Commit 944c00ba authored by nyloth's avatar nyloth

[FIX] ldap authentication : apply sept_7 patch to fix LDAP authentication...

[FIX] ldap authentication : apply sept_7 patch to fix LDAP authentication (especially with anonymous bind)
parent 2fbff1b7
......@@ -148,7 +148,7 @@ class TikiLdapLib
}
// End public function TikiLdapLib($options)
private function __destruct() {
public function __destruct() {
unset($this->ldaplink);
}
......@@ -184,11 +184,19 @@ class TikiLdapLib
break;
default:
// Anonymous binding
unset($this->options['binddn']);
unset($this->options['bindpw']);
$options_anonymous = $this->options;
$options_anonymous['binddn'] = '';
$options_anonymous['bindpw'] = '';
$this->ldaplink= Net_LDAP2::connect($options_anonymous);
if(Net_LDAP2::isError($this->ldaplink)) {
$this->add_log('ldap','Error: '.$this->ldaplink->getMessage().' at line '.__LINE__.' in '.__FILE__);
}
self::get_user_attributes();
$this->options['binddn'] = $this->user_attributes['dn'];
$this->ldaplink->disconnect();
}
// attributes to fetch
// attributes to fetch
/*
$options['attributes'] = array();
if ( $nameattr = $prefs['auth_ldap_nameattr'] ) $options['attributes'][] = $nameattr;
......@@ -214,7 +222,7 @@ class TikiLdapLib
return($this->ldaplink->getCode());
}
return LDAP_SUCCESS;
return 'LDAP_SUCCESS';
} // End bind()
......@@ -334,6 +342,7 @@ class TikiLdapLib
}
$this->add_log('ldap','Found '.$searchresult->count().' entries. Extracting entries now.');
$this->groups = array();
while($entry=$searchresult->shiftEntry()) {
if (Net_LDAP2::isError($entry)) {
$this->add_log('ldap','Error fetching group entries: '.$entry->getMessage().' at line '.__LINE__.' in '.__FILE__);
......
......@@ -1006,6 +1006,10 @@ function get_default_prefs() {
'auth_ldap_useroc' => 'inetOrgPerson',
'auth_ldap_groupdn' => '',
'auth_ldap_groupattr' => 'cn',
'auth_ldap_groupnameatr' => '',
'auth_ldap_groupdescatr' => '',
'auth_ldap_usergroupattr' => '',
'auth_ldap_groupgroupattr' => '',
'auth_ldap_groupoc' => 'groupOfUniqueNames',
'auth_ldap_memberattr' => 'uniqueMember',
'auth_ldap_memberisdn' => 'y',
......
......@@ -921,15 +921,20 @@ class UsersLib extends TikiLib
$this->init_ldap($user, $pass);
switch($err=$this->ldap->bind()) {
case LDAP_INVALID_CREDENTIALS:
$err = $this->ldap->bind();
if (is_int($err)) {
$err=Net_LDAP2::errorMessage($err);
}
switch($err) {
case 'LDAP_INVALID_CREDENTIALS':
return PASSWORD_INCORRECT;
case LDAP_INVALID_SYNTAX:
case LDAP_NO_SUCH_OBJECT:
case LDAP_INVALID_DN_SYNTAX:
case 'LDAP_INVALID_SYNTAX':
case 'LDAP_NO_SUCH_OBJECT':
case 'LDAP_INVALID_DN_SYNTAX':
if($prefs['auth_ldap_debug']=='y') $logslib->add_log('ldap','Error'.$err);
return USER_NOT_FOUND;
case LDAP_SUCCESS:
case 'LDAP_SUCCESS':
if($prefs['auth_ldap_debug']=='y') $logslib->add_log('ldap','Bind successful.');
return USER_VALID;
default:
......@@ -981,9 +986,7 @@ class UsersLib extends TikiLib
if($prefs['auth_ldap_debug']=='y') $logslib->add_log('ldap','Syncing user and group with ldap');
$userattributes=$this->ldap->get_user_attributes();
//var_dump($userattributes);
//print("<pre>");print_r($userattributes);print("</pre>");
$user=$userattributes[$prefs['auth_ldap_userattr']];
//$user=$userattributes[$prefs['auth_ldap_userattr']];
// sync user information
$this->disable_tiki_auth($user);
......@@ -2794,20 +2797,9 @@ class UsersLib extends TikiLib
}
$aUserPrefs = array('realName','homePage','country');
foreach ($aUserPrefs as $pref){
foreach ($aUserPrefs as $pref) {
if (isset($u[$pref])) {
$bindvars = array();
$bindvars[] = strip_tags($u[$pref]);
$bindvars[] = $u['login'];
$bindvars[] = $pref;
if ($this->getOne("select `user` from `tiki_user_preferences` where `user`=? and `prefName`=?",array($u['login'],$pref))) {
$query = "UPDATE `tiki_user_preferences` set `value`=? where `user`=? and `prefName`=?";
} else {
$query = "INSERT INTO `tiki_user_preferences` (`value`,`user`,`prefName`) VALUES (?,?,?)";
}
$this->query($query, $bindvars);
$this->set_user_preference($u['login'],$pref,$u[$pref]);
}
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment