Eric Lippmann
Alexander A. Klimov
parent
9599f6672f
commit
0cbec01743
|
|
@ -14,7 +14,7 @@ use Icinga\Repository\RepositoryQuery;
|
|||
use Icinga\Protocol\Ldap\LdapException;
|
||||
use Icinga\User;
|
||||
|
||||
class LdapUserBackend extends LdapRepository implements UserBackendInterface, Inspectable
|
||||
class LdapUserBackend extends LdapRepository implements UserBackendInterface, DomainAwareInterface, Inspectable
|
||||
{
|
||||
/**
|
||||
* The base DN to use for a query
|
||||
|
|
@ -44,6 +44,13 @@ class LdapUserBackend extends LdapRepository implements UserBackendInterface, In
|
|||
*/
|
||||
protected $filter;
|
||||
|
||||
/**
|
||||
* The domain the backend is responsible for
|
||||
*
|
||||
* @var string
|
||||
*/
|
||||
protected $domain;
|
||||
|
||||
/**
|
||||
* The columns which are not permitted to be queried
|
||||
*
|
||||
|
|
@ -174,6 +181,29 @@ class LdapUserBackend extends LdapRepository implements UserBackendInterface, In
|
|||
return $this->filter;
|
||||
}
|
||||
|
||||
public function getDomain()
|
||||
{
|
||||
return $this->domain;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the domain the backend is responsible for
|
||||
*
|
||||
* @param string $domain
|
||||
*
|
||||
* @return $this
|
||||
*/
|
||||
public function setDomain($domain)
|
||||
{
|
||||
$domain = trim($domain);
|
||||
|
||||
if (strlen($domain)) {
|
||||
$this->domain = $domain;
|
||||
}
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
/**
|
||||
* Apply the given configuration to this backend
|
||||
*
|
||||
|
|
@ -187,7 +217,8 @@ class LdapUserBackend extends LdapRepository implements UserBackendInterface, In
|
|||
->setBaseDn($config->base_dn)
|
||||
->setUserClass($config->user_class)
|
||||
->setUserNameAttribute($config->user_name_attribute)
|
||||
->setFilter($config->filter);
|
||||
->setFilter($config->filter)
|
||||
->setDomain($config->domain);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -372,10 +403,20 @@ class LdapUserBackend extends LdapRepository implements UserBackendInterface, In
|
|||
*/
|
||||
public function authenticate(User $user, $password)
|
||||
{
|
||||
if ($this->domain !== null) {
|
||||
if (! $user->hasDomain() || strtolower($user->getDomain()) !== $this->domain) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$username = $user->getLocalUsername();
|
||||
} else {
|
||||
$username = $user->getUsername();
|
||||
}
|
||||
|
||||
try {
|
||||
$userDn = $this
|
||||
->select()
|
||||
->where('user_name', str_replace('*', '', $user->getUsername()))
|
||||
->where('user_name', str_replace('*', '', $username))
|
||||
->getQuery()
|
||||
->setUsePagedResults(false)
|
||||
->fetchDn();
|
||||
|
|
@ -392,7 +433,7 @@ class LdapUserBackend extends LdapRepository implements UserBackendInterface, In
|
|||
} catch (LdapException $e) {
|
||||
throw new AuthenticationException(
|
||||
'Failed to authenticate user "%s" against backend "%s". An exception was thrown:',
|
||||
$user->getUsername(),
|
||||
$username,
|
||||
$this->getName(),
|
||||
$e
|
||||
);
|
||||
|
|
|
|||
Loading…
Reference in New Issue