Commit 7631cb1b0130e7b335e1272da8f6b9a085ce8d38
Exists in
master
and in
3 other branches
Merge branch 'dev-IRAP' into dev
Showing
3 changed files
with
57 additions
and
14 deletions
Show diff stats
No preview for this file type
src/Controller/Component/LdapAuthComponent.php
@@ -11,6 +11,7 @@ class LdapAuthComponent extends AuthComponent | @@ -11,6 +11,7 @@ class LdapAuthComponent extends AuthComponent | ||
11 | public function connection() | 11 | public function connection() |
12 | { | 12 | { |
13 | try { | 13 | try { |
14 | + // Get login and password entered by the current user (who is trying to connect) | ||
14 | $login = $this->request->getData('ldap'); | 15 | $login = $this->request->getData('ldap'); |
15 | $password = $this->request->getData('password'); | 16 | $password = $this->request->getData('password'); |
16 | $resp = TableRegistry::get('LdapConnections')->ldapAuthentication($login, $password); | 17 | $resp = TableRegistry::get('LdapConnections')->ldapAuthentication($login, $password); |
src/Model/Table/LdapConnectionsTable.php
@@ -187,16 +187,23 @@ class LdapConnectionsTable extends AppTable | @@ -187,16 +187,23 @@ class LdapConnectionsTable extends AppTable | ||
187 | } | 187 | } |
188 | 188 | ||
189 | // $userName = login | 189 | // $userName = login |
190 | - public function getUserAttributes($userName) | 190 | + public function getUserAttributes($userName, $LDAP_ANONYMOUS=true, $filter='', $just_these=[]) |
191 | { | 191 | { |
192 | try { | 192 | try { |
193 | 193 | ||
194 | if ($this->checkConfiguration()) { | 194 | if ($this->checkConfiguration()) { |
195 | if ($this->USE_LDAP) { | 195 | if ($this->USE_LDAP) { |
196 | + /* | ||
196 | $ldapConnection = ldap_connect($this->host, $this->port); | 197 | $ldapConnection = ldap_connect($this->host, $this->port); |
197 | ldap_set_option($ldapConnection, LDAP_OPT_PROTOCOL_VERSION, 3); | 198 | ldap_set_option($ldapConnection, LDAP_OPT_PROTOCOL_VERSION, 3); |
198 | - $results = ldap_search($ldapConnection, $this->baseDn, '(' . $this->authenticationType . '=' . $userName . ')'); | ||
199 | - return ldap_get_entries($ldapConnection, $results); | 199 | + */ |
200 | + /* CRAL | ||
201 | + */ | ||
202 | + //$results = ldap_search($ldapConnection, $this->baseDn, $filter); | ||
203 | + $results = ldap_search($ldapConnection, $this->baseDn, $filter, $just_these) or die("Could not search to LDAP server response was: " . ldap_error($ldapconn) ); | ||
204 | + $info = ldap_get_entries($ldapConnection, $results); | ||
205 | + //echo $info["count"]." entries returned\n"; | ||
206 | + return $info; | ||
200 | } else | 207 | } else |
201 | return array( | 208 | return array( |
202 | $this->getFakeLdapUser($userName) | 209 | $this->getFakeLdapUser($userName) |
@@ -314,23 +321,58 @@ class LdapConnectionsTable extends AppTable | @@ -314,23 +321,58 @@ class LdapConnectionsTable extends AppTable | ||
314 | ]; | 321 | ]; |
315 | } | 322 | } |
316 | 323 | ||
317 | - public function ldapAuthentication($login, $password) | 324 | + public function ldapAuthentication($login, $user_password) |
318 | { | 325 | { |
319 | try { | 326 | try { |
320 | if ($this->checkConfiguration()) { | 327 | if ($this->checkConfiguration()) { |
321 | 328 | ||
329 | + // We are using LDAP | ||
322 | if ($this->USE_LDAP) { | 330 | if ($this->USE_LDAP) { |
323 | - if (strlen(trim($password)) == 0) | ||
324 | - return FALSE; | 331 | + $LDAP_ANONYMOUS = true; |
332 | + | ||
333 | + // No connexion allowed without password | ||
334 | + if (strlen(trim($user_password)) == 0) return FALSE; | ||
335 | + | ||
336 | + // Set LDAP parameters | ||
