Commit db4627f4 authored by killianebel's avatar killianebel

[MOD] A second LDAP server can be configured within the 'External Groups' tab,...

[MOD] A second LDAP server can be configured within the 'External Groups' tab, in the case when users authentication uses one directory and group lookup uses another one.
parent ee847942
......@@ -1411,6 +1411,7 @@ installer/schema/20101203_fgal_archive_default_tiki.sql -text
installer/schema/20101207_feature_file_drafts_tiki.sql -text
installer/schema/20101207_unique_login_tiki.php -text
installer/schema/20101208_webservice_soap_tiki.sql -text
installer/schema/20101210_sync_users_ldap_tiki.sql -text
installer/schema/99999999_image_plugins_kill_tiki.php -text
installer/schema/index.php -text
installer/shell.php -text
......
REPLACE INTO `tiki_preferences` (`name`, `value`)
SELECT 'syncUsersWithDirectory', p.`value`
FROM `tiki_preferences` p
WHERE p.`name` = 'cas_create_user_tiki_ldap';
\ No newline at end of file
......@@ -116,8 +116,8 @@ class TikiLdapLib
// only string checking fo these ones
foreach(array('basedn', 'username', 'password', 'userdn', 'useroc', 'userattr',
'fullnameattr', 'emailattr', 'groupdn', 'groupattr', 'groupoc', 'groupnameattr',
'groupdescattr', 'groupmemberattr', 'usergroupattr', 'groupgroupattr') as $n) {
if (isset($options[$n]) && !empty($options[$n]) && preg_match('#\s#', $options[$n])==0) {
'groupdescattr', 'groupmemberattr', 'usergroupattr', 'groupgroupattr', 'binddn', 'bindpw') as $n) {
if (isset($options[$n]) && !empty($options[$n])) {
$this->options[$n] = $options[$n];
}
}
......@@ -144,6 +144,7 @@ class TikiLdapLib
case 'ol':
case 'full':
case 'plain':
case 'explicit':
$this->options['bind_type'] = $options['bind_type'];
break;
default:
......@@ -173,7 +174,9 @@ class TikiLdapLib
}
// Set the bindnpw with the options['password']
$this->options['bindpw'] = $this->options['password'];
if ($this->options['bind_type'] != 'explicit') {
$this->options['bindpw'] = $this->options['password'];
}
$user = $this->options['username'];
switch ($this->options['bind_type']) {
......@@ -204,6 +207,8 @@ class TikiLdapLib
$this->options['binddn'] = '';
$this->options['bindpw'] = '';
break;
case 'explicit':
break;
default:
$this->add_log('ldap', 'Error: Invalid "bind_type" value "' . $this->options['bind_type'] . '".');
die;
......@@ -250,7 +255,7 @@ class TikiLdapLib
$userdn = $this->user_dn();
// ensure we have a connection to the ldap server
if (!$this->bind()) {
if ($this->bind() != 'LDAP_SUCCESS') {
$this->add_log('ldap','Reuse of ldap connection failed: ' . $this->ldaplink->getMessage() . ' at line ' . __LINE__ . ' in ' . __FILE__);
return false;
}
......
