diff --git a/conf/class.auth.ldap.php b/conf/class.auth.ldap.php index 9b94d1c..0eaeda8 100644 --- a/conf/class.auth.ldap.php +++ b/conf/class.auth.ldap.php @@ -20,7 +20,6 @@ class ldapDcAuth extends dcAuth if ($ds) { ldap_set_option ($ds, LDAP_OPT_PROTOCOL_VERSION, 3); - if (ldap_bind($ds, "uid=".$user_id.",ou=users,".$this->base, $pwd)) { # search the user in ldap, and get infos @@ -30,57 +29,67 @@ class ldapDcAuth extends dcAuth if ($info["count"] == 1) { - $this->con->begin(); - $cur = $this->con->openCursor($this->user_table); - # Store the password - $cur->user_pwd = $pwd; - - # Store informations about the user - $cur->user_id = $user_id; - $cur->user_email = $info[0]['mail'][0]; - $cur->user_name = $info[0]['sn'][0]; - $cur->user_firstname = $info[0]['givenname'][0]; - $cur->user_displayname = $info[0]['cn'][0]; - - # If the user exist, then we just update his password. - if ($this->core->userExists($user_id)) + try { - $this->sudo(array($this->core, 'updUser'), $user_id, $cur); + $this->con->begin(); + $cur = $this->con->openCursor($this->user_table); + # Store the password + $cur->user_pwd = $pwd; + + # Store informations about the user + $cur->user_id = $user_id; + $cur->user_email = $info[0]['mail'][0]; + $cur->user_name = $info[0]['sn'][0]; + $cur->user_firstname = $info[0]['givenname'][0]; + $cur->user_displayname = $info[0]['cn'][0]; + + # If the user exist, then we just update his password. + if ($this->core->userExists($user_id)) + { + $this->sudo(array($this->core, 'updUser'), $user_id, $cur); + } + # If not, we create him. + # In order for him to connect, + # it is necessary to give him at least + # a permission "usage" on the blog "default". + else + { + $cur->user_lang = 'fr'; # Can change this, PR are welcome + $cur->user_tz = 'Europe/Paris'; # Can change this, PR are welcome + $cur->user_default_blog = 'default'; # Can change this, PR are welcome + $this->sudo(array($this->core,'addUser'), $cur); + # Possible roles: + #admin "administrator" + #usage "manage their own entries and comments" + #publish "publish entries and comments" + #delete "delete entries and comments" + #contentadmin "manage all entries and comments" + #categories "manage categories" + #media "manage their own media items" + #media_admin "manage all media items" + #pages "manage pages" + #blogroll "manage blogroll" + $this->sudo(array($this->core, 'setUserBlogPermissions'), $user_id, 'default', array('usage'=>true)); # Can change this, PR are welcome + } + $this->con->commit(); } - # If not, we create him. - # In order for him to connect, - # it is necessary to give him at least - # a permission "usage" on the blog "default". - else + catch (Exception $e) { - $cur->user_lang = 'fr'; # Can change this, PR are welcome - $cur->user_tz = 'Europe/Paris'; # Can change this, PR are welcome - $cur->user_default_blog = 'default'; # Can change this, PR are welcome - $this->sudo(array($this->core,'addUser'), $cur); - # Possible roles: - #admin "administrator" - #usage "manage their own entries and comments" - #publish "publish entries and comments" - #delete "delete entries and comments" - #contentadmin "manage all entries and comments" - #categories "manage categories" - #media "manage their own media items" - #media_admin "manage all media items" - #pages "manage pages" - #blogroll "manage blogroll" - $this->sudo(array($this->core, 'setUserBlogPermissions'), $user_id, 'default', array('usage'=>true)); # Can change this, PR are welcome + # In case of error we cancel and return "false" + $this->con->rollback(); + return false; } - $this->con->commit(); - # The previous operations proceeded without error, # we can now call the parent method return parent::checkUser($user_id, $pwd); } } + else + { + error_log("Failed to connect with the user ".$user_id); + } } - # In case of error we cancel and return "false" - $this->con->rollback(); - return false; + return parent::checkUser($user_id, $pwd); } } ?>