mirror of
https://gitlab.com/davical-project/davical.git
synced 2026-02-14 03:34:38 +00:00
Merge branch '0.9' of git+ssh://git.catalyst.net.nz/git/public/rscds into 0.9
This commit is contained in:
Andrew McMillan
commit
3e73c29f2a
@ -169,14 +169,16 @@ $c->admin_email ='calendar-admin@example.com';
|
||||
//$c->authenticate_hook['call'] = 'LDAP_check';
|
||||
//$c->authenticate_hook['config'] = array(
|
||||
// 'host' => 'www.tennaxia.net', //host name of your LDAP Server
|
||||
// 'port' => '389', //port
|
||||
// 'port' => '389', //port
|
||||
|
||||
/* For the initial bind to be anonymous leave bindDN and passDN
|
||||
commented out */
|
||||
// 'bindDN'=> 'cn=manager,cn=internal,dc=tennaxia,dc=net', //DN to bind to this server enabling to perform request
|
||||
// 'passDN'=> 'xxxxxxxx', //Password of the previous bindDN to bind to this server enabling to perform request
|
||||
// DN to bind to this server enabling to perform request
|
||||
// 'bindDN'=> 'cn=manager,cn=internal,dc=tennaxia,dc=net',
|
||||
// Password of the previous bindDN to bind to this server enabling to perform request
|
||||
// 'passDN'=> 'xxxxxxxx',
|
||||
|
||||
// 'protocolVersion' => '3', //Version of LDAP protocol to use
|
||||
// 'protocolVersion' => '3', //Version of LDAP protocol to use
|
||||
// 'baseDNUsers'=> 'dc=tennaxia,dc=net', //where to look at valid user
|
||||
// 'filterUsers' => 'objectClass=kolabInetOrgPerson', //filter which must validate a user according to RFC4515, i.e. surrounded by brackets
|
||||
// 'baseDNGroups' => 'ou=divisions,dc=tennaxia,dc=net', //not used ATM
|
||||
@ -191,7 +193,15 @@ $c->admin_email ='calendar-admin@example.com';
|
||||
// 'default_value' => array("date_format_type" => "E","locale" => "fr_FR"),
|
||||
/** foreach key set start and length in the string provided by ldap
|
||||
example for openLDAP timestamp : 20070503162215Z **/
|
||||
// 'format_updated'=> array('Y' => array(0,4),'m' => array(4,2),'d'=> array(6,2),'H' => array(8,2),'M'=>array(10,2),'S' => array(12,2))
|
||||
// 'format_updated'=> array('Y' => array(0,4),'m' => array(4,2),'d'=> array(6,2),'H' => array(8,2),'M'=>array(10,2),'S' => array(12,2)),
|
||||
// 'startTLS' => 'yes', // Require that TLS is used for LDAP?
|
||||
// If ldap_start_tls is not working, it is probably
|
||||
// because php wants to validate the server's
|
||||
// certificate. Try adding "TLS_REQCERT never" to the
|
||||
// ldap configuration file that php uses (e.g. /etc/ldap.conf
|
||||
// or /etc/ldap/ldap.conf). Of course, this lessens security!
|
||||
// 'scope' => 'subtree', // Search scope to use, defaults to subtree.
|
||||
// // Allowed values: base, onelevel, subtree.
|
||||
//
|
||||
// );
|
||||
//
|
||||
|
||||
@ -66,6 +66,37 @@ class ldapDrivers
|
||||
//Set LDAP protocol version
|
||||
if (isset($config['protocolVersion'])) ldap_set_option($this->connect,LDAP_OPT_PROTOCOL_VERSION, $config['protocolVersion']);
|
||||
|
||||
// Start TLS if desired (requires protocol version 3)
|
||||
if (isset($config['startTLS'])) {
|
||||
if (!ldap_set_option($this->connect, LDAP_OPT_PROTOCOL_VERSION, 3)) {
|
||||
$c->messages[] = sprintf(i18n( "drivers_ldap : Failed to set LDAP to use protocol version 3, TLS not supported") );
|
||||
$this->valid=false;
|
||||
return;
|
||||
}
|
||||
if (!ldap_start_tls($this->connect)) {
|
||||
$c->messages[] = sprintf(i18n( "drivers_ldap : Could not start TLS: ldap_start_tls() failed") );
|
||||
$this->valid=false;
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
//Set the search scope to be used, default to subtree.
