mirror of
https://gitlab.com/davical-project/davical.git
synced 2026-05-01 16:11:20 +00:00
Merge branch '0.9' of git+ssh://git.catalyst.net.nz/git/public/rscds into 0.9
This commit is contained in:
Andrew McMillan
commit
3e73c29f2a
@ -169,14 +169,16 @@ $c->admin_email ='calendar-admin@example.com';
|
|||||||
//$c->authenticate_hook['call'] = 'LDAP_check';
|
//$c->authenticate_hook['call'] = 'LDAP_check';
|
||||||
//$c->authenticate_hook['config'] = array(
|
//$c->authenticate_hook['config'] = array(
|
||||||
// 'host' => 'www.tennaxia.net', //host name of your LDAP Server
|
// 'host' => 'www.tennaxia.net', //host name of your LDAP Server
|
||||||
// 'port' => '389', //port
|
// 'port' => '389', //port
|
||||||
|
|
||||||
/* For the initial bind to be anonymous leave bindDN and passDN
|
/* For the initial bind to be anonymous leave bindDN and passDN
|
||||||
commented out */
|
commented out */
|
||||||
// 'bindDN'=> 'cn=manager,cn=internal,dc=tennaxia,dc=net', //DN to bind to this server enabling to perform request
|
// DN to bind to this server enabling to perform request
|
||||||
// 'passDN'=> 'xxxxxxxx', //Password of the previous bindDN to bind to this server enabling to perform request
|
// 'bindDN'=> 'cn=manager,cn=internal,dc=tennaxia,dc=net',
|
||||||
|
// Password of the previous bindDN to bind to this server enabling to perform request
|
||||||
|
// 'passDN'=> 'xxxxxxxx',
|
||||||
|
|
||||||
// 'protocolVersion' => '3', //Version of LDAP protocol to use
|
// 'protocolVersion' => '3', //Version of LDAP protocol to use
|
||||||
// 'baseDNUsers'=> 'dc=tennaxia,dc=net', //where to look at valid user
|
// 'baseDNUsers'=> 'dc=tennaxia,dc=net', //where to look at valid user
|
||||||
// 'filterUsers' => 'objectClass=kolabInetOrgPerson', //filter which must validate a user according to RFC4515, i.e. surrounded by brackets
|
// 'filterUsers' => 'objectClass=kolabInetOrgPerson', //filter which must validate a user according to RFC4515, i.e. surrounded by brackets
|
||||||
// 'baseDNGroups' => 'ou=divisions,dc=tennaxia,dc=net', //not used ATM
|
// 'baseDNGroups' => 'ou=divisions,dc=tennaxia,dc=net', //not used ATM
|
||||||
@ -191,7 +193,15 @@ $c->admin_email ='calendar-admin@example.com';
|
|||||||
// 'default_value' => array("date_format_type" => "E","locale" => "fr_FR"),
|
// 'default_value' => array("date_format_type" => "E","locale" => "fr_FR"),
|
||||||
/** foreach key set start and length in the string provided by ldap
|
/** foreach key set start and length in the string provided by ldap
|
||||||
example for openLDAP timestamp : 20070503162215Z **/
|
example for openLDAP timestamp : 20070503162215Z **/
|
||||||
// 'format_updated'=> array('Y' => array(0,4),'m' => array(4,2),'d'=> array(6,2),'H' => array(8,2),'M'=>array(10,2),'S' => array(12,2))
|
// 'format_updated'=> array('Y' => array(0,4),'m' => array(4,2),'d'=> array(6,2),'H' => array(8,2),'M'=>array(10,2),'S' => array(12,2)),
|
||||||
|
// 'startTLS' => 'yes', // Require that TLS is used for LDAP?
|
||||||
|
// If ldap_start_tls is not working, it is probably
|
||||||
|
// because php wants to validate the server's
|
||||||
|
// certificate. Try adding "TLS_REQCERT never" to the
|
||||||
|
// ldap configuration file that php uses (e.g. /etc/ldap.conf
|
||||||
|
// or /etc/ldap/ldap.conf). Of course, this lessens security!
|
||||||
|
// 'scope' => 'subtree', // Search scope to use, defaults to subtree.
