AS1024
/
Kanboard-Prod
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #161 from Typz/ldap 

Implement LDAP user lookup.
This commit is contained in:
Frédéric Guillot 2014-07-04 12:43:44 -03:00
parent e99fd2a0e3 0a3049c172
commit 23341b2326
3 changed files with 50 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
app/Model/Ldap.php
View File

@ -24,6 +24,11 @@ class Ldap extends Base
die('The PHP LDAP extension is required');
}
if (!LDAP_SSL_VERIFY) {
//Skip SSL certificate verification
putenv('LDAPTLS_REQCERT=never');
}
$ldap = ldap_connect(LDAP_SERVER, LDAP_PORT);
if (! is_resource($ldap)) {
@ -33,8 +38,20 @@ class Ldap extends Base
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
if (@ldap_bind($ldap, sprintf(LDAP_USER_DN, $username), $password)) {
return $this->create($username);
if (!@ldap_bind($ldap, LDAP_USERNAME, LDAP_PASSWORD)) {
die('Unable to bind to the LDAP server: "'.LDAP_SERVER.'"');
}
$sr = ldap_search($ldap, LDAP_ACCOUNT_BASE, sprintf(LDAP_USER_PATTERN, $username), array(LDAP_ACCOUNT_FULLNAME, LDAP_ACCOUNT_EMAIL));
$info = ldap_get_entries($ldap, $sr);
if (count($info) == 0 || $info['count'] == 0) {
//User not found
return false;
}
if (@ldap_bind($ldap, $info[0]['dn'], $password)) {
error_log("Bind to user OK");
return $this->create($username, $info[0][LDAP_ACCOUNT_FULLNAME][0], $info[0][LDAP_ACCOUNT_EMAIL][0]);
}
return false;
@ -45,9 +62,11 @@ class Ldap extends Base
*
* @access public
* @param string $username Username
* @param string $name Name of the user
* @param string $email Email address
* @return bool
*/
public function create($username)
public function create($username, $name, $email)
{
$userModel = new User($this->db, $this->event);
$user = $userModel->getByUsername($username);
@ -70,6 +89,8 @@ class Ldap extends Base
// Create a LDAP user
$values = array(
'username' => $username,
'name' => $name,
'email' => $email,
'is_admin' => 0,
'is_ldap_user' => 1,
);

4
app/common.php
View File

@ -44,7 +44,9 @@ defined('DB_NAME') or define('DB_NAME', 'kanboard');
defined('LDAP_AUTH') or define('LDAP_AUTH', false);
defined('LDAP_SERVER') or define('LDAP_SERVER', '');
defined('LDAP_PORT') or define('LDAP_PORT', 389);
defined('LDAP_USER_DN') or define('LDAP_USER_DN', '%s');
defined('LDAP_SSL_VERIFY') or define('LDAP_SSL_VERIFY', true);
defined('LDAP_ACCOUNT_FULLNAME') or define('LDAP_ACCOUNT_FULLNAME', 'displayname');
defined('LDAP_ACCOUNT_EMAIL') or define('LDAP_ACCOUNT_EMAIL', 'mail');
// Google authentication
defined('GOOGLE_AUTH') or define('GOOGLE_AUTH', false);

27
config.default.php
View File

@ -30,10 +30,29 @@ define('LDAP_SERVER', '');
// LDAP server port (389 by default)
define('LDAP_PORT', 389);
// User LDAP DN
// Example for ActiveDirectory: 'MYDOMAIN\\%s' or '%s@mydomain.local'
// Example for OpenLDAP: 'uid=%s,ou=People,dc=example,dc=com'
define('LDAP_USER_DN', '%s');
// By default, require certificate to be verified for ldaps:// style URL. Set to false to skip the verification.
define('LDAP_SSL_VERIFY', true);
// LDAP username to connect with. NULL for anonymous bind (by default).
define('LDAP_USERNAME', null);
// LDAP password to connect with. NULL for anonymous bind (by default).
define('LDAP_PASSWORD', null);
// LDAP account base, i.e. root of all user account
// Example: ou=people,dc=example,dc=com
define('LDAP_ACCOUNT_BASE', '');
// LDAP query pattern to use when searching for a user account
// Example for ActiveDirectory: '(&(objectClass=user)(sAMAccountName=%s))'
// Example for OpenLDAP: 'uid=%s'
define('LDAP_USER_PATTERN', '');
// Name of an attribute of the user account object which should be used as the full name of the user.
define('LDAP_ACCOUNT_FULLNAME', 'displayname');
// Name of an attribute of the user account object which should be used as the email of the user.
define('LDAP_ACCOUNT_EMAIL', 'mail');
// Enable/disable Google authentication
define('GOOGLE_AUTH', false);