• R/O
  • HTTP
  • SSH
  • HTTPS

pukiwiki: Commit


Commit MetaInfo

Revisionf18af249f26b46413b233e2a6e2a7e1df1733908 (tree)
Time2016-01-21 05:31:35
Authorumorigu <umorigu@gmai...>
Commiterumorigu

Log Message

BugTrack2/362 Implement LDAP account sign in

Change Summary

Incremental Difference

--- a/lib/auth.php
+++ b/lib/auth.php
@@ -337,15 +337,95 @@ function get_auth_user()
337337 */
338338 function form_auth($username, $password)
339339 {
340- global $auth_users;
340+ global $ldap_user_account, $auth_users;
341341 $user = $username;
342- if (in_array($user, array_keys($auth_users))) {
343- if (pkwk_hash_compute(
344- $password,
345- $auth_users[$user]) === $auth_users[$user]) {
346- $_SESSION['authenticated_user'] = $user;
347- return true;
342+ if ($ldap_user_account) {
343+ // LDAP account
344+ return ldap_auth($username, $password);
345+ } else {
346+ // Defined users in pukiwiki.ini.php
347+ if (in_array($user, array_keys($auth_users))) {
348+ if (pkwk_hash_compute(
349+ $password,
350+ $auth_users[$user]) === $auth_users[$user]) {
351+ $_SESSION['authenticated_user'] = $user;
352+ return true;
353+ }
354+ }
355+ }
356+ return false;
357+}
358+
359+function ldap_auth($username, $password)
360+{
361+ global $ldap_url, $ldap_bind_dn, $ldap_bind_password;
362+ if (preg_match('#^(ldap\:\/\/[^/]+/)(.*)$#', $ldap_url, $m)) {
363+ $ldap_server = $m[1];
364+ $ldap_base_dn = $m[2];
365+ $ldapconn = ldap_connect($ldap_server);
366+ if ($ldapconn) {
367+ ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
368+ if (preg_match('#\$login\b#', $ldap_bind_dn)) {
369+ // Bind by user credential
370+ $bind_dn_user = preg_replace('#\$login#', $username, $ldap_bind_dn);
371+ $ldap_bind_user = ldap_bind($ldapconn, $bind_dn_user, $password);
372+ if ($ldap_bind_user) {
373+ $user_info = get_ldap_user_info($ldapconn, $username, $ldap_base_dn);
374+ if ($user_info) {
375+ $_SESSION['authenticated_user'] = $user_info['uid'];
376+ return true;
377+ }
378+ }
379+ } else {
380+ // Bind by bind dn
381+ $ldap_bind = ldap_bind($ldapconn, $ldap_bind_dn, $ldap_bind_password);
382+ if ($ldap_bind) {
383+ $user_info = get_ldap_user_info($ldapconn, $username, $ldap_base_dn);
384+ if ($user_info) {
385+ $ldap_bind_user2 = ldap_bind($ldapconn, $user_info['dn'], $password);
386+ if ($ldap_bind_user2) {
387+ $_SESSION['authenticated_user'] = $user_info['uid'];
388+ return true;
389+ }
390+ }
391+ }
392+ }
393+ }
394+ }
395+}
396+
397+/**
398+ * Search user and get 'dn', 'uid', 'fullname' and 'mail'
399+ * @param type $ldapconn
400+ * @param type $username
401+ * @param type $base_dn
402+ * @return boolean
403+ */
404+function get_ldap_user_info($ldapconn, $username, $base_dn) {
405+ $filter = "(|(uid=$username)(sAMAccountName=$username))";
406+ $result1 = ldap_search($ldapconn, $base_dn, $filter, array('dn', 'uid', 'cn', 'samaccountname', 'displayname', 'mail'));
407+ $entries = ldap_get_entries($ldapconn, $result1);
408+ $info = $entries[0];
409+ if (isset($info['dn'])) {
410+ $user_dn = $info['dn'];
411+ $cano_username = $username;
412+ if (isset($info['uid'][0])) {
413+ $cano_username = $info['uid'][0];
414+ } elseif (isset($info['samaccountname'][0])) {
415+ $cano_username = $info['samaccountname'][0];
416+ }
417+ $cano_fullname = $username;
418+ if (isset($info['displayname'][0])) {
419+ $cano_fullname = $info['displayname'][0];
420+ } elseif (isset($info['cn'][0])) {
421+ $cano_fullname = $info['cn'][0];
348422 }
423+ return array(
424+ 'dn' => $user_dn,
425+ 'uid' => $cano_username,
426+ 'fullname' => $cano_fullname,
427+ 'mail' => $info['mail'][0]
428+ );
349429 }
350430 return false;
351431 }
--- a/plugin/loginform.inc.php
+++ b/plugin/loginform.inc.php
@@ -33,7 +33,8 @@ function plugin_loginform_action()
3333 . ($page_after_login_r ? '&page_after_login=' . $page_after_login_r : '');
3434 $username = $_POST['username'];
3535 $password = $_POST['password'];
36- if (form_auth($username, $password)) {
36+ if ($username && $password && form_auth($username, $password)) {
37+ // Sign in successfully completed
3738 form_auth_redirect($url_after_login, $page_after_login_r);
3839 return;
3940 }
Show on old repository browser