mirror of
https://github.com/YunoHost-Apps/piwigo_ynh.git
synced 2024-09-03 20:06:03 +02:00
Use extra_files feature of ynh_setup_source
This commit is contained in:
Jimmy Monin
parent
8c1d8803c8
commit
fcc493af42
46 changed files with 1354 additions and 1358 deletions
|
|
@ -106,8 +106,6 @@ sudo ln -sd $datapath/galleries $final_path/galleries
|
|||
sudo cp -a $TMPDIR/galleries/* $final_path/galleries/
|
||||
sudo ln -sd $datapath/upload $final_path/upload
|
||||
|
||||
sudo cp -R ../plugins/Ldap_Login $final_path/plugins/Ldap_Login
|
||||
|
||||
sudo chown -R $app: $final_path
|
||||
sudo chown -R $app: $datapath
|
||||
sudo chmod 755 -R $final_path/galleries
|
||||
|
|
|
|||
|
|
@ -108,8 +108,6 @@ sudo cp -a $TMPDIR/!(upload|galleries) $final_path
|
|||
|
||||
sudo cp -a $TMPDIR/galleries/* $final_path/galleries/
|
||||
|
||||
sudo cp -R ../plugins/Ldap_Login/* $final_path/plugins/Ldap_Login
|
||||
|
||||
sudo chown -R $app: $final_path
|
||||
sudo chown -R $app: /home/yunohost.app/$app
|
||||
sudo chmod 755 -R $final_path/galleries
|
||||
|
|
|
|||
File diff suppressed because it is too large
Load diff
|
|
@ -1,20 +1,20 @@
|
|||
# Ldap_Login
|
||||
LDAP authentication plugin for piwigo with user-group support
|
||||
|
||||
## Exmaple-Config for an M$-AD:
|
||||
|
||||
#### LDAP-Serververbindung
|
||||
**LDAP-Server**: srv.emxample.com</br>
|
||||
(x) **Secure connection** _(--> remember that the LDAPS-Server certificate must be imported on your piwigo server)_</br>
|
||||
**LDAP-Port**: 636</br>
|
||||
|
||||
#### LDAP Attribute
|
||||
**Base DN wo LDAP-Benutzer gefunden werden sollen (zB.: ou=users,dc=example,dc=com):**: cn=Users,dc=example,dc=com</br>
|
||||
**Attribute entsprechend des Benutzernamens**: sAMACcountName</br>
|
||||
**DN of group for membership-check (memberOf)**: dn=piwigo_users,cn=Users,dc=example,dc=com</br>
|
||||
|
||||
#### LDAP-Verbindungsreferenzen
|
||||
**Bind DN im LDAP-Style (zB.: cn=admin,dc=example,dc=com).**: cn=binduser,cn=Users,dc=exmaple,dc=com</br>
|
||||
**Bind passwort**: mysecret123</br>
|
||||
</br>
|
||||
_--> SAVE and enjoy :)_
|
||||
# Ldap_Login
|
||||
LDAP authentication plugin for piwigo with user-group support
|
||||
|
||||
## Exmaple-Config for an M$-AD:
|
||||
|
||||
#### LDAP-Serververbindung
|
||||
**LDAP-Server**: srv.emxample.com</br>
|
||||
(x) **Secure connection** _(--> remember that the LDAPS-Server certificate must be imported on your piwigo server)_</br>
|
||||
**LDAP-Port**: 636</br>
|
||||
|
||||
#### LDAP Attribute
|
||||
**Base DN wo LDAP-Benutzer gefunden werden sollen (zB.: ou=users,dc=example,dc=com):**: cn=Users,dc=example,dc=com</br>
|
||||
**Attribute entsprechend des Benutzernamens**: sAMACcountName</br>
|
||||
**DN of group for membership-check (memberOf)**: dn=piwigo_users,cn=Users,dc=example,dc=com</br>
|
||||
|
||||
#### LDAP-Verbindungsreferenzen
|
||||
**Bind DN im LDAP-Style (zB.: cn=admin,dc=example,dc=com).**: cn=binduser,cn=Users,dc=exmaple,dc=com</br>
|
||||
**Bind passwort**: mysecret123</br>
|
||||
</br>
|
||||
_--> SAVE and enjoy :)_
|
||||
|
|
@ -1,30 +1,30 @@
|
|||
TODO :
|
||||
auto config (may use ajax): fill in the settings, then the page guess the next settings.
|
||||
Ex : after filled the host address, the page guess the base dn. The last to guess is the users OU.
|
||||
Users OU can come with a select field, as the ld_attr.
|
||||
|
||||
correct init plugin
|
||||
if mail isn't furnished ?
|
||||
create common piwigo users upon successfull ldap connection when piwigo user doesn't exist => done !
|
||||
Groups : users may belong to ldap group to allow connection
|
||||
Groups : users belonging to «sudo» or «admin» ldap group become piwigo admin when created this way
|
||||
fetching attributes from ldap (mail…).
|
||||
|
||||
config of the previous one (need tabs)
|
||||
config page to render better
|
||||
|
||||
########
|
||||
|
||||
à faire :
|
||||
initialisation du plugin correcte
|
||||
qu'est-ce qu'on fait si le mail est pas fourni ?
|
||||
configuration automatique (javascript/ajax probable): entrée des paramètres et la page recherche le paramètre suivant si possible.
|
||||
Ex : adresse du serveur -> la page trouve toute seule la racine ldap, reste plus que la OU des utilisateurs (qu'on peut selectionner via une liste déroulante).
|
||||
l'attribut d'identification peut être selectionné par une liste déroulante.
|
||||
|
||||
creation d'un utilisateur piwigo suite à une authentification ldap quand l'utilisateur n'existe pas. => fait !
|
||||
question de groups : les utilisateurs membres du groupe ldap «sudo» ou autre pourraient automatiquement être admins piwigo
|
||||
question de groupe : les utilisateurs devraient appartenir à un groupe ldap pour se connecter…
|
||||
récuperer les attributs dans le ldap (mail…).
|
||||
|
||||
page de config à peaufiner, option précédente à intégrer dans un onglet.
|
||||
TODO :
|
||||
auto config (may use ajax): fill in the settings, then the page guess the next settings.
|
||||
Ex : after filled the host address, the page guess the base dn. The last to guess is the users OU.
|
||||
Users OU can come with a select field, as the ld_attr.
|
||||
|
||||
correct init plugin
|
||||
if mail isn't furnished ?
|
||||
create common piwigo users upon successfull ldap connection when piwigo user doesn't exist => done !
|
||||
Groups : users may belong to ldap group to allow connection
|
||||
Groups : users belonging to «sudo» or «admin» ldap group become piwigo admin when created this way
|
||||
fetching attributes from ldap (mail…).
|
||||
|
||||
config of the previous one (need tabs)
|
||||
config page to render better
|
||||
|
||||
########
|
||||
|
||||
à faire :
|
||||
initialisation du plugin correcte
|
||||
qu'est-ce qu'on fait si le mail est pas fourni ?
|
||||
configuration automatique (javascript/ajax probable): entrée des paramètres et la page recherche le paramètre suivant si possible.
|
||||
Ex : adresse du serveur -> la page trouve toute seule la racine ldap, reste plus que la OU des utilisateurs (qu'on peut selectionner via une liste déroulante).
|
||||
l'attribut d'identification peut être selectionné par une liste déroulante.
|
||||
|
||||
creation d'un utilisateur piwigo suite à une authentification ldap quand l'utilisateur n'existe pas. => fait !
|
||||
question de groups : les utilisateurs membres du groupe ldap «sudo» ou autre pourraient automatiquement être admins piwigo
|
||||
question de groupe : les utilisateurs devraient appartenir à un groupe ldap pour se connecter…
|
||||
récuperer les attributs dans le ldap (mail…).
|
||||
|
||||
page de config à peaufiner, option précédente à intégrer dans un onglet.
