Add new funcionality of remote login with Active Directory
This commit is contained in:
parent
a9c6900852
commit
dfcfc85303
|
@ -58,37 +58,43 @@ if ($profile_list === false) {
|
|||
}
|
||||
$table->data[3][1] = html_print_select ($profile_list, 'default_remote_profile', $config['default_remote_profile'], '', '', '', true, false, true, '', $config['autocreate_remote_users'] == 0);
|
||||
$table->data[4][0] = __('Autocreate profile group');
|
||||
$table->data[4][1] = html_print_select_groups ($config['id_user'], "AR", true, 'default_remote_group', $config['default_remote_group'], '', '', '', true, false, true, '', $config['autocreate_remote_users'] == 0);
|
||||
$table->data[5][0] = __('Autocreate blacklist') . ui_print_help_icon ('autocreate_blacklist', true);
|
||||
$table->data[5][1] = html_print_input_text ('autocreate_blacklist', $config['autocreate_blacklist'], '', 60, 100, true);
|
||||
$table->data[4][1] = html_print_select_groups ($config['id_user'], "AR",
|
||||
true, 'default_remote_group', $config['default_remote_group'],
|
||||
'', '', '', true, false, true, '',
|
||||
$config['autocreate_remote_users'] == 0);
|
||||
$tags = tags_get_all_tags();
|
||||
$table->data[5][0] = __('Autocreate profile tags');
|
||||
$table->data[5][1] = html_print_select($tags, 'default_assign_tags[]', explode(",",$config['default_assign_tags']), '', __('Any'), '', true, true);
|
||||
$table->data[6][0] = __('Autocreate blacklist') . ui_print_help_icon ('autocreate_blacklist', true);
|
||||
$table->data[6][1] = html_print_input_text ('autocreate_blacklist', $config['autocreate_blacklist'], '', 60, 100, true);
|
||||
for ($i = 1; $i <= 4; $i++) {
|
||||
$table->rowstyle[$i] = $config['auth'] != 'mysql' ? '' : 'display: none;';
|
||||
$table->rowclass[$i] = 'remote';
|
||||
}
|
||||
|
||||
$table->data[6][0] = __('LDAP server');
|
||||
$table->data[6][1] = html_print_input_text ('ldap_server', $config['ldap_server'], '', 30, 100, true);
|
||||
$table->data[7][0] = __('LDAP port');
|
||||
$table->data[7][1] = html_print_input_text ('ldap_port', $config['ldap_port'], '', 10, 100, true);
|
||||
$table->data[8][0] = __('LDAP version');
|
||||
$table->data[7][0] = __('LDAP server');
|
||||
$table->data[7][1] = html_print_input_text ('ldap_server', $config['ldap_server'], '', 30, 100, true);
|
||||
$table->data[8][0] = __('LDAP port');
|
||||
$table->data[8][1] = html_print_input_text ('ldap_port', $config['ldap_port'], '', 10, 100, true);
|
||||
$table->data[9][0] = __('LDAP version');
|
||||
$ldap_versions = array (1 => 'LDAPv1', 2 => 'LDAPv2', 3 => 'LDAPv3');
|
||||
$table->data[8][1] = html_print_select ($ldap_versions, 'ldap_version', $config['ldap_version'], '', '', 0, true);
|
||||
$table->data[9][0] = __('Start TLS');
|
||||
$table->data[9][1] = __('Yes').' '.html_print_radio_button ('ldap_start_tls', 1, '', $config['ldap_start_tls'], true).' ';
|
||||
$table->data[9][1] .= __('No').' '.html_print_radio_button ('ldap_start_tls', 0, '', $config['ldap_start_tls'], true);
|
||||
$table->data[10][0] = __('Base DN');
|
||||
$table->data[10][1] = html_print_input_text ('ldap_base_dn', $config['ldap_base_dn'], '', 60, 100, true);
|
||||
$table->data[11][0] = __('Login attribute');
|
||||
$table->data[11][1] = html_print_input_text ('ldap_login_attr', $config['ldap_login_attr'], '', 60, 100, true);
|
||||
$table->data[9][1] = html_print_select ($ldap_versions, 'ldap_version', $config['ldap_version'], '', '', 0, true);
|
||||
$table->data[10][0] = __('Start TLS');
|
||||
$table->data[10][1] = __('Yes').' '.html_print_radio_button ('ldap_start_tls', 1, '', $config['ldap_start_tls'], true).' ';
|
||||
$table->data[10][1] .= __('No').' '.html_print_radio_button ('ldap_start_tls', 0, '', $config['ldap_start_tls'], true);
|
||||
$table->data[11][0] = __('Base DN');
|
||||
$table->data[11][1] = html_print_input_text ('ldap_base_dn', $config['ldap_base_dn'], '', 60, 100, true);
|
||||
$table->data[12][0] = __('Login attribute');
|
||||
$table->data[12][1] = html_print_input_text ('ldap_login_attr', $config['ldap_login_attr'], '', 60, 100, true);
|
||||
|
||||
// Hide LDAP configuration options
|
||||
for ($i = 2; $i <= 11; $i++) {
|
||||
for ($i = 2; $i <= 12; $i++) {
|
||||
$table->rowstyle[$i] = $config['auth'] == 'ldap' ? '' : 'display: none;';
|
||||
$table->rowclass[$i] = 'ldap';
|
||||
}
|
||||
|
||||
// Set the rows autocreation for Active Directory
|
||||
for ($i = 2; $i <= 5; $i++) {
|
||||
for ($i = 2; $i <= 6; $i++) {
|
||||
$table->rowclass[$i] .= ' ' . 'ad';
|
||||
}
|
||||
|
||||
|
|
|
@ -217,7 +217,8 @@ function process_user_login_remote ($login, $pass, $api = false) {
|
|||
|
||||
// Unknown authentication method
|
||||
default:
|
||||
$config["auth_error"] = "User not found in database or incorrect password";
|
||||
$config["auth_error"] = "User not found in database
|
||||
or incorrect password";
|
||||
return false;
|
||||
break;
|
||||
}
|
||||
|
@ -227,24 +228,55 @@ function process_user_login_remote ($login, $pass, $api = false) {
|
|||
if (!user_can_login($login)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if ($config["auth"] == 'ad'){
|
||||
$return = enterprise_hook ('prepare_permissions_groups_of_user_ad',
|
||||
array ($login, $pass, false, true));
|
||||
|
||||
if (!$return) {
|
||||
$config["auth_error"] = __("Problems with configuration
|
||||
permissions. Please contact with Administrator");
|
||||
return false;
|
||||
}
|
||||
}
|
||||
return $login;
|
||||
}
|
||||
|
||||
|
||||
// The user does not exist and can not be created
|
||||
if ($config['autocreate_remote_users'] == 0 || is_user_blacklisted ($login)) {
|
||||
$config["auth_error"] = "Ooops User not found in database or incorrect password";
|
||||
$config["auth_error"] = __("Ooops User not found in
|
||||
database or incorrect password");
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
// Create the user in the local database
|
||||
if (create_user ($login, $pass, array ('fullname' => $login, 'comments' => 'Imported from ' . $config['auth'])) === false) {
|
||||
$config["auth_error"] = "User not found in database or incorrect password";
|
||||
return false;
|
||||
if (isset($config['ad_advanced_config']) && $config['ad_advanced_config']) {
|
||||
// Create the user in the local database enterprise_hook ('prepare_permissions_groups_of_user_ad', array ($login, $pass))
|
||||
if (enterprise_hook ('prepare_permissions_groups_of_user_ad',
|
||||
array ($login, $pass, array ('fullname' => $login,
|
||||
'comments' => 'Imported from ' .
|
||||
$config['auth']))) === false) {
|
||||
|
||||
$config["auth_error"] = __("User not found in database
|
||||
or incorrect password");
|
||||
|
||||
return false;
|
||||
}
|
||||
}
|
||||
else{
|
||||
// Create the user in the local database
|
||||
if (create_user ($login, $pass,
|
||||
array ('fullname' => $login,
|
||||
'comments' => 'Imported from ' . $config['auth'])
|
||||
) === false) {
|
||||
$config["auth_error"] = __("User not found in database or incorrect password");
|
||||
return false;
|
||||
}
|
||||
profile_create_user_profile ($login,
|
||||
$config['default_remote_profile'],
|
||||
$config['default_remote_group']);
|
||||
}
|
||||
|
||||
profile_create_user_profile ($login, $config['default_remote_profile'], $config['default_remote_group']);
|
||||
return $login;
|
||||
}
|
||||
|
||||
|
|
|
@ -52,6 +52,15 @@ function config_update_value ($token, $value) {
|
|||
io_safe_output($value));
|
||||
}
|
||||
|
||||
if ($token == 'ad_adv_perms') {
|
||||
$value = str_replace(array("\r\n", "\r", "\n"), ";",
|
||||
io_safe_output($value));
|
||||
}
|
||||
|
||||
if ($token == 'default_assign_tags') {
|
||||
$value = ($value);
|
||||
}
|
||||
|
||||
if (!isset ($config[$token])) {
|
||||
$config[$token] = $value;
|
||||
return (bool) config_create_value ($token, io_safe_input($value));
|
||||
|
@ -273,6 +282,8 @@ function config_update_config () {
|
|||
$error_update[] = __('Autocreate profile');
|
||||
if (!config_update_value ('default_remote_group', get_parameter ('default_remote_group')))
|
||||
$error_update[] = __('Autocreate profile group');
|
||||
if (!config_update_value ('default_assign_tags', implode(",",get_parameter ('default_assign_tags'))))
|
||||
$error_update[] = __('Autocreate profile tags');
|
||||
if (!config_update_value ('autocreate_blacklist', get_parameter ('autocreate_blacklist')))
|
||||
$error_update[] = __('Autocreate blacklist');
|
||||
|
||||
|
@ -282,8 +293,12 @@ function config_update_config () {
|
|||
$error_update[] = __('Active directory port');
|
||||
if (!config_update_value ('ad_start_tls', get_parameter ('ad_start_tls')))
|
||||
$error_update[] = __('Start TLS');
|
||||
if (!config_update_value ('ad_advanced_config', get_parameter ('ad_advanced_config')))
|
||||
$error_update[] = __('Advance Config AD');
|
||||
if (!config_update_value ('ad_domain', get_parameter ('ad_domain')))
|
||||
$error_update[] = __('Domain');
|
||||
if (!config_update_value ('ad_adv_perms', get_parameter ('ad_adv_perms')))
|
||||
$error_update[] = __('Advanced Permisions AD');
|
||||
|
||||
if (!config_update_value ('ldap_server', get_parameter ('ldap_server')))
|
||||
$error_update[] = __('LDAP server');
|
||||
|
@ -1042,6 +1057,10 @@ function config_process_config () {
|
|||
config_update_value ('default_remote_group', 0);
|
||||
}
|
||||
|
||||
if (!isset ($config['default_assign_tags'])) {
|
||||
config_update_value ( 'default_assign_tags', '');
|
||||
}
|
||||
|
||||
if (!isset ($config['ldap_server'])) {
|
||||
config_update_value ( 'ldap_server', 'localhost');
|
||||
}
|
||||
|
@ -1083,10 +1102,22 @@ function config_process_config () {
|
|||
config_update_value ( 'ad_start_tls', 0);
|
||||
}
|
||||
|
||||
if (!isset ($config['ad_advanced_config'])) {
|
||||
config_update_value ( 'ad_advanced_config', 0);
|
||||
}
|
||||
|
||||
if (!isset ($config['ad_domain'])) {
|
||||
config_update_value ( 'ad_domain', '');
|
||||
}
|
||||
|
||||
$temp_ad_adv_perms = array();
|
||||
if (isset($config['ad_adv_perms'])) {
|
||||
if (!empty($config['ad_adv_perms'])) {
|
||||
$temp_ad_adv_perms = explode(';', io_safe_output($config['ad_adv_perms']));
|
||||
}
|
||||
}
|
||||
$config['ad_adv_perms'] = $temp_ad_adv_perms;
|
||||
|
||||
if (!isset ($config['rpandora_server'])) {
|
||||
config_update_value ( 'rpandora_server', 'localhost');
|
||||
}
|
||||
|
|
|
@ -31,9 +31,6 @@ function users_is_strict_acl($id_user = null) {
|
|||
$strict_acl = (bool)db_get_value('strict_acl', 'tusuario',
|
||||
'id_user', $id_user);
|
||||
|
||||
//html_debug_print($strict_acl, true);
|
||||
//html_debug_print($id_user, true);
|
||||
|
||||
return $strict_acl;
|
||||
}
|
||||
|
||||
|
|
|
@ -0,0 +1,13 @@
|
|||
<?php
|
||||
/**
|
||||
* @package Include/help/en
|
||||
*/
|
||||
?>
|
||||
<h1>Advance Permission </h1>
|
||||
|
||||
<br><br>
|
||||
|
||||
<table width="750px" style="display:inline">
|
||||
<tr>
|
||||
<td class=""> If you add a new permission, you was added of next form: Name of Profile,Name of Group,[Name of Group AD n1,Name of Group AD n2,Name of Group AD n3,...]</td>
|
||||
</table>
|
Loading…
Reference in New Issue