forked from extern/egroupware
new auth_ads class:
- only needs host- and domain-name - needs NO extra account on the ADS host - can be used with accounts in SQL or LDAP to auto-create autheticated users - new param to lowercase the user-names before auto-creating them (to deal with case-insensitve and case-sensitive system)
This commit is contained in:
parent
53eff000eb
commit
b883eca49d
@ -36,80 +36,68 @@
|
||||
return False;
|
||||
}
|
||||
|
||||
if(!$ldap = @ldap_connect($GLOBALS['phpgw_info']['server']['ldap_host']))
|
||||
if(!$ldap = @ldap_connect($GLOBALS['egw_info']['server']['ads_host']))
|
||||
{
|
||||
$GLOBALS['phpgw']->log->message('F-Abort, Failed connecting to LDAP server for authenication, execution stopped');
|
||||
$GLOBALS['phpgw']->log->commit();
|
||||
//echo "<p>Failed connecting to ADS server '".$GLOBALS['egw_info']['server']['ads_host']."' for authenication, execution stopped</p>\n";
|
||||
$GLOBALS['egw']->log->message('F-Abort, Failed connecting to ADS server for authenication, execution stopped');
|
||||
$GLOBALS['egw']->log->commit();
|
||||
return False;
|
||||
}
|
||||
//echo "<p>Connected to LDAP server '".$GLOBALS['egw_info']['server']['ads_host']."' for authenication</p>\n";
|
||||
|
||||
if($GLOBALS['phpgw_info']['server']['ldap_version3'])
|
||||
{
|
||||
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
|
||||
}
|
||||
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
|
||||
ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
|
||||
|
||||
/* Login with the LDAP Admin. User to find the User DN. */
|
||||
if(!@ldap_bind($ldap, $GLOBALS['phpgw_info']['server']['ldap_root_dn'], $GLOBALS['phpgw_info']['server']['ldap_root_pw']))
|
||||
if(!@ldap_bind($ldap,$username.'@'.$GLOBALS['egw_info']['server']['ads_domain'],$passwd))
|
||||
{
|
||||
//echo "<p>Cant bind with '$username@".$GLOBALS['egw_info']['server']['ads_domain']."' with PW '$passwd' !!!</p>\n";
|
||||
return False;
|
||||
}
|
||||
/* find the dn for this uid, the uid is not always in the dn */
|
||||
#$attributes = array('samaccountname','dn','givenName','sn','mail','uidNumber','gidNumber');
|
||||
$attributes = array('samaccountname','dn','givenName','sn','mail');
|
||||
if ($GLOBALS['phpgw_info']['server']['account_repository'] == 'ldap')
|
||||
{
|
||||
$filter = "(&(samaccountname=$username)(phpgwaccountstatus=A))";
|
||||
}
|
||||
else
|
||||
{
|
||||
$filter = "(samaccountname=$username)";
|
||||
}
|
||||
//echo "<p>Bind with '$username@".$GLOBALS['egw_info']['server']['ads_domain']."' with PW '$passwd'.</p>\n";
|
||||
|
||||
$sri = ldap_search($ldap, $GLOBALS['phpgw_info']['server']['ldap_context'], $filter, $attributes);
|
||||
$attributes = array('samaccountname','givenName','sn','mail');
|
||||
$filter = "(samaccountname=$username)";
|
||||
// automatic create dn from domain: domain.com ==> DC=domain,DC=com
|
||||
$base_dn = array();
|
||||
foreach(explode('.',$GLOBALS['egw_info']['server']['ads_domain']) as $dc)
|
||||
{
|
||||
$base_dn[] = 'DC='.$dc;
|
||||
}
|
||||
$base_dn = implode(',',$base_dn);
|
||||
|
||||
//echo "<p>Trying ldap_search(,$base_dn,$filter,".print_r($attributes,true)."</p>\n";
|
||||
$sri = ldap_search($ldap, $base_dn, $filter, $attributes);
|
||||
$allValues = ldap_get_entries($ldap, $sri);
|
||||
//_debug_array($allValues);
|
||||
|
||||
if ($allValues['count'] > 0)
|
||||
{
|
||||
if($GLOBALS['phpgw_info']['server']['case_sensitive_username'] == true)
|
||||
if($GLOBALS['egw_info']['server']['case_sensitive_username'] == true)