|
||||
|
|
@ -1,74 +1,74 @@
|
|||
<?php
|
||||
if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');
|
||||
|
||||
global $template;
|
||||
$template->set_filenames( array('plugin_admin_content' => dirname(__FILE__).'/configuration.tpl') );
|
||||
$template->assign(
|
||||
array(
|
||||
'PLUGIN_ACTION' => get_root_url().'admin.php?page=plugin-Ldap_Login-configuration',
|
||||
'PLUGIN_CHECK' => get_root_url().'admin.php?page=plugin-Ldap_Login-configuration',
|
||||
));
|
||||
|
||||
$me = new Ldap();
|
||||
$me->load_config();
|
||||
//$me = get_plugin_data($plugin_id);
|
||||
|
||||
// Save LDAP configuration when submitted
|
||||
if (isset($_POST['save'])){
|
||||
$me->config['host'] = $_POST['HOST'];
|
||||
$me->config['basedn'] = $_POST['BASEDN'];
|
||||
$me->config['port'] = $_POST['PORT'];
|
||||
$me->config['ld_attr'] = $_POST['LD_ATTR'];
|
||||
$me->config['ld_group'] = $_POST['LD_GROUP'];
|
||||
$me->config['ld_binddn'] = $_POST['LD_BINDDN'];
|
||||
$me->config['ld_bindpw'] = $_POST['LD_BINDPW'];
|
||||
|
||||
if (isset($_POST['LD_USE_SSL'])){
|
||||
$me->config['ld_use_ssl'] = True;
|
||||
} else {
|
||||
$me->config['ld_use_ssl'] = False;
|
||||
}
|
||||
|
||||
$me->save_config();
|
||||
}
|
||||
|
||||
// Checki LDAP configuration
|
||||
$me->ldap_conn();
|
||||
if (isset($_POST['check_ldap'])){
|
||||
//$me->write_log("[function]> admin");
|
||||
//$check = $me->ldap_name($_POST['USERNAME']);
|
||||
$username = $me->ldap_search_dn($_POST['USERNAME']);
|
||||
//$me->write_log("[admin]> bind=".$username);
|
||||
$error=$me->check_ldap();
|
||||
if($error==1 && $username) {
|
||||
if ($me->ldap_bind_as($username,$_POST['PASSWORD'])){
|
||||
if($me->check_ldap_group_membership($username,$_POST['USERNAME'])){
|
||||
$template->assign('LD_CHECK_LDAP','<p style="color:green;">Configuration LDAP OK : '.$username.'</p>');
|
||||
} else {
|
||||
$template->assign('LD_CHECK_LDAP','<p style="color:orange;">Credentials OK, Check GroupMembership for: '.$username.'</p>');
|
||||
}
|
||||
}
|
||||
else {
|
||||
$template->assign('LD_CHECK_LDAP','<p style="color:red;"> Binding OK, but check credentials on server '.$me->config['uri'].' for user '.$username.'</p>');
|
||||
}
|
||||
} elseif($error==1 && !$username){
|
||||
$template->assign('LD_CHECK_LDAP','<p style="color:red;">Error : Binding OK, but no valid DN found on server '.$me->config['uri'].' for user '.$_POST['USERNAME'].'</p>');
|
||||
} elseif($error && $username){
|
||||
$template->assign('LD_CHECK_LDAP','<p style="color:red;">Error : Binding OK, but check credentials on '.$me->config['uri'].' for user '.$_POST['USERNAME'].'</p>');
|
||||
} else {
|
||||
$template->assign('LD_CHECK_LDAP','<p style="color:red;">Error : '.$error.' for binding on server '.$me->config['uri'].' for user '.$_POST['USERNAME'].', check your binding!</p>');
|
||||
}
|
||||
}
|
||||
|
||||
// And build up the form with the new values
|
||||
$template->assign('HOST', $me->config['host']);
|
||||
$template->assign('BASEDN', $me->config['basedn']); // racine !
|
||||
$template->assign('PORT', $me->config['port']);
|
||||
$template->assign('LD_ATTR', $me->config['ld_attr']);
|
||||
$template->assign('LD_GROUP', $me->config['ld_group']);
|
||||
$template->assign('LD_USE_SSL', $me->config['ld_use_ssl']);
|
||||
$template->assign('LD_BINDPW', $me->config['ld_bindpw']);
|
||||
$template->assign('LD_BINDDN', $me->config['ld_binddn']);
|
||||
|
||||
$template->assign_var_from_handle( 'ADMIN_CONTENT', 'plugin_admin_content');
|
||||
?>
|
||||
<?php
|
||||
if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');
|
||||
|
||||
global $template;
|
||||
$template->set_filenames( array('plugin_admin_content' => dirname(__FILE__).'/configuration.tpl') );
|
||||
$template->assign(
|
||||
array(
|
||||
'PLUGIN_ACTION' => get_root_url().'admin.php?page=plugin-Ldap_Login-configuration',
|
||||
'PLUGIN_CHECK' => get_root_url().'admin.php?page=plugin-Ldap_Login-configuration',
|
||||
));
|
||||
|
||||
$me = new Ldap();
|
||||
$me->load_config();
|
||||
//$me = get_plugin_data($plugin_id);
|
||||
|
||||
// Save LDAP configuration when submitted
|
||||
if (isset($_POST['save'])){
|
||||
$me->config['host'] = $_POST['HOST'];
|
||||
$me->config['basedn'] = $_POST['BASEDN'];
|
||||
$me->config['port'] = $_POST['PORT'];
|
||||
$me->config['ld_attr'] = $_POST['LD_ATTR'];
|
||||
$me->config['ld_group'] = $_POST['LD_GROUP'];
|
||||
$me->config['ld_binddn'] = $_POST['LD_BINDDN'];
|
||||
$me->config['ld_bindpw'] = $_POST['LD_BINDPW'];
|
||||
|
||||
if (isset($_POST['LD_USE_SSL'])){
|
||||
$me->config['ld_use_ssl'] = True;
|
||||
} else {
|
||||
$me->config['ld_use_ssl'] = False;
|
||||
}
|
||||
|
||||
$me->save_config();
|
||||
}
|
||||
|
||||
// Checki LDAP configuration
|
||||
$me->ldap_conn();
|
||||
if (isset($_POST['check_ldap'])){
|
||||
//$me->write_log("[function]> admin");
|
||||
//$check = $me->ldap_name($_POST['USERNAME']);
|
||||
$username = $me->ldap_search_dn($_POST['USERNAME']);
|
||||
//$me->write_log("[admin]> bind=".$username);
|
||||
$error=$me->check_ldap();
|
||||
if($error==1 && $username) {
|
||||
if ($me->ldap_bind_as($username,$_POST['PASSWORD'])){
|
||||
if($me->check_ldap_group_membership($username,$_POST['USERNAME'])){
|
||||
$template->assign('LD_CHECK_LDAP','<p style="color:green;">Configuration LDAP OK : '.$username.'</p>');
|
||||
} else {
|
||||
$template->assign('LD_CHECK_LDAP','<p style="color:orange;">Credentials OK, Check GroupMembership for: '.$username.'</p>');
|
||||
}
|
||||
}
|
||||
else {
|
||||
$template->assign('LD_CHECK_LDAP','<p style="color:red;"> Binding OK, but check credentials on server '.$me->config['uri'].' for user '.$username.'</p>');
|
||||
}
|
||||
} elseif($error==1 && !$username){
|
||||
$template->assign('LD_CHECK_LDAP','<p style="color:red;">Error : Binding OK, but no valid DN found on server '.$me->config['uri'].' for user '.$_POST['USERNAME'].'</p>');
|
||||
} elseif($error && $username){
|
||||
$template->assign('LD_CHECK_LDAP','<p style="color:red;">Error : Binding OK, but check credentials on '.$me->config['uri'].' for user '.$_POST['USERNAME'].'</p>');
|
||||
} else {
|
||||
$template->assign('LD_CHECK_LDAP','<p style="color:red;">Error : '.$error.' for binding on server '.$me->config['uri'].' for user '.$_POST['USERNAME'].', check your binding!</p>');
|
||||
}
|
||||
}
|
||||
|
||||
// And build up the form with the new values
|
||||
$template->assign('HOST', $me->config['host']);
|
||||
$template->assign('BASEDN', $me->config['basedn']); // racine !
|
||||
$template->assign('PORT', $me->config['port']);
|
||||
$template->assign('LD_ATTR', $me->config['ld_attr']);
|
||||
$template->assign('LD_GROUP', $me->config['ld_group']);
|
||||
$template->assign('LD_USE_SSL', $me->config['ld_use_ssl']);
|
||||
$template->assign('LD_BINDPW', $me->config['ld_bindpw']);
|
||||
$template->assign('LD_BINDDN', $me->config['ld_binddn']);
|
||||
|
||||
$template->assign_var_from_handle( 'ADMIN_CONTENT', 'plugin_admin_content');
|
||||
?>
|
||||
|
|
@ -1,114 +1,114 @@
|
|||
<h2>{'Ldap_Login Plugin'|@translate}</h2>
|
||||
|
||||
<div id="configContent">
|
||||
|
||||
<p>{'All LDAP users can use their ldap password everywhere on piwigo if needed.'|@translate}</p>
|
||||
|
||||
<form method="post" action="{$PLUGIN_ACTION}" class="general">
|
||||
|
||||
{if (!extension_loaded('ldap'))}
|
||||
<p style="color:red;">{'Warning: LDAP Extension missing.'|@translate}</p>
|
||||
<br />
|
||||
{/if}
|
||||
|
||||
<fieldset class="mainConf">
|
||||
<legend>{'Ldap server host connection'|@translate}</legend>
|
||||
|
||||
<ul>
|
||||
<li>
|
||||
<label for="host">{'Ldap server host'|@translate}</label>
|
||||
<br>
|
||||
<input size="70" type="text" id="host" name="HOST" value="{$HOST}" />
|
||||
</li>
|
||||
|
||||
<li>
|
||||
<label for="ld_use_ssl">
|
||||
{if $LD_USE_SSL }
|
||||
<input type="checkbox" id="ld_use_ssl" name="LD_USE_SSL" value="{$LD_USE_SSL}" checked />
|
||||
{else}
|
||||
<input type="checkbox" id="ld_use_ssl" name="LD_USE_SSL" value="{$LD_USE_SSL}" />
|
||||
{/if}
|
||||
{'Secure connexion'|@translate}</label>
|
||||
</li>
|
||||
|
||||
<li>
|
||||
<label for="port">{'Ldap port'|@translate}</label>
|
||||
<br>
|
||||
<input type="text" id="port" name="PORT" value="{$PORT}" />
|
||||
</li>
|
||||
</ul>
|
||||
<i>{'If empty, localhost and standard protocol ports will be used in configuration.'|@translate}</i>
|
||||
</fieldset>
|
||||
|
||||
<fieldset class="mainConf">
|
||||
<legend>{'Ldap attributes'|@translate}</legend>
|
||||
<ul>
|
||||
<li>
|
||||
<label for="basedn">{'Base DN'|@translate}</label>
|
||||
<br>
|
||||
<input size="70" type="text" id="basedn" name="BASEDN" value="{$BASEDN}" />
|
||||
</li>
|
||||
|
||||
<li>
|
||||
<label for="ld_attr">{'Attribute corresponding to the user name'|@translate}</label>
|
||||
<br>
|
||||
<input type="text" id="ld_attr" name="LD_ATTR" value="{$LD_ATTR}" />
|
||||
</li>
|
||||
<li>
|
||||
<label for="groupdn">{'DN of group for membership-check (memberOf)'|@translate}</label>
|
||||
<br>
|
||||
<input size="70" type="text" id="ld_group" name="LD_GROUP" value="{$LD_GROUP}" />
|
||||
</li>
|
||||
</ul>
|
||||
</fieldset>
|
||||
|
||||
<fieldset class="mainConf">
|
||||
<legend>{'Ldap connection credentials'|@translate}</legend>
|
||||
<ul>
|
||||
<li>
|
||||
<label for="ld_binddn">{'Bind DN, field in full ldap style'|@translate}</label>
|
||||
<br>
|
||||
<input size="70" type="text" id="ld_binddn" name="LD_BINDDN" value="{$LD_BINDDN}" />
|
||||
</li>
|
||||
|
||||
<li>
|
||||
<label for="ld_bindpw">{'Bind password'|@translate}</label>
|
||||
<br>
|
||||
<input type="password" id="ld_bindpw" name="LD_BINDPW" />
|
||||
</li>
|
||||
</ul>
|
||||
<i>{'Let the fields blank if the ldap accept anonymous connections.'|@translate}</i>
|
||||
</fieldset>
|
||||
|
||||
<p>
|
||||
<input type="submit" value="{'Save'|@translate}" name="save" />
|
||||
</p>
|
||||
</form>
|
||||
|
||||
<form method="post" action="{$PLUGIN_CHECK}" class="general">
|
||||
<fieldset class="mainConf">
|
||||
<legend>{'Ldap_Login Test'|@translate}</legend>
|
||||
<i>{'You must save the settings with the Save button just up there before testing here.'|@translate}</i>
|
||||
<ul>
|
||||
<li>
|
||||
<label for="username">{'Username'|@translate}</label>
|
||||
<br>
|
||||
<input type="text" id="username" name="USERNAME" value="{$USERNAME}" />
|
||||
</li>
|
||||
|
||||
<li>
|
||||
<label for="ld_attr">{'Your password'|@translate}</label>
|
||||
<br>
|
||||
<input type="password" id="password" name="PASSWORD" value="{$PASSWORD}" />
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
{if (!empty($LD_CHECK_LDAP))}
|
||||
{$LD_CHECK_LDAP}
|
||||
{/if}
|
||||
|
||||
</fieldset>
|
||||
<p><input type="submit" value="{'Test Settings'|@translate}" name="check_ldap" /></p>
|
||||
|
||||
</form>
|
||||
</div>
|
||||
<h2>{'Ldap_Login Plugin'|@translate}</h2>
|
||||
|
||||
<div id="configContent">
|
||||
|
||||
<p>{'All LDAP users can use their ldap password everywhere on piwigo if needed.'|@translate}</p>
|
||||
|
||||
<form method="post" action="{$PLUGIN_ACTION}" class="general">
|
||||
|
||||
{if (!extension_loaded('ldap'))}
|
||||
<p style="color:red;">{'Warning: LDAP Extension missing.'|@translate}</p>
|
||||
<br />
|
||||
{/if}
|
||||
|
||||
<fieldset class="mainConf">
|
||||
<legend>{'Ldap server host connection'|@translate}</legend>
|
||||
|
||||
<ul>
|
||||
<li>
|
||||
<label for="host">{'Ldap server host'|@translate}</label>
|
||||
<br>
|
||||
<input size="70" type="text" id="host" name="HOST" value="{$HOST}" />
|
||||
</li>
|
||||
|
||||
<li>
|
||||
<label for="ld_use_ssl">
|
||||
{if $LD_USE_SSL }
|
||||
<input type="checkbox" id="ld_use_ssl" name="LD_USE_SSL" value="{$LD_USE_SSL}" checked />
|
||||
{else}
|
||||
<input type="checkbox" id="ld_use_ssl" name="LD_USE_SSL" value="{$LD_USE_SSL}" />
|
||||
{/if}
|
||||
{'Secure connexion'|@translate}</label>
|
||||
</li>
|
||||
|
||||
<li>
|
||||
<label for="port">{'Ldap port'|@translate}</label>
|
||||
<br>
|
||||
<input type="text" id="port" name="PORT" value="{$PORT}" />
|
||||
</li>
|
||||
</ul>
|
||||
<i>{'If empty, localhost and standard protocol ports will be used in configuration.'|@translate}</i>
|
||||
</fieldset>
|
||||
|
||||
<fieldset class="mainConf">
|
||||
<legend>{'Ldap attributes'|@translate}</legend>
|
||||
<ul>
|
||||
<li>
|
||||
<label for="basedn">{'Base DN'|@translate}</label>
|
||||
<br>
|
||||
<input size="70" type="text" id="basedn" name="BASEDN" value="{$BASEDN}" />
|
||||
</li>
|
||||
|
||||
<li>
|
||||
<label for="ld_attr">{'Attribute corresponding to the user name'|@translate}</label>
|
||||
<br>
|
||||
<input type="text" id="ld_attr" name="LD_ATTR" value="{$LD_ATTR}" />
|
||||
</li>
|
||||
<li>
|
||||
<label for="groupdn">{'DN of group for membership-check (memberOf)'|@translate}</label>
|
||||
<br>
|
||||
<input size="70" type="text" id="ld_group" name="LD_GROUP" value="{$LD_GROUP}" />
|
||||
</li>
|
||||
</ul>
|
||||
</fieldset>
|
||||
|
||||
<fieldset class="mainConf">
|
||||
<legend>{'Ldap connection credentials'|@translate}</legend>
|
||||
<ul>
|
||||
<li>
|
||||
<label for="ld_binddn">{'Bind DN, field in full ldap style'|@translate}</label>
|
||||
<br>
|
||||
<input size="70" type="text" id="ld_binddn" name="LD_BINDDN" value="{$LD_BINDDN}" />
|
||||
</li>
|
||||
|
||||
<li>
|
||||
<label for="ld_bindpw">{'Bind password'|@translate}</label>
|
||||
<br>
|
||||
<input type="password" id="ld_bindpw" name="LD_BINDPW" />
|
||||
</li>
|
||||
</ul>
|
||||
<i>{'Let the fields blank if the ldap accept anonymous connections.'|@translate}</i>
|
||||
</fieldset>
|
||||
|
||||
<p>
|
||||
<input type="submit" value="{'Save'|@translate}" name="save" />
|
||||
</p>
|
||||
</form>
|
||||
|
||||
<form method="post" action="{$PLUGIN_CHECK}" class="general">
|
||||
<fieldset class="mainConf">
|
||||
<legend>{'Ldap_Login Test'|@translate}</legend>
|
||||
<i>{'You must save the settings with the Save button just up there before testing here.'|@translate}</i>
|
||||
<ul>
|
||||
<li>
|
||||
<label for="username">{'Username'|@translate}</label>
|
||||
<br>
|
||||
<input type="text" id="username" name="USERNAME" value="{$USERNAME}" />
|
||||
</li>
|
||||
|
||||
<li>
|
||||
<label for="ld_attr">{'Your password'|@translate}</label>
|
||||
<br>
|
||||
<input type="password" id="password" name="PASSWORD" value="{$PASSWORD}" />
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
{if (!empty($LD_CHECK_LDAP))}
|
||||
{$LD_CHECK_LDAP}
|
||||
{/if}
|
||||
|
||||
</fieldset>
|
||||
<p><input type="submit" value="{'Test Settings'|@translate}" name="check_ldap" /></p>
|
||||
|
||||
</form>
|
||||
</div>
|
||||
|
|
@ -1,50 +1,50 @@
|
|||
<?php
|
||||
if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');
|
||||
|
||||
global $template;
|
||||
$template->set_filenames( array('plugin_admin_content' => dirname(__FILE__).'/newusers.tpl') );
|
||||
$template->assign(
|
||||
array(
|
||||
'PLUGIN_NEWUSERS' => get_root_url().'admin.php?page=plugin-Ldap_Login-newusers',
|
||||
));
|
||||
|
||||
$me = new Ldap();
|
||||
$me->load_config();
|
||||
//$me = get_plugin_data($plugin_id);
|
||||
|
||||
// Save LDAP configuration when submitted
|
||||
if (isset($_POST['save'])){
|
||||
|
||||
if (isset($_POST['ALLOW_NEWUSERS'])){
|
||||
$me->config['allow_newusers'] = True;
|
||||
} else {
|
||||
$me->config['allow_newusers'] = False;
|
||||
}
|
||||
|
||||
if (isset($_POST['ADVERTISE_ADMINS'])){
|
||||
$me->config['advertise_admin_new_ldapuser'] = True;
|
||||
} else {
|
||||
$me->config['advertise_admin_new_ldapuser'] = False;
|
||||
}
|
||||
|
||||
if (isset($_POST['SEND_CASUAL_MAIL'])){
|
||||
$me->config['send_password_by_mail_ldap'] = True;
|
||||
} else {
|
||||
$me->config['send_password_by_mail_ldap'] = False;
|
||||
|
||||
$me->save_config();
|
||||
}
|
||||
|
||||
// do we allow to create new piwigo users in case of auth along the ldap ?
|
||||
// does he have to belong an ldap group ?
|
||||
// does ldap groups give some power ?
|
||||
// what do we do when there's no mail in the ldap ?
|
||||
// do we send mail to admins ?
|
||||
|
||||
// And build up the form with the new values
|
||||
$template->assign('ALLOW_NEWUSERS', $me->config['allow_newusers']);
|
||||
$template->assign('ADVERTISE_ADMINS', $me->config['advertise_admin_new_ldapuser']);
|
||||
$template->assign('SEND_CASUAL_MAIL', $me->config['send_password_by_mail_ldap']);
|
||||
|
||||
$template->assign_var_from_handle( 'ADMIN_CONTENT', 'plugin_admin_content');
|
||||
?>
|
||||
<?php
|
||||
if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');
|
||||
|
||||
global $template;
|
||||
$template->set_filenames( array('plugin_admin_content' => dirname(__FILE__).'/newusers.tpl') );
|
||||
$template->assign(
|
||||
array(
|
||||
'PLUGIN_NEWUSERS' => get_root_url().'admin.php?page=plugin-Ldap_Login-newusers',
|
||||
));
|
||||
|
||||
$me = new Ldap();
|
||||
$me->load_config();
|
||||
//$me = get_plugin_data($plugin_id);
|
||||
|
||||
// Save LDAP configuration when submitted
|
||||
if (isset($_POST['save'])){
|
||||
|
||||
if (isset($_POST['ALLOW_NEWUSERS'])){
|
||||
$me->config['allow_newusers'] = True;
|
||||
} else {
|
||||
$me->config['allow_newusers'] = False;
|
||||
}
|
||||
|
||||
if (isset($_POST['ADVERTISE_ADMINS'])){
|
||||
$me->config['advertise_admin_new_ldapuser'] = True;
|
||||
} else {
|
||||
$me->config['advertise_admin_new_ldapuser'] = False;
|
||||
}
|
||||
|
||||
if (isset($_POST['SEND_CASUAL_MAIL'])){
|
||||
$me->config['send_password_by_mail_ldap'] = True;
|
||||
} else {
|
||||
$me->config['send_password_by_mail_ldap'] = False;
|
||||
|
||||
$me->save_config();
|
||||
}
|
||||
|
||||
// do we allow to create new piwigo users in case of auth along the ldap ?
