FAKE LDAP |
234 | - public function getAllLdapUsers() | |
237 | + public function getAllLdapUsersOLD() | |
235 | 238 | { |
236 | 239 | try { |
237 | 240 | if ($this->checkConfiguration()) { |
... | ... | @@ -261,7 +264,7 @@ class LdapConnectionsTable extends AppTable |
261 | 264 | * @return $users_fetched or FALSE |
262 | 265 | */ |
263 | 266 | // REAL or FAKE LDAP |
264 | - public function getAllLdapUsersNEW() | |
267 | + public function getAllLdapUsers() | |
265 | 268 | { |
266 | 269 | try { |
267 | 270 | if ($this->checkConfiguration()) { |
... | ... | @@ -300,7 +303,7 @@ class LdapConnectionsTable extends AppTable |
300 | 303 | // Noter que $user_fetched peut etre egal a FALSE (si rien trouvé) |
301 | 304 | return $users_fetched; |
302 | 305 | } |
303 | - } | |
306 | + } | |
304 | 307 | catch (Exception $e) {} |
305 | 308 | |
306 | 309 | // Pb, rien trouvé |
... | ... | @@ -309,7 +312,7 @@ class LdapConnectionsTable extends AppTable |
309 | 312 | |
310 | 313 | |
311 | 314 | |
312 | - | |
315 | + /* | |
313 | 316 | // REAL LDAP only |
314 | 317 | // TODO: avirer, VIEUX CODE, à remplacer par getLdap1UserOrAllUsersAttributes() |
315 | 318 | // $userName = login |
... | ... | @@ -323,33 +326,32 @@ class LdapConnectionsTable extends AppTable |
323 | 326 | //ldap_set_option($ldapConnection, LDAP_OPT_PROTOCOL_VERSION, 3); |
324 | 327 | $results = ldap_search($ldapConnection, $this->baseDn, '(' . $this->authenticationType . '=' . $userName . ')'); |
325 | 328 | return ldap_get_entries($ldapConnection, $results); |
326 | - /* | |
329 | + /STAR | |
327 | 330 | } else |
328 | 331 | return array( |
329 | 332 | $this->getFakeLdapUser($userName) |
330 | 333 | ); |
331 | - */ | |
334 | + STAR/ | |
332 | 335 | } |
333 | 336 | } catch (Exception $e) {} |
334 | 337 | |
335 | 338 | return false; |
336 | 339 | } |
340 | + */ | |
337 | 341 | |
338 | 342 | |
339 | 343 | |
340 | 344 | /* |
341 | - CALL | |
342 | - $filter = "(&".$this->filter."(".$this->authenticationType . '=' . $user_login."))"; | |
343 | - */ | |
345 | + //CALL : $filter = "(&".$this->filter."(".$this->authenticationType . '=' . $user_login."))"; | |
344 | 346 | |
345 | 347 | // REAL LDAP only |
346 | - /* | |
348 | + /ST | |
347 | 349 | * @param string $ldapConnection |
348 | 350 | * @param string $filter |
349 | 351 | * @param array $just_these |
350 | 352 | * @param string $userName (= login) => for FAKE LDAP only |
351 | 353 | * @return $res = ldap search result (1 user or all users attributes) or FALSE |
352 | - */ | |
354 | + ST/ | |
353 | 355 | //public function getUserAttributes($userName, $ldapConnection='', $filter='', $just_these=[]) |
354 | 356 | //public function getUserAttributes($ldapConnection='', $filter='', $just_these=[], $userName=NULL) |
355 | 357 | //public function getLdapUsersAttributes($ldapConnection, $filter='', $just_these=[]) |
... | ... | @@ -360,7 +362,7 @@ class LdapConnectionsTable extends AppTable |
360 | 362 | |
361 | 363 | // LDAP mode |
362 | 364 | //if ($this->LDAP_USED) { |
363 | - /* (EP) | |
365 | + /ST (EP) | |
364 | 366 | Fonction ldap_search ($link_identifier, $base_dn, $filter, array $attributes = null, $attrsonly = null, $sizelimit = null, $timelimit = null, $deref = null) |
365 | 367 | Concernant le paramètre $attributes (ici, $just_these) : |
366 | 368 | - An array of the required attributes, e.g. array("mail", "sn", "cn"). |
... | ... | @@ -377,7 +379,7 @@ class LdapConnectionsTable extends AppTable |
377 | 379 | (par exemple, si elle vaut "['cn']" ça signifie qu'on veut "seulement l'attribut 'cn'") |
378 | 380 | Quand on n'utilise pas $just_these, la fonction ldap_search() retourne TOUS les attributs disponibles, |
379 | 381 | donc c'est le comportement qu'on veut ici. |
380 | - */ | |
382 | + ST/ | |
381 | 383 | |
382 | 384 | //$ldapConnection = ldap_connect($this->host, $this->port); |
383 | 385 | //ldap_set_option($ldapConnection, LDAP_OPT_PROTOCOL_VERSION, 3); |
... | ... | @@ -385,12 +387,12 @@ class LdapConnectionsTable extends AppTable |
385 | 387 | // NEW: $filter = "(&".$this->filter."(".$this->authenticationType . '=' . $user_login."))"; |