337 | + // - Anonymous connection (IRAP, IAS, LATMOS) | ||
338 | + if ($LDAP_ANONYMOUS) { | ||
339 | + //$dn = "ou=users,dc=irap,dc=omp,dc=eu"; | ||
340 | + //$dn = $this->baseDn; | ||
341 | + $binddn = $this->authenticationType . '=' . $login; | ||
342 | + $ldappass = $user_password; | ||
343 | + $filter = '('.$binddn.')'; | ||
344 | + $just_these = array("cn"); | ||
345 | + } | ||
346 | + // - Authentified connection (CRAL) | ||
347 | + else { | ||
348 | + //$dn = "dc=univ-lyon1,dc=fr"; | ||
349 | + //$binddn="CN=svc_ldap_cral,OU=users,OU=27,OU=sim,OU=univ-lyon1,DC=univ-lyon1,DC=fr"; | ||
350 | + //$binddn = "CN=svc_ldap_cral,OU=users,OU=27,OU=sim,OU=univ-lyon1,".$dn; | ||
351 | + $binddn = "CN=svc_ldap_cral,OU=users,OU=27,OU=sim,OU=univ-lyon1"; | ||
352 | + $ldappass = "lemotdepasse"; | ||
353 | + $filter = "(&(objectClass=person)(memberOf:1.2.840.113556.1.4.1941:=cn=ucbl.osu.cral,ou=groups,ou=27,ou=sim,ou=univ-lyon1,dc=univ-lyon1,dc=fr))"; | ||
354 | + //$just_these = array(); | ||
355 | + $just_these = []; | ||
356 | + } | ||
357 | + $binddn .= ','.$this->baseDn; | ||
358 | + | ||
359 | + // Connection | ||
325 | $ldapConnection = ldap_connect($this->host, $this->port); | 360 | $ldapConnection = ldap_connect($this->host, $this->port); |
326 | - ldap_set_option($ldapConnection, LDAP_OPT_PROTOCOL_VERSION, 3); | ||
327 | - if (@ldap_bind($ldapConnection, $this->authenticationType . '=' . $login . ',' . $this->baseDn, $password)) { | ||
328 | - return $this->getUserAttributes($login)[0]; | ||
329 | - /* | ||
330 | - * } else { | ||
331 | - * return false; | ||
332 | - */ | 361 | + if ($ldapConnection) { |
362 | + ldap_set_option($ldapConnection, LDAP_OPT_PROTOCOL_VERSION, 3); | ||
363 | + // Binding | ||
364 | + //if (@ldap_bind($ldapConnection, $this->authenticationType . '=' . $login . ',' . $this->baseDn, $password)) { | ||
365 | + $ldapbind = ldap_bind($ldapConnection, $binddn, $ldappass); | ||
366 | + if ($ldapbind) { | ||
367 | + return $this->getUserAttributes($login, $LDAP_ANONYMOUS, $filter, $just_these)[0]; | ||
368 | + /* | ||
369 | + * } else { | ||
370 | + * return false; | ||
371 | + */ | ||
372 | + } | ||
333 | } | 373 | } |
374 | + | ||
375 | + // We are not using LDAP (use FAKE LDAP instead) | ||
334 | } else { | 376 | } else { |
335 | $user = $this->getFakeLdapUser($login); | 377 | $user = $this->getFakeLdapUser($login); |
336 | // debug($user); | 378 | // debug($user); |
@@ -341,7 +383,7 @@ class LdapConnectionsTable extends AppTable | @@ -341,7 +383,7 @@ class LdapConnectionsTable extends AppTable | ||
341 | // if ($user[$this->authenticationType][0] == "_NouvelUtilisateur_username" && $user['userpassword'][0] == "_NouvelUtilisateur_password") return $user; | 383 | // if ($user[$this->authenticationType][0] == "_NouvelUtilisateur_username" && $user['userpassword'][0] == "_NouvelUtilisateur_password") return $user; |
342 | if ($user[$this->authenticationType][0] == $this->getTheFakeLdapUser()['login'] && $user['userpassword'][0] == $this->getTheFakeLdapUser()['pass']) | 384 | if ($user[$this->authenticationType][0] == $this->getTheFakeLdapUser()['login'] && $user['userpassword'][0] == $this->getTheFakeLdapUser()['pass']) |
343 | return $user; | 385 | return $user; |
344 | - if ((new DefaultPasswordHasher())->check($password, $user['userpassword'][0])) | 386 | + if ((new DefaultPasswordHasher())->check($user_password, $user['userpassword'][0])) |
345 | return $user; | 387 | return $user; |
346 | // if ($user != false && $user['userpassword'][0] == $password) { | 388 | // if ($user != false && $user['userpassword'][0] == $password) { |
347 | } | 389 | } |