tyler.durden
/
icingaweb2
mirror of https://github.com/Icinga/icingaweb2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Use the DN to fetch group memberships from LDAP 

fixes #9901
This commit is contained in:
Alexander A. Klimov 2015-09-18 15:34:12 +02:00
parent 3b135c6b6f
commit 17e8f01d24
2 changed files with 19 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
library/Icinga/Authentication/User/LdapUserBackend.php
View File

@ -364,7 +364,12 @@ class LdapUserBackend extends LdapRepository implements UserBackendInterface, In
return false;
}
return $this->ds->testCredentials($userDn, $password);
$testCredentialsResult = $this->ds->testCredentials($userDn, $password);
if ($testCredentialsResult) {
$user->setAdditional('ldap_dn', $userDn);
}
return $testCredentialsResult;
} catch (LdapException $e) {
throw new AuthenticationException(
'Failed to authenticate user "%s" against backend "%s". An exception was thrown:',

24
library/Icinga/Authentication/UserGroup/LdapUserGroupBackend.php
View File

@ -532,18 +532,20 @@ class LdapUserGroupBackend /*extends LdapRepository*/ implements UserGroupBacken
*/
public function getMemberships(User $user)
{
$userQuery = $this->ds
->select()
->from($this->userClass)
->where($this->userNameAttribute, $user->getUsername())
->setBase($this->userBaseDn)
->setUsePagedResults(false);
if ($this->userFilter) {
$userQuery->where(new Expression($this->userFilter));
}
if (($userDn = $user->getAdditional('ldap_dn')) === null) {
$userQuery = $this->ds
->select()
->from($this->userClass)
->where($this->userNameAttribute, $user->getUsername())
->setBase($this->userBaseDn)
->setUsePagedResults(false);
if ($this->userFilter) {
$userQuery->where(new Expression($this->userFilter));
}
if (($userDn = $userQuery->fetchDn()) === null) {
return array();
if (($userDn = $userQuery->fetchDn()) === null) {
return array();
}
}
$groupQuery = $this->ds