386 | 388 | |
387 | 389 | // OLD à virer |
388 | - /* | |
390 | + /ST | |
389 | 391 | $filter = '(' . $this->authenticationType . '=' . $user_login . ')'; |
390 | 392 | $just_these = []; |
391 | 393 | $results = ldap_search($ldapConnection, $this->baseDn, $filter); |
392 | 394 | return ldap_get_entries($ldapConnection, $results); |
393 | - */ | |
395 | + ST/ | |
394 | 396 | |
395 | 397 | // $filter = "(&".$this->filter. "(".$this->authenticationType . '=' . $user_login."))"; |
396 | 398 | $results = ldap_search($ldapConnection, $this->baseDn, $filter, $just_these) |
... | ... | @@ -411,6 +413,7 @@ class LdapConnectionsTable extends AppTable |
411 | 413 | |
412 | 414 | return false; |
413 | 415 | } |
416 | + */ | |
414 | 417 | |
415 | 418 | |
416 | 419 | |
... | ... | @@ -576,10 +579,18 @@ class LdapConnectionsTable extends AppTable |
576 | 579 | |
577 | 580 | /* |
578 | 581 | * OLD CODE QUI MARCHE |
582 | + | |
579 | 583 | $ldapConnection = ldap_connect($this->host, $this->port); |
580 | 584 | ldap_set_option($ldapConnection, LDAP_OPT_PROTOCOL_VERSION, 3); |
585 | + | |
586 | + - From ldapAuthentication(): | |
581 | 587 | if (@ldap_bind($ldapConnection, $this->authenticationType . '=' . $user_login . ',' . $this->baseDn, $user_password)) |
582 | 588 | return $this->getUserAttributes($user_login)[0]; |
589 | + | |
590 | + - From getUserAttributes(): | |
591 | + $results = ldap_search($ldapConnection, $this->baseDn, $this->filter); | |
592 | + $search = ldap_get_entries($ldapConnection, $results); | |
593 | + | |
583 | 594 | */ |
584 | 595 | |
585 | 596 | // CONNEXION |
... | ... | @@ -593,20 +604,26 @@ class LdapConnectionsTable extends AppTable |
593 | 604 | |
594 | 605 | // BINDING |
595 | 606 | |
596 | - // - Authentified | |
597 | - if ($this->ldap_authentified) $ldapbind = ldap_bind($ldapConnection, $this->bindDn, $this->bindPass); | |
598 | - // or die("Could not bind to LDAP server.". ldap_error($ldapConnection) ); | |
599 | - | |
600 | - // - Anonymous | |
601 | - // En cas de LDAP anonyme, binding quand même pour vérifier le mot de passe de l'utilisateur. | |
602 | - // Sans cette ligne, on passe avec n'importe quel password !!! | |
603 | - else { | |
604 | - $ldapbind = TRUE; | |
605 | - // function ldap_bind ($link_identifier, $bind_rdn = null, $bind_password = null) | |
606 | - //debug("log, pass= " . $user_login . ' ' . $user_password); | |
607 | - //if ($user_login && $user_password) $ldapbind = ldap_bind($ldapConnection, $this->authenticationType.'='.$user_login, $user_password); | |
608 | - if ($user_login && $user_password) $ldapbind = ldap_bind($ldapConnection, $this->authenticationType . '=' . $user_login . ',' . $this->baseDn, $user_password); | |
609 | - //debug("ldapbind " . $ldapbind); | |
607 | + $ldapbind = TRUE; | |
608 | + if ($user_login && $user_password) { | |
609 | + // - Authentified | |
610 | + if ($this->ldap_authentified) $ldapbind = ldap_bind($ldapConnection, $this->bindDn, $this->bindPass); | |
611 | + // or die("Could not bind to LDAP server.". ldap_error($ldapConnection) ); | |
612 | + | |
613 | + // - Anonymous | |
614 | + // En cas de LDAP anonyme, binding quand même pour vérifier le mot de passe de l'utilisateur. | |
615 | + // Sans cette ligne, on passe avec n'importe quel password !!! | |
616 | + else $ldapbind = ldap_bind($ldapConnection, $this->authenticationType . '=' . $user_login . ',' . $this->baseDn, $user_password); | |
617 | + /* | |
618 | + else { | |
619 | + $ldapbind = TRUE; | |
620 | + // function ldap_bind ($link_identifier, $bind_rdn = null, $bind_password = null) | |
621 | + //debug("log, pass= " . $user_login . ' ' . $user_password); | |
622 | + //if ($user_login && $user_password) $ldapbind = ldap_bind($ldapConnection, $this->authenticationType.'='.$user_login, $user_password); | |
623 | + if ($user_login && $user_password) $ldapbind = ldap_bind($ldapConnection, $this->authenticationType . '=' . $user_login . ',' . $this->baseDn, $user_password); | |
624 | + //debug("ldapbind " . $ldapbind); | |
625 | + } | |
626 | + */ | |
610 | 627 | } |
611 | 628 | |
612 | 629 | // SEARCH | ... | ... |