|
||||
{
|
||||
if($allValues[0]['samaccountname'][0] != $username)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
}
|
||||
/* we only care about the first dn */
|
||||
$userDN = $allValues[0]['dn'];
|
||||
/*
|
||||
generate a bogus password to pass if the user doesn't give us one
|
||||
this gets around systems that are anonymous search enabled
|
||||
*/
|
||||
if (empty($passwd))
|
||||
|
||||
$account = CreateObject('phpgwapi.accounts',$username,'u');
|
||||
if ($account->account_id)
|
||||
{
|
||||
$passwd = crypt(microtime());
|
||||
return true;
|
||||
}
|
||||
/* try to bind as the user with user suplied password */
|
||||
if (@ldap_bind($ldap, $userDN, $passwd))
|
||||
if ($GLOBALS['egw_info']['server']['auto_create_acct'])
|
||||
{
|
||||
if ($GLOBALS['phpgw_info']['server']['account_repository'] != 'ldap')
|
||||
// create a global array with all availible info about that account
|
||||
$GLOBALS['auto_create_acct'] = array();
|
||||
foreach(array(
|
||||
'givenname' => 'firstname',
|
||||
'sn' => 'lastname',
|
||||
'mail' => 'email',
|
||||
) as $ldap_name => $acct_name)
|
||||
{
|
||||
$account = CreateObject('phpgwapi.accounts',$username,'u');
|
||||
if (!$account->account_id && $GLOBALS['phpgw_info']['server']['auto_create_acct'])
|
||||
{
|
||||
// create a global array with all availible info about that account
|
||||
$GLOBALS['auto_create_acct'] = array();
|
||||
foreach(array(
|
||||
'givenname' => 'firstname',
|
||||
'sn' => 'lastname',
|
||||
'mail' => 'email',
|
||||
) as $ldap_name => $acct_name)
|
||||
{
|
||||
$GLOBALS['auto_create_acct'][$acct_name] =
|
||||
$GLOBALS['phpgw']->translation->convert($allValues[0][$ldap_name][0],'utf-8');
|
||||
}
|
||||
return True;
|
||||
}
|
||||
$data = $account->read_repository();
|
||||
return $data['status'] == 'A';
|
||||
$GLOBALS['auto_create_acct'][$acct_name] =
|
||||
$GLOBALS['egw']->translation->convert($allValues[0][$ldap_name][0],'utf-8');
|
||||
}
|
||||
return True;
|
||||
}
|
||||
@ -120,40 +108,16 @@
|
||||
|
||||
function change_password($old_passwd, $new_passwd, $_account_id='')
|
||||
{
|
||||
if ('' == $_account_id)
|
||||
{
|
||||
$_account_id = $GLOBALS['phpgw_info']['user']['account_id'];
|
||||
}
|
||||
|
||||
$ds = $GLOBALS['phpgw']->common->ldapConnect();
|
||||
$sri = ldap_search($ds, $GLOBALS['phpgw_info']['server']['ldap_context'], 'uidnumber=' . (int)$_account_id);
|
||||
$allValues = ldap_get_entries($ds, $sri);
|
||||
|
||||
$entry['userpassword'] = $this->encrypt_password($new_passwd);
|
||||
$dn = $allValues[0]['dn'];
|
||||
|
||||
if (!@ldap_modify($ds, $dn, $entry))
|
||||
{
|
||||
return false;
|
||||
}
|
||||
$GLOBALS['phpgw']->session->appsession('password','phpgwapi',$new_passwd);
|
||||
|
||||
return $entry['userpassword'];
|
||||
return false; // Cant change passwd in ADS
|
||||
}
|
||||
|
||||
function update_lastlogin($_account_id, $ip)
|
||||
{
|
||||
$entry['phpgwaccountlastlogin'] = time();
|
||||
$entry['phpgwaccountlastloginfrom'] = $ip;
|
||||
|
||||
$ds = $GLOBALS['phpgw']->common->ldapConnect();
|
||||
$sri = ldap_search($ds, $GLOBALS['phpgw_info']['server']['ldap_context'], 'uidnumber=' . (int)$_account_id);
|
||||
$allValues = ldap_get_entries($ds, $sri);
|
||||
|
||||
$dn = $allValues[0]['dn'];
|
||||
$this->previous_login = $allValues[0]['phpgwaccountlastlogin'][0];
|
||||
|
||||
@ldap_modify($ds, $dn, $entry);
|
||||
$account =& CreateObject('phpgwapi.accounts',$_account_id,'u');
|
||||
$account->read_repository();
