tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'ent-9178-13815-alto-tiempo-de-espera-si-el-ldap-secundario-no-esta-disponible' into 'develop' 

Added ldap timeout

See merge request artica/pandorafms!5134
This commit is contained in:
Diego Muñoz-Reja 2022-10-21 10:28:04 +00:00
parent 423d4b8763 391ff40c93
commit 92c01531e7
3 changed files with 38 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
pandora_console/godmode/setup/setup_auth.php
View File

@ -199,6 +199,21 @@ if (is_ajax()) {
);
$table->data['ldap_admin_pass'] = $row;
// Ldapsearch timeout.
// Default Ldapsearch timeout.
set_when_empty($config['ldap_searh_timeout'], 5);
$row = [];
$row['name'] = __('Ldap search timeout (secs)');
$row['control'] = html_print_input_text(
'ldap_search_timeout',
$config['ldap_search_timeout'],
'',
10,
10,
true
);
$table->data['ldap_search_timeout'] = $row;
// Enable/disable secondary ldap.
// Set default value.
set_unless_defined($config['secondary_ldap_enabled'], false);

20
pandora_console/include/auth/mysql.php
View File

@ -856,8 +856,16 @@ function ldap_process_user_login($login, $password, $secondary_server=false)
return false;
}
// Set the LDAP version
// Set the LDAP version.
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, $ldap['ldap_version']);
ldap_set_option($ds, LDAP_OPT_NETWORK_TIMEOUT, 1);
// Set ldap search timeout.
ldap_set_option(
$ds,
LDAP_OPT_TIMELIMIT,
(empty($config['ldap_search_timeout']) === true) ? 5 : ((int) $config['ldap_search_timeout'])
);
if ($ldap['ldap_start_tls']) {
if (!@ldap_start_tls($ds)) {
@ -878,7 +886,8 @@ function ldap_process_user_login($login, $password, $secondary_server=false)
io_safe_output($ldap['ldap_admin_login']),
io_output_password($ldap['ldap_admin_pass']),
io_safe_output($login),
$ldap['ldap_start_tls']
$ldap['ldap_start_tls'],
$config['ldap_search_timeout']
);
if ($sr) {
@ -1487,7 +1496,8 @@ function local_ldap_search(
$ldap_admin_user=null,
$ldap_admin_pass=null,
$user=null,
$ldap_start_tls=null
$ldap_start_tls=null,
$ldap_search_time=5
) {
global $config;
@ -1520,8 +1530,8 @@ function local_ldap_search(
}
$dn = " -b '".$dn."'";
$shell_ldap_search = explode("\n", shell_exec('ldapsearch -LLL -o ldif-wrap=no -x'.$ldap_host.$ldap_version.' -E pr=10000/noprompt '.$ldap_admin_user.$ldap_admin_pass.$dn.$filter.$tls.' | grep -v "^#\|^$" | sed "s/:\+ /=>/g"'));
$ldapsearch_command = 'ldapsearch -LLL -o ldif-wrap=no -o nettimeout='.$ldap_search_time.' -x'.$ldap_host.$ldap_version.' -E pr=10000/noprompt '.$ldap_admin_user.$ldap_admin_pass.$dn.$filter.$tls.' | grep -v "^#\|^$" | sed "s/:\+ /=>/g"';
$shell_ldap_search = explode("\n", shell_exec($ldapsearch_command));
foreach ($shell_ldap_search as $line) {
$values = explode('=>', $line);
if (!empty($values[0]) && !empty($values[1])) {

8
pandora_console/include/functions_config.php
View File

@ -612,6 +612,10 @@ function config_update_config()
$error_update[] = __('Admin LDAP password');
}
if (config_update_value('ldap_search_timeout', (int) get_parameter('ldap_search_timeout', 5), true) === false) {
$error_update[] = __('Ldap search timeout');
}
if (config_update_value('ldap_server_secondary', get_parameter('ldap_server_secondary'), true) === false) {
$error_update[] = __('Secondary LDAP server');
}
@ -2697,6 +2701,10 @@ function config_process_config()
config_update_value('ldap_admin_pass', '');
}
if (!isset($config['ldap_search_timeout'])) {
config_update_value('ldap_search_timeout', 5);
}
if (!isset($config['ldap_server_secondary'])) {
config_update_value('ldap_server_secondary', 'localhost');
}