Merge branch '1592-acceso-con-ldap-sin-establecer-pass-dev' into 'develop'

1592 acceso con ldap sin establecer pass dev

See merge request artica/pandorafms!1067
This commit is contained in:
vgilc 2017-11-15 09:27:39 +01:00
commit 4e09334718
2 changed files with 29 additions and 20 deletions

View File

@ -240,26 +240,19 @@ function process_user_login_remote ($login, $pass, $api = false) {
} }
} }
} }
elseif (($config["auth"] === 'ldap') && elseif ($config["auth"] === 'ldap') {
(isset($config['ldap_advanced_config']) && $config['ldap_advanced_config'])) { if ($config['ldap_save_password']) {
$update_credentials = change_local_user_pass_ldap ($login, $pass);
$return = enterprise_hook ('prepare_permissions_groups_of_user_ldap', if ($update_credentials) {
array ($login, $pass, false, true, defined('METACONSOLE')));
if ($return === "error_permissions") {
$config["auth_error"] =
__("Problems with configuration permissions. Please contact with Administrator");
return false;
}
else {
if ($return === "permissions_changed") {
$config["auth_error"] = $config["auth_error"] =
__("Your permissions have changed. Please, login again."); __("Your permissions have changed. Please, login again.");
return false; return false;
} }
} }
else {
change_local_user_pass_ldap ($login, $pass); delete_user_pass_ldap ($login);
}
} }
return $login; return $login;
@ -310,9 +303,7 @@ function process_user_login_remote ($login, $pass, $api = false) {
return false; return false;
} }
} }
elseif ($config["auth"] === 'ldap' && elseif ($config["auth"] === 'ldap') {
(isset($config['ldap_advanced_config']) &&
$config['ldap_advanced_config'])) {
if ( defined('METACONSOLE') ) { if ( defined('METACONSOLE') ) {
enterprise_include_once('include/functions_metaconsole.php'); enterprise_include_once('include/functions_metaconsole.php');
enterprise_include_once ('meta/include/functions_groups_meta.php'); enterprise_include_once ('meta/include/functions_groups_meta.php');
@ -717,7 +708,7 @@ function ldap_process_user_login ($login, $password) {
$correct = false; $correct = false;
if(!empty($ldap_base_dn)) { if(!empty($ldap_base_dn)) {
if (strlen($password) != 0 && @ldap_bind($ds, $memberof['dn'], $password) ) { if (strlen($password) != 0 && @ldap_bind($ds, io_safe_output($memberof['dn']), $password) ) {
$correct = true; $correct = true;
} }
} }
@ -770,13 +761,23 @@ function is_user_blacklisted ($user) {
function change_local_user_pass_ldap ($id_user, $password) { function change_local_user_pass_ldap ($id_user, $password) {
$local_user_pass = db_get_value_filter('password', 'tusuario', array('id_user' => $id_user)); $local_user_pass = db_get_value_filter('password', 'tusuario', array('id_user' => $id_user));
$return = false;
if (md5($password) !== $local_user_pass) { if (md5($password) !== $local_user_pass) {
$values_update = array(); $values_update = array();
$values_update['password'] = md5($password); $values_update['password'] = md5($password);
db_process_sql_update('tusuario', $values_update, array('id_user' => $id_user)); $return = db_process_sql_update('tusuario', $values_update, array('id_user' => $id_user));
} }
return $return;
}
function delete_user_pass_ldap ($id_user) {
$values_update = array();
$values_update['password'] = null;
$return = db_process_sql_update('tusuario', $values_update, array('id_user' => $id_user));
return; return;
} }

View File

@ -345,7 +345,15 @@ function config_update_config () {
$error_update[] = __('Login attribute'); $error_update[] = __('Login attribute');
if (!config_update_value ('fallback_local_auth', get_parameter ('fallback_local_auth'))) if (!config_update_value ('fallback_local_auth', get_parameter ('fallback_local_auth')))
$error_update[] = __('Fallback to local authentication'); $error_update[] = __('Fallback to local authentication');
if (isset($config['fallback_local_auth']) && $config['fallback_local_auth'] == 0) {
if (!config_update_value ('ldap_save_password', get_parameter ('ldap_save_password')))
$error_update[] = __('Save Password');
}
else if (isset($config['fallback_local_auth']) && $config['fallback_local_auth'] == 1) {
config_update_value ('ldap_save_password', 1);
}
if (!config_update_value ('rpandora_server', get_parameter ('rpandora_server'))) if (!config_update_value ('rpandora_server', get_parameter ('rpandora_server')))
$error_update[] = __('MySQL host'); $error_update[] = __('MySQL host');
if (!config_update_value ('rpandora_port', get_parameter ('rpandora_port'))) if (!config_update_value ('rpandora_port', get_parameter ('rpandora_port')))