|
||||
$account->data['lastlogin'] = time();
|
||||
$account->data['lastloginfrom'] = $ip;
|
||||
$account->save_repository();
|
||||
}
|
||||
}
|
||||
?>
|
||||
|
@ -508,8 +508,12 @@
|
||||
return False;
|
||||
}
|
||||
|
||||
if (!$this->account_id && $GLOBALS['egw_info']['server']['auto_create_acct'] == True)
|
||||
if (!$this->account_id && $GLOBALS['egw_info']['server']['auto_create_acct'])
|
||||
{
|
||||
if ($GLOBALS['egw_info']['server']['auto_create_acct'] == 'lowercase')
|
||||
{
|
||||
$this->account_lid = strtolower($this->account_lid);
|
||||
}
|
||||
$this->account_id = $GLOBALS['egw']->accounts->auto_add($this->account_lid, $passwd);
|
||||
}
|
||||
|
||||
|
@ -88,7 +88,7 @@ checking file-permissions of %1 for %2: %3 setup de
|
||||
checking for gd support... setup de Überprüfe die GD Unterstützung...
|
||||
checking php.ini setup de Überprüfe die php.ini Datei
|
||||
checking the egroupware installation setup de Überprüfe die eGroupWare-Installation
|
||||
click <a href="index.php">here</a> to return to setup. setup de <a href="index.php">Hier klicken</a> um zum Setup zurück zu kommen.
|
||||
click <a href="index.php?sessionid=f69c6befb6636a1a9501e45ff0176385">here</a> to return to setup. setup de <a href="index.php?sessionid=f69c6befb6636a1a9501e45ff0176385">Hier klicken</a> um zum Setup zurück zu kommen.
|
||||
click here setup de Hier klicken
|
||||
click here to re-run the installation tests setup de zum Wiederholen der Installationstests hier klicken
|
||||
completed setup de Abgeschlossen
|
||||
@ -153,6 +153,7 @@ do you want persistent connections (higher performance, but consumes more resour
|
||||
do you want to manage homedirectory and loginshell attributes? setup de Wollen Sie Benutzerverzeichnisse und Login-Shell Attribute verwalten?
|
||||
does not exist setup de existiert nicht
|
||||
domain setup de Domain
|
||||
domain name setup de Name der Domain
|
||||
domain select box on login setup de Domain-Auswahlbox beim Einloggen
|
||||
dont touch my data setup de Meine Daten nicht verändern
|
||||
download setup de Herunterladen
|
||||
@ -171,7 +172,7 @@ enter the full path for users and group files.<br>examples: /files, e:\files set
|
||||
enter the full path for users and group files.<br>examples: /files, e:files setup de Vollständiger Pfad für Benutzer- und Gruppendateien.<br>Beispiel: /files, E:\Files
|
||||
enter the full path to the backup directory.<br>if empty: files directory setup de Vollständiger Pfad für das Datensicherungsverzeichnis.<br>Wenn leer: Dateiverzeichnis
|
||||
enter the hostname of the machine on which this server is running setup de Hostname des Computers auf dem der Server läuft
|
||||
enter the location of egroupware's url.<br>example: http://www.domain.com/egroupware or /egroupware<br><b>no trailing slash</b> setup de URL zur eGroupWare Installation.<br>Beispiel: http://www.domain.com/egroupware or /egroupware<br><b>keinen nachfolgenden Slash /</b>
|
||||
enter the location of egroupware's url.<br>example: http://www.domain.com/egroupware or /egroupware<br><b>no trailing slash</b> setup de URL zur eGroupWare Installation.<br>Beispiel: http://www.domain.com/egroupware or /egroupware<br><b>keinen nachfolgenden Slash /</b>
|
||||
enter the site password for peer servers setup de Site Passwort für Peer Server
|
||||
enter the site username for peer servers setup de Site Benutzername für Peer Server
|
||||
enter the title for your site setup de Titel der eGroupWare Installation
|
||||
