tyler.durden/icingaweb2
1
0
Fork 0
mirror of https://github.com/Icinga/icingaweb2.git synced 2025-07-29 16:54:04 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix ldap auth when the userNameAttribute holds multiple values

Browse Source 
fixes #8246
This commit is contained in:
Johannes Meyer 2015-02-03 10:15:54 +01:00
parent f6fc592b91
commit 7989b48248
3 changed files with 21 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
doc/authentication.md
View File

@ -54,6 +54,10 @@ user_class = inetOrgPerson
user_name_attribute = uid user_name_attribute = uid
``` ```
Note that in case the set *user_name_attribute* holds multiple values it is required that all of its
values are unique. Additionally, a user will be logged in using the exact user id used to authenticate
with Icinga Web 2 (e.g. an alias) no matter what the primary user id might actually be.
#### <a id="authentication-configuration-ad-authentication"></a> Active Directory #### <a id="authentication-configuration-ad-authentication"></a> Active Directory
Directive | Description Directive | Description

16
library/Icinga/Authentication/Backend/LdapUserBackend.php
View File

@ -150,7 +150,13 @@ class LdapUserBackend extends UserBackend
public function hasUser(User $user) public function hasUser(User $user)
{ {
$username = $user->getUsername(); $username = $user->getUsername();
return strtolower($this->conn->fetchOne($this->selectUser($username))) === strtolower($username); $entry = $this->conn->fetchOne($this->selectUser($username));
if (is_array($entry)) {
return in_array(strtolower($username), array_map('strtolower', $entry));
}
return strtolower($entry) === strtolower($username);
} }
/** /**
@ -225,7 +231,13 @@ class LdapUserBackend extends UserBackend
{ {
$users = array(); $users = array();
foreach ($this->selectUsers()->fetchAll() as $row) { foreach ($this->selectUsers()->fetchAll() as $row) {
$users[] = $row->{$this->userNameAttribute}; if (is_array($row->{$this->userNameAttribute})) {
foreach ($row->{$this->userNameAttribute} as $col) {
$users[] = $col;
}
} else {
$users[] = $row->{$this->userNameAttribute};
}
} }
return $users; return $users;
} }

6
library/Icinga/Protocol/Ldap/Connection.php
View File

@ -214,20 +214,20 @@ class Connection
/** /**
* Fetch the distinguished name of the first result of the given query * Fetch the distinguished name of the first result of the given query
* *
* @param $query The query returning the result set * @param Query $query The query returning the result set
* @param array $fields The fields to fetch * @param array $fields The fields to fetch
* *
* @return string Returns the distinguished name, or false when the given query yields no results * @return string Returns the distinguished name, or false when the given query yields no results
* @throws LdapException When the query result is empty and contains no DN to fetch * @throws LdapException When the query result is empty and contains no DN to fetch
*/ */
public function fetchDN($query, $fields = array()) public function fetchDN(Query $query, $fields = array())
{ {
$rows = $this->fetchAll($query, $fields); $rows = $this->fetchAll($query, $fields);
if (count($rows) !== 1) { if (count($rows) !== 1) {
throw new LdapException( throw new LdapException(
sprintf( sprintf(
'Cannot fetch single DN for %s', 'Cannot fetch single DN for %s',
$query $query->create()
) )
); );
} }