|
||||
if (!isset($config['scope'])) $config['scope'] = 'subtree';
|
||||
switch (strtolower($config['scope'])) {
|
||||
case "base":
|
||||
$this->ldap_query_one = ldap_read;
|
||||
$this->ldap_query_all = ldap_read;
|
||||
break;
|
||||
case "onelevel":
|
||||
$this->ldap_query_one = ldap_list;
|
||||
$this->ldap_query_all = ldap_list;
|
||||
break;
|
||||
default:
|
||||
$this->ldap_query_one = ldap_search;
|
||||
$this->ldap_query_all = ldap_list;
|
||||
break;
|
||||
}
|
||||
|
||||
//connect as root
|
||||
if (!ldap_bind($this->connect,$config['bindDN'],$config['passDN'])){
|
||||
$bindDN = isset($config['bindDN']) ? $config['bindDN'] : 'anonymous';
|
||||
@ -88,7 +119,9 @@ class ldapDrivers
|
||||
*/
|
||||
function getAllUsers($attributes){
|
||||
global $c;
|
||||
$entry = ldap_list($this->connect,$this->baseDNUsers,$this->filterUsers,$attributes);
|
||||
|
||||
$query = $this->ldap_query_all;
|
||||
$entry = $query($this->connect,$this->baseDNUsers,$this->filterUsers,$attributes);
|
||||
if (!ldap_first_entry($this->connect,$entry))
|
||||
$c->messages[] = sprintf(i18n("Error NoUserFound with filter >%s<, attributes >%s< , dn >%s<"),$this->filterUsers,join(', ',$attributes), $this->baseDNUsers);
|
||||
for($i=ldap_first_entry($this->connect,$entry);
|
||||
@ -116,7 +149,8 @@ class ldapDrivers
|
||||
|
||||
$entry=NULL;
|
||||
// We get the DN of the USER
|
||||
$entry = ldap_search($this->connect, $this->baseDNUsers, $filter,$attributes);
|
||||
$query = $this->ldap_query_one;
|
||||
$entry = $query($this->connect, $this->baseDNUsers, $filter,$attributes);
|
||||
if ( !ldap_first_entry($this->connect, $entry) ){
|
||||
dbg_error_log( "ERROR", "drivers_ldap : Unable to find the user with filter %s",$filter );
|
||||
return false;
|
||||
@ -268,6 +302,10 @@ function sync_LDAP(){
|
||||
$mapping = $c->authenticate_hook['config']['mapping_field'];
|
||||
$attributes = array_values($mapping);
|
||||
$ldap_users_tmp = $ldapDriver->getAllUsers($attributes);
|
||||
|
||||
if ( sizeof($ldap_users_tmp) == 0 )
|
||||
return;
|
||||
|
||||
foreach($ldap_users_tmp as $key => $ldap_user){
|
||||
$ldap_users_info[$ldap_user[$mapping["username"]]] = $ldap_user;
|
||||
unset($ldap_users_tmp[$key]);
|
||||
@ -315,7 +353,7 @@ function sync_LDAP(){
|
||||
$usr_in .= ', ' . qpg($v);
|
||||
}
|
||||
$usr_in = substr($usr_in,1);
|
||||
$c->messages[] = sprintf(i18n('- deactivating users : %s'),$usr_in);
|
||||
$c->messages[] = sprintf(i18n('- deactivating users : %s'),join(', ',$users_to_deactivate));
|
||||
$qry = new PgQuery( "UPDATE usr SET active = FALSE WHERE lower(username) IN ($usr_in)");
|
||||
$qry->Exec('sync_LDAP',__LINE__,__FILE__);
|
||||
}
|
||||
@ -326,6 +364,9 @@ function sync_LDAP(){
|
||||
$valid=$ldap_users_info[$username];
|
||||
$ldap_timestamp = $valid[$mapping["updated"]];
|
||||
|
||||
$valid["user_no"] = $db_users_info[$username]["user_no"];
|
||||
$mapping["user_no"] = "user_no";
|
||||
|
||||
/**
|
||||
* This splits the LDAP timestamp apart and assigns values to $Y $m $d $H $M and $S
|
||||
*/
|
||||
@ -343,9 +384,10 @@ function sync_LDAP(){
|
||||
$users_nothing_done[] = $username;
|
||||
}
|
||||
}
|
||||
$c->messages[] = sprintf(i18n('- updating user record %s'),join(', ',$users_to_update));
|
||||
if ( sizeof($users_to_update) )
|
||||
$c->messages[] = sprintf(i18n('- updating user records : %s'),join(', ',$users_to_update));
|
||||
if ( sizeof($users_nothing_done) )
|
||||
$c->messages[] = sprintf(i18n('- nothing done on %s'),join(', ', $users_nothing_done));
|
||||
$c->messages[] = sprintf(i18n('- nothing done on : %s'),join(', ', $users_nothing_done));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user