@ -204,6 +205,7 @@ historylog removed setup de Historylog gel
|
||||
hooks deregistered setup de Haken nicht mehr aktiv
|
||||
hooks registered setup de Haken registriert
|
||||
host information setup de Host Informationen
|
||||
host/ip domain controler setup de Hostname / IP des Domain Controler
|
||||
hostname/ip of database server setup de Hostname/IP des Datenbank-Servers
|
||||
hour (0-24) setup de Stunde (0-24)
|
||||
however, the application is otherwise installed setup de Wie auch immer, die Anwendung ist ansonsten installiert
|
||||
@ -211,6 +213,7 @@ however, the application may still work setup de Wie auch immer, die Anwendung m
|
||||
if no acl records for user or any group the user is a member of setup de Wenn es keinen ACL-Eintrag für einen Benutzer oder eine Gruppe, der er angehört gibt
|
||||
if safe_mode is turned on, egw is not able to change certain settings on runtime, nor can we load any not yet loaded module. setup de Wenn safe_mode eingeschaltet ist, kann eGW verschiedene Einstellungen nicht mehr zur Laufzeit ändern, noch können wir nicht geladene Erweiterungen (php extensions) laden.
|
||||
if the application has no defined tables, selecting upgrade should remedy the problem setup de Wenn die Anwendung keine definierten Tabellen hat, wählen Sie überarbeiten. Das Problem sollte damit behoben werden.
|
||||
if using ads (active directory) authentication setup de Wenn Sie ADS (Active Directory) Authentifizierung benutzen
|
||||
if using ldap setup de Wenn Sie LDAP verwenden
|
||||
if using ldap, do you want to manage homedirectory and loginshell attributes? setup de Wenn Sie LDAP verwenden, wollen Sie Benutzerverzeichnisse und Komandointerpreter verwalten ?
|
||||
if you did not receive any errors, your applications have been setup de Wenn Sie keine Fehlermeldungen erhalten, wurden Ihre Anwendungen
|
||||
@ -482,6 +485,7 @@ writable by the webserver setup de schreibar durch den Webserver
|
||||
write config setup de Konfiguration schreiben
|
||||
year setup de Jahr
|
||||
yes setup de Ja
|
||||
yes, with lowercase usernames setup de Ja, mit kleingeschriebenen Benutzernamen
|
||||
you appear to be running a pre-beta version of egroupware.<br>these versions are no longer supported, and there is no upgrade path for them in setup.<br> you may wish to first upgrade to 0.9.10 (the last version to support pre-beta upgrades) <br>and then upgrade from there with the current version. setup de Es sieht so aus, als ob Sie eine vor-beta Version von eGroupWare benutzen.<br>Diese Versionen werden nicht länger unterstützt, und es gibt keinen Aktualisierungs-Pfad für Sie im Einrichtung-Programm.<br>Sie möchten vieleicht erst auf
|
||||
you appear to be running an old version of php <br>it its recommend that you upgrade to a new version. <br>older version of php might not run egroupware correctly, if at all. <br><br>please upgrade to at least version %1 setup de Es sieht so aus als ob Sie eine alte PHP-Version benutzen<br>Es ist notwendig auf eine neue Version zu aktualisieren.<br>Ältere PHP-Versionen könnten eGroupWare (wenn überhaupt) nicht korrekt ausführen. <br><br>Biite aktualisieren Sie mindestens auf Version %1
|
||||
you appear to be running version %1 of egroupware setup de Es sieht so aus als benutzen Sie Version %1 von eGroupWare
|
||||
@ -507,7 +511,7 @@ you must enter a username for the admin setup de Sie m
|
||||
you need to add some domains to your header.inc.php. setup de Sie müssen mindestens eine Domain zu Ihrer header.inc.php hinzufügen.
|
||||
you need to select your current charset! setup de Sie müssen Ihren aktuellen Zeichensatz auswählen!
|
||||
you should either uninstall and then reinstall it, or attempt manual repairs setup de Sie sollten entweder de- und neuinstallieren, oder manuelle Reparaturen versuchen
|
||||
you will need to load the proper schema into your ldap server - see phpgwapi/doc/ldap/readme setup de Sie müssen das entsprechende Schema in Ihren LDAP-Server laden - siehe <a href="../phpgwapi/doc/ldap/README" target="_blank">phpgwapi/doc/ldap/README</a>
|
||||
you will need to load the proper schema into your ldap server - see phpgwapi/doc/ldap/readme setup de Sie müssen das entsprechende Schema in Ihren LDAP-Server laden - siehe <a href="../phpgwapi/doc/ldap/README?sessionid=f69c6befb6636a1a9501e45ff0176385" target="_blank">phpgwapi/doc/ldap/README</a>
|
||||
you're using an old configuration file format... setup de Sie verwenden ein altes Format der Konfigurationsdatei ...
|
||||
you're using an old header.inc.php version... setup de Sie verwenden eine alte header.inc.php Version ...
|
||||
your applications are current setup de Ihre Anwendungen sind aktuell
|
||||
|
@ -87,7 +87,7 @@ checking file-permissions of %1 for %2: %3 setup en Checking file-permissions of
|
||||
checking for gd support... setup en Checking for GD support...
|
||||
checking php.ini setup en Checking php.ini
|
||||
checking the egroupware installation setup en Checking the eGroupWare Installation
|
||||
click <a href="index.php">here</a> to return to setup. setup en Click <a href="index.php">here</a> to return to setup.
|
||||
click <a href="index.php?sessionid=f69c6befb6636a1a9501e45ff0176385">here</a> to return to setup. setup en Click <a href="index.php?sessionid=f69c6befb6636a1a9501e45ff0176385">here</a> to return to setup.
|
||||
click here setup en Click Here
|
||||
click here to re-run the installation tests setup en Click here to re-run the installation tests
|
||||
completed setup en Completed
|
||||
@ -152,6 +152,7 @@ do you want persistent connections (higher performance, but consumes more resour
|
||||
do you want to manage homedirectory and loginshell attributes? setup en Do you want to manage homedirectory and loginshell attributes?
|
||||
does not exist setup en does not exist
|
||||
domain setup en Domain
|
||||
domain name setup en Domain name
|
||||
domain select box on login setup en Domain select box on login
|
||||
dont touch my data setup en Dont touch my data
|
||||
download setup en Download
|
||||
@ -200,6 +201,7 @@ historylog removed setup en Historylog removed
|
||||
hooks deregistered setup en hooks deregistered
|
||||
hooks registered setup en hooks registered
|
||||
host information setup en Host information
|
||||
host/ip domain controler setup en Host/IP Domain controler
|
||||
hostname/ip of database server setup en Hostname/IP of database server
|
||||
hour (0-24) setup en hour (0-24)
|
||||
however, the application is otherwise installed setup en However, the application is otherwise installed
|
||||
@ -207,6 +209,7 @@ however, the application may still work setup en However, the application may st
|
||||
if no acl records for user or any group the user is a member of setup en If no ACL records for user or any group the user is a member of
|
||||
if safe_mode is turned on, egw is not able to change certain settings on runtime, nor can we load any not yet loaded module. setup en If safe_mode is turned on, eGW is not able to change certain settings on runtime, nor can we load any not yet loaded module.
|
||||
if the application has no defined tables, selecting upgrade should remedy the problem setup en If the application has no defined tables, selecting upgrade should remedy the problem
|
||||
if using ads (active directory) authentication setup en If using ADS (Active Directory) authentication
|
||||
if using ldap setup en If using LDAP
|
||||
if using ldap, do you want to manage homedirectory and loginshell attributes? setup en If using LDAP, do you want to manage homedirectory and loginshell attributes?
|
||||
if you did not receive any errors, your applications have been setup en If you did not receive any errors, your applications have been
|
||||
@ -477,6 +480,7 @@ writable by the webserver setup en writable by the webserver
|
||||
write config setup en Write config
|
||||
year setup en year
|
||||
yes setup en Yes
|
||||
yes, with lowercase usernames setup en Yes, with lowercase usernames
|
||||
you appear to be running a pre-beta version of egroupware.<br>these versions are no longer supported, and there is no upgrade path for them in setup.<br> you may wish to first upgrade to 0.9.10 (the last version to support pre-beta upgrades) <br>and then upgrade from there with the current version. setup en You appear to be running a pre-beta version of eGroupWare.<br>These versions are no longer supported, and there is no upgrade path for them in setup.<br> You may wish to first upgrade to 0.9.10 (the last version to support pre-beta upgrades) <br>and then upgrade from there with the current version.
|
||||
you appear to be running an old version of php <br>it its recommend that you upgrade to a new version. <br>older version of php might not run egroupware correctly, if at all. <br><br>please upgrade to at least version %1 setup en You appear to be running an old version of PHP <br>It its recommend that you upgrade to a new version. <br>Older version of PHP might not run eGroupWare correctly, if at all. <br><br>Please upgrade to at least version %1
|
||||
you appear to be running version %1 of egroupware setup en You appear to be running version %1 of eGroupWare
|
||||
@ -502,7 +506,7 @@ you must enter a username for the admin setup en You must enter a username for t
|
||||
you need to add some domains to your header.inc.php. setup en You need to add some domains to your header.inc.php.
|
||||
you need to select your current charset! setup en You need to select your current charset!
|
||||
you should either uninstall and then reinstall it, or attempt manual repairs setup en You should either uninstall and then reinstall it, or attempt manual repairs
|
||||
you will need to load the proper schema into your ldap server - see phpgwapi/doc/ldap/readme setup en You will need to load the proper schema into your ldap server - see <a href="../phpgwapi/doc/ldap/README" target="_blank">phpgwapi/doc/ldap/README</a>
|
||||
you will need to load the proper schema into your ldap server - see phpgwapi/doc/ldap/readme setup en You will need to load the proper schema into your ldap server - see <a href="../phpgwapi/doc/ldap/README?sessionid=f69c6befb6636a1a9501e45ff0176385" target="_blank">phpgwapi/doc/ldap/README</a>
|
||||
you're using an old configuration file format... setup en You're using an old configuration file format...
|
||||
you're using an old header.inc.php version... setup en You're using an old header.inc.php version...
|
||||
your applications are current setup en Your applications are current
|
||||
|
@ -230,6 +230,7 @@
|
||||
<select name="newsettings[auto_create_acct]">
|
||||
<option value="">{lang_No}</option>
|
||||
<option value="True"{selected_auto_create_acct_True}>{lang_Yes}</option>
|
||||
<option value="lowercase"{selected_auto_create_acct_lowercase}>{lang_Yes,_with lowercase_usernames}</option>
|
||||
</select>
|
||||
</td>
|
||||
</tr>
|
||||
@ -341,10 +342,25 @@
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
<tr class="row_on">
|
||||
<tr class="row_off">
|
||||
<td colspan="2"> </td>
|
||||
</tr>
|
||||
|
||||
<tr class="th">
|
||||
<td colspan="2"><b>{lang_If_using_ADS_(Active_Directory)_authentication}:</b></td>
|
||||
</tr>
|
||||
<tr class="row_off">
|
||||
<td>{lang_Host/IP_Domain_controler}:</td>
|
||||
<td><input name="newsettings[ads_host]" value="{value_ads_host}" size="40"></td>
|
||||
</tr>
|
||||
<tr class="row_on">
|
||||
<td>{lang_Domain_name}:</td>
|
||||
<td><input name="newsettings[ads_domain]" value="{value_ads_domain}" size="40"></td>
|
||||
</tr>
|
||||
|
||||
<tr class="row_off">
|
||||
<td colspan="2"> </td>
|
||||
</tr>
|
||||
|
||||
<tr class="th">
|
||||
<td colspan="2"><b>{lang_Mcrypt_settings_(requires_mcrypt_PHP_extension)}</b></td>
|
||||
|
Loading…
Reference in New Issue
Block a user