......@@ -231,7 +231,7 @@ function prefs_auth_list() {
'perspective' => false,
),
'auth_ldap_groupattr' => array(
'name' => tra('Group attribute'),
'name' => tra('Group name attribute'),
'type' => 'text',
'size' => 20,
'perspective' => false,
......@@ -284,6 +284,109 @@ function prefs_auth_list() {
'size' => 15,
'perspective' => false,
),
'auth_ldap_group_external' => array(
'name' => tra('Use an external LDAP server for groups'),
'type' => 'flag',
'perspective' => false,
),
'auth_ldap_group_host' => array(
'name' => tra('Host'),
'type' => 'text',
'size' => 20,
'perspective' => false,
),
'auth_ldap_group_port' => array(
'name' => tra('Port'),
'type' => 'text',
'size' => 5,
'filter' => 'digits',
'perspective' => false,
),
'auth_ldap_group_debug' => array(
'name' => tra('Write LDAP debug Information in Tiki Logs'),
'type' => 'flag',
'perspective' => false,
),
'auth_ldap_group_ssl' => array(
'name' => tra('Use SSL (ldaps)'),
'type' => 'flag',
'perspective' => false,
),
'auth_ldap_group_starttls' => array(
'name' => tra('Use TLS'),
'type' => 'flag',
'perspective' => false,
),
'auth_ldap_group_type' => array(
'name' => tra('LDAP Bind Type'),
'type' => 'list',
'perspective' => false,
'options' => array(
'default' => tra('Default: Anonymous Bind'),
'full' => tra('Full: userattr=username,UserDN,BaseDN'),
'ol' => tra('OpenLDAP: cn=username,BaseDN'),
'ad' => tra('Active Directory (username@domain)'),
'plain' => tra('Plain Username'),
),
),
'auth_ldap_group_scope' => array(
'name' => tra('Search scope'),
'type' => 'list',
'perspective' => false,
'options' => array(
'sub' => tra('Subtree'),
'one' => tra('One level'),
'base' => tra('Base object'),
),
),
'auth_ldap_group_version' => array(
'name' => tra('LDAP version'),
'type' => 'text',
'size' => 5,
'perspective' => false,
),
'auth_ldap_group_basedn' => array(
'name' => tra('Base DN'),
'type' => 'text',
'size' => 15,
'perspective' => false,
),
'auth_ldap_group_userdn' => array(
'name' => tra('User DN'),
'type' => 'text',
'size' => 20,
'perspective' => false,
),
'auth_ldap_group_userattr' => array(
'name' => tra('User attribute'),
'type' => 'text',
'size' => 20,
'perspective' => false,
),
'auth_ldap_group_corr_userattr' => array(
'name' => tra('Corresponding user attribute in 1st directory'),
'type' => 'text',
'size' => 20,
'perspective' => false,
),
'auth_ldap_group_useroc' => array(
'name' => tra('User OC'),
'type' => 'text',
'size' => 20,
'perspective' => false,
),
'auth_ldap_group_adminuser' => array(
'name' => tra('Admin user'),
'type' => 'text',
'size' => 15,
'perspective' => false,
),
'auth_ldap_group_adminpass' => array(
'name' => tra('Admin password'),
'type' => 'password',
'size' => 15,
'perspective' => false,
),
'auth_ws_create_tiki' => array(
'name' => tra('Create user if not in Tiki'),
'type' => 'flag',
......
......@@ -12,11 +12,6 @@ function prefs_cas_list() {
'type' => 'flag',
'perspective' => false,
),
'cas_create_user_tiki_ldap' => array(
'name' => tra('Use LDAP information when creating user in Tiki'),
'type' => 'flag',
'perspective' => false,
),
'cas_skip_admin' => array(
'name' => tra('Use Tiki authentication for Admin login'),
'type' => 'flag',
......
......@@ -253,6 +253,16 @@ function prefs_global_list() {
'hint' => tra("The group will be named identical to the user's username"),
'help' => 'Groups',
),
'syncGroupsWithDirectory' => array(
'name' => tra('Synchronize Tiki groups with a directory'),
'type' => 'flag',
'hint' => tra('Define the directory within the "LDAP" tab'),
),
'syncUsersWithDirectory' => array(
'name' => tra('Synchronize Tiki users with a directory'),
'type' => 'flag',
'hint' => tra('Define the directory within the "LDAP" tab'),
),
'rememberme' => array(
'name' => tra('Remember me'),
'type' => 'list',
......
......@@ -1105,6 +1105,8 @@ function get_default_prefs() {
// auth
'allowRegister' => 'n',
'eponymousGroups' => 'n',
'syncGroupsWithDirectory' => 'n',
'syncUsersWithDirectory' => 'n',
'useRegisterPasscode' => 'n',
'registerPasscode' => isset($tikilib) ? md5($tikilib->genPass()) : md5(mt_rand()),
'rememberme' => 'disabled',
......@@ -1164,6 +1166,23 @@ function get_default_prefs() {
'auth_ldap_host' => '',
'auth_ldap_port' => '',
'auth_ldap_groupdescattr' => '',
'auth_ldap_group_external' => 'n',
'auth_ldap_group_host' => 'localhost',
'auth_ldap_group_port' => '389',
'auth_ldap_group_debug' => 'n',
'auth_ldap_group_ssl' => 'n',
'auth_ldap_group_starttls' => 'n',
'auth_ldap_group_type' => 'default',
'auth_ldap_group_scope' => 'sub',
'auth_ldap_group_version' => '3',
'auth_ldap_group_basedn' => '',
'auth_ldap_group_userdn' => '',
'auth_ldap_group_userattr' => 'uid',
'auth_ldap_group_corr_userattr' => 'uid',
'auth_ldap_group_useroc' => 'inetOrgPerson',
'auth_ldap_group_adminuser' => '',
'auth_ldap_group_adminpass' => '',
'auth_phpbb_version' => 3,
'auth_phpbb_skip_admin' => 'y',
......@@ -1819,7 +1838,6 @@ function get_default_prefs() {
// CAS
'cas_create_user_tiki' => 'n',
'cas_create_user_tiki_ldap' => 'n',
'cas_skip_admin' => 'n',
'cas_show_alternate_login' => 'y',
'cas_version' => '1.0',
......
This diff is collapsed.
......@@ -76,6 +76,8 @@
{preference name=unsuccessful_logins}
{preference name=unsuccessful_logins_invalid}
{preference name=eponymousGroups}
{preference name=syncGroupsWithDirectory}
{preference name=syncUsersWithDirectory}
{preference name=desactive_login_autocomplete}
{preference name=feature_challenge}
......@@ -177,6 +179,40 @@
{preference name=auth_ldap_emailattr}
</fieldset>
<fieldset>
<legend>{tr}LDAP Admin{/tr}</legend>
{preference name=auth_ldap_adminuser}
{preference name=auth_ldap_adminpass}
</fieldset>
{/tab}
{tab name="{tr}External groups{/tr}"}
<fieldset>
<legend>External groups</legend>
{preference name=auth_ldap_group_external}
</fieldset>
<fieldset>
<legend>{tr}LDAP Bind settings{/tr}{help url="LDAP+Authentication"}</legend>
{preference name=auth_ldap_group_host}
{preference name=auth_ldap_group_port}
{preference name=auth_ldap_group_debug}
{preference name=auth_ldap_group_ssl}
{preference name=auth_ldap_group_starttls}
{preference name=auth_ldap_group_scope}
{preference name=auth_ldap_group_version}
{preference name=auth_ldap_group_basedn}
</fieldset>
<fieldset>
<legend>{tr}LDAP User{/tr}</legend>
{preference name=auth_ldap_group_userdn}
{preference name=auth_ldap_group_userattr}
{preference name=auth_ldap_group_corr_userattr}
{preference name=auth_ldap_group_useroc}
</fieldset>
<fieldset>
<legend>{tr}LDAP Group{/tr}</legend>
{preference name=auth_ldap_groupdn}
......@@ -199,8 +235,8 @@
<fieldset>
<legend>{tr}LDAP Admin{/tr}</legend>
{preference name=auth_ldap_adminuser}
{preference name=auth_ldap_adminpass}
{preference name=auth_ldap_group_adminuser}
{preference name=auth_ldap_group_adminpass}
</fieldset>
{/tab}
......@@ -257,7 +293,6 @@
{/if}
{preference name='cas_create_user_tiki'}
{preference name='cas_create_user_tiki_ldap'}
{preference name='cas_skip_admin'}
{preference name='cas_show_alternate_login'}
{preference name='cas_force_logout'}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment