diff --git a/pandora_console/include/auth/mysql.php b/pandora_console/include/auth/mysql.php index a7e710dcb2..d17ed213d0 100644 --- a/pandora_console/include/auth/mysql.php +++ b/pandora_console/include/auth/mysql.php @@ -228,8 +228,6 @@ function process_user_login_remote ($login, $pass, $api = false) { if (($config["auth"] === 'ad') && (isset($config['ad_advanced_config']) && $config['ad_advanced_config'])) { - - $return = enterprise_hook ('prepare_permissions_groups_of_user_ad', array ($login, $pass, false, true, defined('METACONSOLE'))); @@ -246,12 +244,29 @@ function process_user_login_remote ($login, $pass, $api = false) { } } } + elseif (($config["auth"] === 'ldap') && + (isset($config['ldap_advanced_config']) && $config['ldap_advanced_config'])) { + + $return = enterprise_hook ('prepare_permissions_groups_of_user_ldap', + array ($login, $pass, false, true, defined('METACONSOLE'))); + + if ($return === "error_permissions") { + $config["auth_error"] = + __("Problems with configuration permissions. Please contact with Administrator"); + return false; + } + else { + if ($return === "permissions_changed") { + $config["auth_error"] = + __("Your permissions have changed. Please, login again."); + return false; + } + } + } + return $login; } - - - // The user does not exist and can not be created if ($config['autocreate_remote_users'] == 0 || is_user_blacklisted ($login)) { $config["auth_error"] = __("Ooops User not found in @@ -297,6 +312,42 @@ function process_user_login_remote ($login, $pass, $api = false) { return false; } } + elseif ($config["auth"] === 'ldap' && + (isset($config['ldap_advanced_config']) && + $config['ldap_advanced_config'])) { + + if ( defined('METACONSOLE') ) { + enterprise_include_once('include/functions_metaconsole.php'); + enterprise_include_once ('meta/include/functions_groups_meta.php'); + + $return = groups_meta_synchronizing(); + + if ($return["group_create_err"] > 0 || $return["group_update_err"] > 0) { + $config["auth_error"] = __('Fail the group synchronizing'); + return false; + } + + $return = meta_tags_synchronizing(); + if ($return['tag_create_err'] > 0 || $return['tag_update_err'] > 0) { + $config["auth_error"] = __('Fail the tag synchronizing'); + return false; + } + } + + // Create the user + if (enterprise_hook ('prepare_permissions_groups_of_user_ldap', + array($login, + $pass, + array ('fullname' => $login, + 'comments' => 'Imported from ' . $config['auth']), + false, defined('METACONSOLE'))) === false) { + + $config["auth_error"] = __("User not found in database + or incorrect password"); + + return false; + } + } else { $user_info = array ('fullname' => $login, @@ -645,15 +696,26 @@ function ldap_process_user_login ($login, $password) { } } - $ldap_login_attr = isset($config["ldap_login_attr"]) ? io_safe_output($config["ldap_login_attr"]) . "=" : ''; - $ldap_base_dn = isset($config["ldap_base_dn"]) ? "," . io_safe_output($config["ldap_base_dn"]) : ''; + $ldap_login_attr = !empty($config["ldap_login_attr"]) ? io_safe_output($config["ldap_login_attr"]) . "=" : ''; + $ldap_base_dn = !empty($config["ldap_base_dn"]) ? "," . io_safe_output($config["ldap_base_dn"]) : ''; - if (strlen($password) == 0 || + if(!empty($ldap_base_dn)){ + if (strlen($password) == 0 || !@ldap_bind($ds, $ldap_login_attr.io_safe_output($login).$ldap_base_dn, $password) ) { + $config["auth_error"] = 'User not found in database or incorrect password'; + @ldap_close ($ds); + + return false; + } + } + else { + if (strlen($password) == 0 || !@ldap_bind($ds, io_safe_output($login), $password) ) { + $config["auth_error"] = 'User not found in database or incorrect password'; - @ldap_close ($ds); - - return false; + @ldap_close ($ds); + + return false; + } } @ldap_close ($ds); diff --git a/pandora_console/include/functions_config.php b/pandora_console/include/functions_config.php index c040cf0346..0e70c4f28c 100644 --- a/pandora_console/include/functions_config.php +++ b/pandora_console/include/functions_config.php @@ -1360,6 +1360,10 @@ function config_process_config () { if (!isset ($config['ad_adv_user_node'])) { config_update_value ( 'ad_adv_user_node', 1); } + + if (!isset ($config['ldap_adv_user_node'])) { + config_update_value ( 'ldap_adv_user_node', 1); + } if (!isset ($config['ad_domain'])) { config_update_value ( 'ad_domain', '');