#13548 new ad login with api when metaconsole is centralized
This commit is contained in:
Daniel Cebrian
parent
38a886f4bf
commit
53ebdd7dde
|
|
@ -255,10 +255,22 @@ function process_user_login_remote($login, $pass, $api=false)
|
||||||
|
|
||||||
// Active Directory.
|
// Active Directory.
|
||||||
case 'ad':
|
case 'ad':
|
||||||
$sr = enterprise_hook('ad_process_user_login', [$login, $pass]);
|
if ($create_by_remote_api === true) {
|
||||||
// Try with secondary server.
|
$sr = ldap_process_user_login_by_api($login, $pass);
|
||||||
if ($sr === false && (bool) $config['secondary_active_directory'] === true) {
|
if ($sr !== false && isset($sr['uid']) === true && is_array($sr['uid']) === true) {
|
||||||
$sr = enterprise_hook('ad_process_user_login', [$login, $pass, true]);
|
$already_user = db_get_value('id_user', 'tusuario', 'id_user', $sr['uid'][0]);
|
||||||
|
// If the node is centralized, AD login is delegated to the metaconsole via the API.
|
||||||
|
// Since the user is not yet on the nodes, they are asked to try again in a few minutes.
|
||||||
|
if ($already_user === false && is_metaconsole() === false) {
|
||||||
|
$config['pending_sync_process_message'] = __('Successful login, please wait a few minutes for the metaconsole to synchronize with the nodes and then log in again with the same credentials.');
|
||||||
|
}
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
$sr = enterprise_hook('ad_process_user_login', [$login, $pass]);
|
||||||
|
// Try with secondary server.
|
||||||
|
if ($sr === false && (bool) $config['secondary_active_directory'] === true) {
|
||||||
|
$sr = enterprise_hook('ad_process_user_login', [$login, $pass, true]);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($sr === false) {
|
if ($sr === false) {
|
||||||
|
|
@ -296,7 +308,7 @@ function process_user_login_remote($login, $pass, $api=false)
|
||||||
|
|
||||||
if (($config['auth'] === 'ad')) {
|
if (($config['auth'] === 'ad')) {
|
||||||
// Check if autocreate remote users is active.
|
// Check if autocreate remote users is active.
|
||||||
if ($config['autocreate_remote_users'] == 1) {
|
if ($create_by_remote_api === false && $config['autocreate_remote_users'] == 1) {
|
||||||
if ($config['ad_save_password']) {
|
if ($config['ad_save_password']) {
|
||||||
$update_credentials = change_local_user_pass_ldap($login, $pass);
|
$update_credentials = change_local_user_pass_ldap($login, $pass);
|
||||||
} else {
|
} else {
|
||||||
|
|
@ -304,7 +316,7 @@ function process_user_login_remote($login, $pass, $api=false)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (isset($config['ad_advanced_config']) && $config['ad_advanced_config']) {
|
if ($create_by_remote_api === false && isset($config['ad_advanced_config']) && $config['ad_advanced_config']) {
|
||||||
$return = enterprise_hook(
|
$return = enterprise_hook(
|
||||||
'prepare_permissions_groups_of_user_ad',
|
'prepare_permissions_groups_of_user_ad',
|
||||||
[
|
[
|
||||||
|
|
@ -369,11 +381,6 @@ function process_user_login_remote($login, $pass, $api=false)
|
||||||
&& (isset($config['ad_advanced_config'])
|
&& (isset($config['ad_advanced_config'])
|
||||||
&& $config['ad_advanced_config'])
|
&& $config['ad_advanced_config'])
|
||||||
) {
|
) {
|
||||||
if (is_management_allowed() === false) {
|
|
||||||
$config['auth_error'] = __('Please, login into metaconsole first');
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
$user_info = [
|
$user_info = [
|
||||||
'fullname' => db_escape_string_sql($login),
|
'fullname' => db_escape_string_sql($login),
|
||||||
'comments' => 'Imported from '.$config['auth'],
|
'comments' => 'Imported from '.$config['auth'],
|
||||||
|
|
@ -383,20 +390,22 @@ function process_user_login_remote($login, $pass, $api=false)
|
||||||
$user_info['metaconsole_access_node'] = $config['ad_adv_user_node'];
|
$user_info['metaconsole_access_node'] = $config['ad_adv_user_node'];
|
||||||
}
|
}
|
||||||
|
|
||||||
// Create the user.
|
if ($create_by_remote_api === false) {
|
||||||
if (enterprise_hook(
|
// Create the user.
