Add Json API to create LDAP user.

This allows setting up permissions before the LDAP users actually connect to Kanboard, and even importing the permissions from other tools.
2015-01-16 17:08:48 +01:00
parent fd22b95575
commit 969d60ab41
5 changed files with 111 additions and 0 deletions
--- a/app/Auth/Ldap.php
+++ b/app/Auth/Ldap.php
@@ -206,4 +206,52 @@ class Ldap extends Base

        return false;
    }
+
+    /**
+     * Retrieve info on LDAP user.
+     *
+     * @param resource $ldap      LDAP connection
+     * @param string   $username  Username
+     * @param string   $email     Email address
+     */
+    public function lookup($username = null, $email = null)
+    {
+        if ($username && $email)
+            $query = '(&('.sprintf(LDAP_USER_PATTERN, $username).')('.sprintf(LDAP_ACCOUNT_EMAIL, $email).')';
+        else if ($username)
+            $query = sprintf(LDAP_USER_PATTERN, $username);
+        else if ($email)
+            $query = '('.LDAP_ACCOUNT_EMAIL.'='.$email.')';
+        else
+            return false;
+
+        // Connect and attempt anonymous bind
+        $ldap = $this->connect();
+        if (!is_resource($ldap) || !$this->bind($ldap, null, null))
+            return false;
+
+        // Try to find user
+        $sr = @ldap_search($ldap, LDAP_ACCOUNT_BASE, $query, array(LDAP_ACCOUNT_FULLNAME, LDAP_ACCOUNT_EMAIL, LDAP_ACCOUNT_ID));
+        if ($sr === false) {
+            return false;
+        }
+
+        $info = ldap_get_entries($ldap, $sr);
+
+        // User not found
+        if (count($info) == 0 || $info['count'] == 0) {
+            return false;
+        }
+
+        // User id not retrieved: LDAP_ACCOUNT_ID not properly configured
+        if (!$username && !isset($info[0][LDAP_ACCOUNT_ID][0])) {
+            return false;
+        }
+
+        return array(
+            'username' => isset($info[0][LDAP_ACCOUNT_ID][0]) ? $info[0][LDAP_ACCOUNT_ID][0] : $username,
+            'name' => isset($info[0][LDAP_ACCOUNT_FULLNAME][0]) ? $info[0][LDAP_ACCOUNT_FULLNAME][0] : '',
+            'email' => isset($info[0][LDAP_ACCOUNT_EMAIL][0]) ? $info[0][LDAP_ACCOUNT_EMAIL][0] : $email,
+        );
+    }
 }
--- a/app/constants.php
+++ b/app/constants.php
@@ -34,6 +34,7 @@ defined('LDAP_ACCOUNT_BASE') or define('LDAP_ACCOUNT_BASE', '');
 defined('LDAP_USER_PATTERN') or define('LDAP_USER_PATTERN', '');
 defined('LDAP_ACCOUNT_FULLNAME') or define('LDAP_ACCOUNT_FULLNAME', 'displayname');
 defined('LDAP_ACCOUNT_EMAIL') or define('LDAP_ACCOUNT_EMAIL', 'mail');
+defined('LDAP_ACCOUNT_ID') or define('LDAP_ACCOUNT_ID', '');

 // Google authentication
 defined('GOOGLE_AUTH') or define('GOOGLE_AUTH', false);