|
||||||
|
// // Allowed values: base, onelevel, subtree.
|
||||||
//
|
//
|
||||||
// );
|
// );
|
||||||
//
|
//
|
||||||
|
|||||||
@ -66,6 +66,37 @@ class ldapDrivers
|
|||||||
//Set LDAP protocol version
|
//Set LDAP protocol version
|
||||||
if (isset($config['protocolVersion'])) ldap_set_option($this->connect,LDAP_OPT_PROTOCOL_VERSION, $config['protocolVersion']);
|
if (isset($config['protocolVersion'])) ldap_set_option($this->connect,LDAP_OPT_PROTOCOL_VERSION, $config['protocolVersion']);
|
||||||
|
|
||||||
|
// Start TLS if desired (requires protocol version 3)
|
||||||
|
if (isset($config['startTLS'])) {
|
||||||
|
if (!ldap_set_option($this->connect, LDAP_OPT_PROTOCOL_VERSION, 3)) {
|
||||||
|
$c->messages[] = sprintf(i18n( "drivers_ldap : Failed to set LDAP to use protocol version 3, TLS not supported") );
|
||||||
|
$this->valid=false;
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
if (!ldap_start_tls($this->connect)) {
|
||||||
|
$c->messages[] = sprintf(i18n( "drivers_ldap : Could not start TLS: ldap_start_tls() failed") );
|
||||||
|
$this->valid=false;
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
//Set the search scope to be used, default to subtree.
|
||||||
|
if (!isset($config['scope'])) $config['scope'] = 'subtree';
|
||||||
|
switch (strtolower($config['scope'])) {
|
||||||
|
case "base":
|
||||||
|
$this->ldap_query_one = ldap_read;
|
||||||
|
$this->ldap_query_all = ldap_read;
|
||||||
|
break;
|
||||||
|
case "onelevel":
|
||||||
|
$this->ldap_query_one = ldap_list;
|
||||||
|
$this->ldap_query_all = ldap_list;
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
$this->ldap_query_one = ldap_search;
|
||||||
|
$this->ldap_query_all = ldap_list;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
//connect as root
|
//connect as root
|
||||||
if (!ldap_bind($this->connect,$config['bindDN'],$config['passDN'])){
|
if (!ldap_bind($this->connect,$config['bindDN'],$config['passDN'])){
|
||||||
$bindDN = isset($config['bindDN']) ? $config['bindDN'] : 'anonymous';
|
$bindDN = isset($config['bindDN']) ? $config['bindDN'] : 'anonymous';
|
||||||
@ -88,7 +119,9 @@ class ldapDrivers
|
|||||||
*/
|
*/
|
||||||
function getAllUsers($attributes){
|
function getAllUsers($attributes){
|
||||||
global $c;
|
global $c;
|
||||||
$entry = ldap_list($this->connect,$this->baseDNUsers,$this->filterUsers,$attributes);
|
|
||||||
|
$query = $this->ldap_query_all;
|
||||||
|
$entry = $query($this->connect,$this->baseDNUsers,$this->filterUsers,$attributes);
|
||||||
if (!ldap_first_entry($this->connect,$entry))
|
if (!ldap_first_entry($this->connect,$entry))
|
||||||
$c->messages[] = sprintf(i18n("Error NoUserFound with filter >%s<, attributes >%s< , dn >%s<"),$this->filterUsers,join(', ',$attributes), $this->baseDNUsers);
|
$c->messages[] = sprintf(i18n("Error NoUserFound with filter >%s<, attributes >%s< , dn >%s<"),$this->filterUsers,join(', ',$attributes), $this->baseDNUsers);
|
||||||
for($i=ldap_first_entry($this->connect,$entry);
|
for($i=ldap_first_entry($this->connect,$entry);
|
||||||
@ -116,7 +149,8 @@ class ldapDrivers
|
|||||||
|
|
||||||
$entry=NULL;
|
$entry=NULL;
|
||||||
// We get the DN of the USER
|
// We get the DN of the USER
|
||||||
$entry = ldap_search($this->connect, $this->baseDNUsers, $filter,$attributes);
|
$query = $this->ldap_query_one;
|
||||||
|
$entry = $query($this->connect, $this->baseDNUsers, $filter,$attributes);
|
||||||
if ( !ldap_first_entry($this->connect, $entry) ){
|
if ( !ldap_first_entry($this->connect, $entry) ){
|
||||||
dbg_error_log( "ERROR", "drivers_ldap : Unable to find the user with filter %s",$filter );
|
dbg_error_log( "ERROR", "drivers_ldap : Unable to find the user with filter %s",$filter );
|
||||||
return false;
|
return false;
|
||||||
@ -268,6 +302,10 @@ function sync_LDAP(){
|
|||||||
$mapping = $c->authenticate_hook['config']['mapping_field'];
|
$mapping = $c->authenticate_hook['config']['mapping_field'];
|
||||||
$attributes = array_values($mapping);
|
$attributes = array_values($mapping);
|
||||||
$ldap_users_tmp = $ldapDriver->getAllUsers($attributes);
|
$ldap_users_tmp = $ldapDriver->getAllUsers($attributes);
|
||||||
|
|
||||||
|
if ( sizeof($ldap_users_tmp) == 0 )
|
||||||
|
return;
|
||||||
|
|
||||||
foreach($ldap_users_tmp as $key => $ldap_user){
|
foreach($ldap_users_tmp as $key => $ldap_user){
|
||||||
$ldap_users_info[$ldap_user[$mapping["username"]]] = $ldap_user;
|
$ldap_users_info[$ldap_user[$mapping["username"]]] = $ldap_user;
|
||||||
unset($ldap_users_tmp[$key]);
|
unset($ldap_users_tmp[$key]);
|
||||||
@ -315,7 +353,7 @@ function sync_LDAP(){
|
|||||||
$usr_in .= ', ' . qpg($v);
|
$usr_in .= ', ' . qpg($v);
|
||||||
}
|
}
|
||||||
$usr_in = substr($usr_in,1);
|
$usr_in = substr($usr_in,1);
|
||||||
$c->messages[] = sprintf(i18n('- deactivating users : %s'),$usr_in);
|
$c->messages[] = sprintf(i18n('- deactivating users : %s'),join(', ',$users_to_deactivate));
|
||||||
$qry = new PgQuery( "UPDATE usr SET active = FALSE WHERE lower(username) IN ($usr_in)");
|
$qry = new PgQuery( "UPDATE usr SET active = FALSE WHERE lower(username) IN ($usr_in)");
|
||||||
$qry->Exec('sync_LDAP',__LINE__,__FILE__);
|
$qry->Exec('sync_LDAP',__LINE__,__FILE__);
|
||||||
}
|
}
|
||||||
@ -326,6 +364,9 @@ function sync_LDAP(){
|
|||||||
$valid=$ldap_users_info[$username];
|
$valid=$ldap_users_info[$username];
|
||||||
$ldap_timestamp = $valid[$mapping["updated"]];
|
$ldap_timestamp = $valid[$mapping["updated"]];
|
||||||
|
|
||||||
|
$valid["user_no"] = $db_users_info[$username]["user_no"];
|
||||||
|
$mapping["user_no"] = "user_no";
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* This splits the LDAP timestamp apart and assigns values to $Y $m $d $H $M and $S
|
* This splits the LDAP timestamp apart and assigns values to $Y $m $d $H $M and $S
|
||||||
*/
|
*/
|
||||||
@ -343,9 +384,10 @@ function sync_LDAP(){
|
|||||||
$users_nothing_done[] = $username;
|
$users_nothing_done[] = $username;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
$c->messages[] = sprintf(i18n('- updating user record %s'),join(', ',$users_to_update));
|
if ( sizeof($users_to_update) )
|
||||||
|
$c->messages[] = sprintf(i18n('- updating user records : %s'),join(', ',$users_to_update));
|
||||||
if ( sizeof($users_nothing_done) )
|
if ( sizeof($users_nothing_done) )
|
||||||
$c->messages[] = sprintf(i18n('- nothing done on %s'),join(', ', $users_nothing_done));
|
$c->messages[] = sprintf(i18n('- nothing done on : %s'),join(', ', $users_nothing_done));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user