|
||||||
'prepare_permissions_groups_of_user_ad',
|
if (enterprise_hook(
|
||||||
[
|
'prepare_permissions_groups_of_user_ad',
|
||||||
$login,
|
[
|
||||||
$pass,
|
$login,
|
||||||
$user_info,
|
$pass,
|
||||||
false,
|
$user_info,
|
||||||
defined('METACONSOLE') && is_centralized() === false,
|
false,
|
||||||
]
|
defined('METACONSOLE') && is_centralized() === false,
|
||||||
) === false
|
]
|
||||||
) {
|
) === false
|
||||||
$config['auth_error'] = __('User not found in database or incorrect password');
|
) {
|
||||||
return false;
|
$config['auth_error'] = __('User not found in database or incorrect password');
|
||||||
|
return false;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
} else if ($config['auth'] === 'ldap') {
|
} else if ($config['auth'] === 'ldap') {
|
||||||
if (is_metaconsole() === true) {
|
if (is_metaconsole() === true) {
|
||||||
|
|
@ -434,24 +443,26 @@ function process_user_login_remote($login, $pass, $api=false)
|
||||||
$user_info['metaconsole_access_node'] = $config['ad_adv_user_node'];
|
$user_info['metaconsole_access_node'] = $config['ad_adv_user_node'];
|
||||||
}
|
}
|
||||||
|
|
||||||
if (is_management_allowed() === false) {
|
if ($create_by_remote_api === false && is_management_allowed() === false) {
|
||||||
$config['auth_error'] = __('Please, login into metaconsole first');
|
$config['auth_error'] = __('Please, login into metaconsole first');
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Create the user in the local database.
|
// Create the user in the local database.
|
||||||
if (create_user($login, $pass, $user_info) === false) {
|
if ($create_by_remote_api === false && create_user($login, $pass, $user_info) === false) {
|
||||||
$config['auth_error'] = __('User not found in database or incorrect password');
|
$config['auth_error'] = __('User not found in database or incorrect password');
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
profile_create_user_profile(
|
if ($create_by_remote_api === false) {
|
||||||
$login,
|
profile_create_user_profile(
|
||||||
$config['default_remote_profile'],
|
$login,
|
||||||
$config['default_remote_group'],
|
$config['default_remote_profile'],
|
||||||
false,
|
$config['default_remote_group'],
|
||||||
$config['default_assign_tags']
|
false,
|
||||||
);
|
$config['default_assign_tags']
|
||||||
|
);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return $login;
|
return $login;
|
||||||
|
|
@ -1688,11 +1699,13 @@ function ldap_process_user_login_by_api($user, $pass)
|
||||||
$token = generate_token_for_system($serverUniqueIdentifier, $apiPassword);
|
$token = generate_token_for_system($serverUniqueIdentifier, $apiPassword);
|
||||||
metaconsole_restore_db();
|
metaconsole_restore_db();
|
||||||
|
|
||||||
|
$url = $config['metaconsole_base_url'];
|
||||||
|
$url .= (substr($config['metaconsole_base_url'], -1) === '/') ? '' : '/';
|
||||||
$curl = curl_init();
|
$curl = curl_init();
|
||||||
curl_setopt_array(
|
curl_setopt_array(
|
||||||
$curl,
|
$curl,
|
||||||
[
|
[
|
||||||
CURLOPT_URL => $config['metaconsole_base_url'].'api/v2/user/'.$user.'/login?password='.$pass,
|
CURLOPT_URL => $url.'api/v2/user/'.urlencode($user).'/login?password='.urlencode($pass),
|
||||||
CURLOPT_RETURNTRANSFER => true,
|
CURLOPT_RETURNTRANSFER => true,
|
||||||
CURLOPT_FOLLOWLOCATION => true,
|
CURLOPT_FOLLOWLOCATION => true,
|
||||||
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
|
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
|
||||||
|
|
@ -1709,9 +1722,7 @@ function ldap_process_user_login_by_api($user, $pass)
|
||||||
$code = curl_getinfo($curl, CURLINFO_HTTP_CODE);
|
$code = curl_getinfo($curl, CURLINFO_HTTP_CODE);
|
||||||
curl_close($curl);
|
curl_close($curl);
|
||||||
if ($code === 200) {
|
if ($code === 200) {
|
||||||
if (isset($response['email']) === true
|
if (isset($response['idUser']) === true) {
|
||||||
&& isset($response['idUser']) === true
|
|
||||||
) {
|
|
||||||
$ldap_format = [
|
$ldap_format = [
|
||||||
'mail' => [$response['email']],
|
'mail' => [$response['email']],
|
||||||
'uid' => [$response['idUser']],
|
'uid' => [$response['idUser']],
|
||||||
|
|
@ -1724,6 +1735,8 @@ function ldap_process_user_login_by_api($user, $pass)
|
||||||
} else {
|
} else {
|
||||||
if (isset($response['error']) === true) {
|
if (isset($response['error']) === true) {
|
||||||
$config['auth_error'] = $response['error'];
|
$config['auth_error'] = $response['error'];
|
||||||
|
} else {
|
||||||
|
$config['auth_error'] = __('Unexpected error');
|
||||||
}
|
}
|
||||||
|
|
||||||
return false;
|
return false;
|
||||||
|
|
|
||||||
|
|
@ -513,6 +513,10 @@ function config_update_config()
|
||||||
if (config_update_value('ipam_ocuppied_warning_treshold', get_parameter('ipam_ocuppied_warning_treshold'), true) === false) {
|
if (config_update_value('ipam_ocuppied_warning_treshold', get_parameter('ipam_ocuppied_warning_treshold'), true) === false) {
|
||||||
$error_update[] = __('Ipam Ocuppied Manager Warning');
|
$error_update[] = __('Ipam Ocuppied Manager Warning');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (config_update_value('metaconsole_base_url', get_parameter('metaconsole_base_url'), true) === false) {
|
||||||
|
$error_update[] = __('Metaconsole base url');
|
||||||
|
}
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue