1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/dotclear2_ynh.git synced 2024-09-03 18:26:29 +02:00
dotclear2_ynh/conf/class.auth.ldap.php

96 lines
5.8 KiB
PHP
Raw Normal View History

2019-03-01 02:05:03 +01:00
<?php
2020-04-17 23:49:35 +02:00
class ldapDcAuth extends dcAuth
2019-02-28 01:43:05 +01:00
{
2019-03-01 22:48:44 +01:00
# The user can't change his password
2019-03-01 02:05:03 +01:00
protected $allow_pass_change = false;
2019-02-28 01:43:05 +01:00
2020-04-17 23:49:35 +02:00
# LDAP parameter
private $server = "localhost";
private $port = "389";
private $base = "dc=yunohost,dc=org";
2020-04-18 16:03:12 +02:00
public function checkUser($user_id, $pwd=null, $user_key=null, $check_blog=true)
2019-03-01 02:05:03 +01:00
{
if ($pwd == '') {
2020-04-18 16:03:12 +02:00
return parent::checkUser($user_id, null, $user_key, $check_blog);
2019-03-01 02:05:03 +01:00
}
2019-02-28 01:43:05 +01:00
2019-03-01 22:48:44 +01:00
# LDAP connection
2020-04-17 23:49:35 +02:00
$ds = ldap_connect("ldap://".$this->server.":".$this->port);
if ($ds)
2019-03-01 02:05:03 +01:00
{
2020-04-17 23:49:35 +02:00
ldap_set_option ($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
if (ldap_bind($ds, "uid=".$user_id.",ou=users,".$this->base, $pwd))
{
# search the user in ldap, and get infos
$filter = "(&(|(objectclass=posixAccount))(uid=".$user_id.")(permission=cn=__APP__.admin,ou=permission,".$this->base."))";
$sr = ldap_search($ds, $this->base, $filter, array("dn", "cn", "sn", "mail", "givenname")); # /!\ fields have to be in lowercase
$info = ldap_get_entries($ds, $sr);
2019-02-28 01:43:05 +01:00
2020-04-17 23:49:35 +02:00
if ($info["count"] == 1)
{
try
{
$this->con->begin();
$cur = $this->con->openCursor($this->user_table);
# Store the password
$cur->user_pwd = $pwd;
2019-02-28 01:43:05 +01:00
# Store informations about the user
$cur->user_id = $user_id;
$cur->user_email = $info[0]['mail'][0];
$cur->user_name = $info[0]['sn'][0];
$cur->user_firstname = $info[0]['givenname'][0];
$cur->user_displayname = $info[0]['cn'][0];
# If the user exist, then we just update his password.
if ($this->core->userExists($user_id))
{
$this->sudo(array($this->core, 'updUser'), $user_id, $cur);
}
# If not, we create him.
# In order for him to connect,
# it is necessary to give him at least
# a permission "usage" on the blog "default".
else
{
$cur->user_lang = 'fr'; # Can change this, PR are welcome
$cur->user_tz = 'Europe/Paris'; # Can change this, PR are welcome
$cur->user_default_blog = 'default'; # Can change this, PR are welcome
$this->sudo(array($this->core,'addUser'), $cur);
# Possible roles:
#admin "administrator"
#usage "manage their own entries and comments"
#publish "publish entries and comments"
#delete "delete entries and comments"
#contentadmin "manage all entries and comments"
#categories "manage categories"
#media "manage their own media items"
#media_admin "manage all media items"
#pages "manage pages"
#blogroll "manage blogroll"
$this->sudo(array($this->core, 'setUserBlogPermissions'), $user_id, 'default', array('usage'=>true)); # Can change this, PR are welcome
}
$this->con->commit();
2020-04-17 23:49:35 +02:00
}
catch (Exception $e)
2020-04-17 23:49:35 +02:00
{
# In case of error we cancel and return "false"
$this->con->rollback();
return false;
2020-04-17 23:49:35 +02:00
}
# The previous operations proceeded without error,
# we can now call the parent method
return parent::checkUser($user_id, $pwd);
}
}
else
{
error_log("Failed to connect with the user ".$user_id);
}
2019-03-01 02:05:03 +01:00
}
return parent::checkUser($user_id, $pwd);
2019-03-01 02:05:03 +01:00
}
2019-02-28 01:43:05 +01:00
}
2020-03-27 02:24:24 +01:00
?>