nik/davical
1
0
Fork 0
mirror of https://gitlab.com/davical-project/davical.git synced 2026-01-27 00:33:34 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

allow specifying all sasl bind options in config.php

Browse Source
This commit is contained in:
Stonewall Jackson 2024-02-28 08:56:55 -05:00
parent dc666e191f
commit fa44a257e9
2 changed files with 31 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
config/example-config.php
View File

@ -691,11 +691,19 @@ $c->admin_email = 'calendar-admin@example.com';
// 'bindDN' => 'cn=calendar-manager,ou=users,dc=example,dc=net',
// 'passDN' => 'xxxxxxxx',
// /* Perform a SASL bind (usually EXTERNAL/GSSAPI) instead of a
// * simple bind. Enable this if you would like to authenticate to
// * the LDAP server using Kerberos credentials.
// /* Perform a SASL bind instead of a simple bind. Uncomment this option
// * to authenticate to the LDAP server using Kerberos credentials or TLS
// * certificates.
// * Depending on the SASL mechanism used, you may need to set some of the
// * sasl_ options below. You may also need to set environment variables
// * in the PHP process (KRB5CCNAME, LDAPTLS_CERT, LDAPTLS_KEY, etc).
// */
// 'sasl' => 'yes', // perform a sasl bind
// 'sasl' => 'yes',
// 'sasl_mech' => 'GSSAPI',
// 'sasl_realm' => 'EXAMPLE.COM',
// 'sasl_authc_id' => null,
// 'sasl_authz_id' => null,
// 'sasl_props' => null,
// 'protocolVersion' => '3', // version of LDAP protocol to use
// 'optReferrals' => 0, // whether to automatically follow referrals
@ -780,6 +788,11 @@ $c->admin_email = 'calendar-admin@example.com';
// 'host' => 'ldap://ldap.example.net',
// 'port' => '389', // usually 636 for ldaps
// 'sasl' => 'yes',
// 'sasl_mech' => 'GSSAPI',
// 'sasl_realm' => 'EXAMPLE.COM',
// 'sasl_authc_id' => null,
// 'sasl_authz_id' => null,
// 'sasl_props' => null,
// 'bindDN' => 'cn=bind-user,cn=Users,dc=example,dc=net',
// 'passDN' => 'secret',
// 'baseDNUsers' => 'dc=example,dc=net',

16
inc/drivers_ldap.php
View File

@ -118,8 +118,20 @@ class ldapDriver
//ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);
//connect as root
$bind_func = isset($config['sasl']) ? 'ldap_sasl_bind' : 'ldap_bind';
if (!$bind_func($this->connect, (isset($config['bindDN']) ? $config['bindDN'] : null), (isset($config['passDN']) ? $config['passDN'] : null) ) ){
if (isset($config['sasl'])){
$bind_result = ldap_sasl_bind(
$this->connect,
(isset($config['bindDN']) ? $config['bindDN'] : null),
(isset($config['passDN']) ? $config['passDN'] : null),
(isset($config['sasl_mech']) ? $config['sasl_mech'] : null),
(isset($config['sasl_realm']) ? $config['sasl_realm'] : null),
(isset($config['sasl_authc_id']) ? $config['sasl_authc_id'] : null),
(isset($config['sasl_authz_id']) ? $config['sasl_authz_id'] : null),
(isset($config['sasl_props']) ? $config['sasl_props'] : null) );
} else {
$bind_result = ldap_bind($this->connect, (isset($config['bindDN']) ? $config['bindDN'] : null), (isset($config['passDN']) ? $config['passDN'] : null) );
}
if (!$bind_result){
$bindDN = isset($config['bindDN']) ? $config['bindDN'] : 'anonymous';
$passDN = isset($config['passDN']) ? $config['passDN'] : 'anonymous';