|
||||
// does he have to belong an ldap group ?
|
||||
// does ldap groups give some power ?
|
||||
// what do we do when there's no mail in the ldap ?
|
||||
// do we send mail to admins ?
|
||||
|
||||
// And build up the form with the new values
|
||||
$template->assign('ALLOW_NEWUSERS', $me->config['allow_newusers']);
|
||||
$template->assign('ADVERTISE_ADMINS', $me->config['advertise_admin_new_ldapuser']);
|
||||
$template->assign('SEND_CASUAL_MAIL', $me->config['send_password_by_mail_ldap']);
|
||||
|
||||
$template->assign_var_from_handle( 'ADMIN_CONTENT', 'plugin_admin_content');
|
||||
?>
|
||||
|
|
@ -1,263 +1,263 @@
|
|||
<?php
|
||||
global $conf;
|
||||
class Ldap {
|
||||
var $cnx;
|
||||
var $config;
|
||||
|
||||
// for debug
|
||||
public function write_log($message){
|
||||
$log = 0;
|
||||
if($log>0){
|
||||
@file_put_contents('/var/log/ldap_login.log',$message."\n",FILE_APPEND);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* check ldap configuration
|
||||
*
|
||||
* Dans le cas ou l'acces au ldap est anonyme il faut impérativement faire une recherche
|
||||
* pour tester la connection.
|
||||
*
|
||||
* When OpenLDAP 2.x.x is used, ldap_connect() will always return a resource as it does not actually connect
|
||||
* but just initializes the connecting parameters. The actual connect happens with the next calls
|
||||
* to ldap_* funcs, usually with ldap_bind().
|
||||
*/
|
||||
public function check_ldap(){
|
||||
//$this->write_log("[function]> check_ldap");
|
||||
if (!$this->ldap_conn()) {
|
||||
return $this->getErrorString();
|
||||
}
|
||||
|
||||
// test du compte root si renseigné
|
||||
if (!empty($this->config['ld_binddn']) && !empty($this->config['ld_bindpw'])){ // if empty ld_binddn, anonymous search
|
||||
// authentication with rootdn and rootpw for search
|
||||
if (!$this->ldap_bind_as($this->config['ld_binddn'],$this->config['ld_bindpw'])){
|
||||
return $this->getErrorString();
|
||||
}
|
||||
} else {
|
||||
// sinon recherche du basedn (cf comportement ldap_connect avec OpenLDAP)
|
||||
if (!$this->ldap_check_basedn()){ // search userdn
|
||||
return $this->getErrorString();
|
||||
}
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
public function load_default_config(){
|
||||
$this->config['host'] = 'localhost';
|
||||
$this->config['basedn'] = 'ou=people,dc=example,dc=com'; // racine !
|
||||
$this->config['port'] = ''; // if port is empty, I count on the software to care of it !
|
||||
$this->config['ld_attr'] = 'uid';
|
||||
$this->config['ld_group'] = 'cn=myPiwigoLDAPGroup,cn=users,dc=example,dc=com';
|
||||
$this->config['ld_use_ssl'] = False;
|
||||
$this->config['ld_bindpw'] ='';
|
||||
$this->config['ld_binddn'] ='';
|
||||
|
||||
$this->config['allow_newusers'] = False;
|
||||
$this->config['advertise_admin_new_ldapuser'] = False;
|
||||
$this->config['send_password_by_mail_ldap'] = False;
|
||||
}
|
||||
|
||||
function load_config() {
|
||||
// first we load the base config
|
||||
$conf_file = @file_get_contents( LDAP_LOGIN_PATH.'data.dat' );
|
||||
if ($conf_file!==false)
|
||||
{
|
||||
$this->config = unserialize($conf_file);
|
||||
}
|
||||
}
|
||||
|
||||
function save_config()
|
||||
{
|
||||
$file = fopen( LDAP_LOGIN_PATH.'/data.dat', 'w' );
|
||||
fwrite($file, serialize($this->config) );
|
||||
fclose( $file );
|
||||
}
|
||||
|
||||
function ldap_admin_menu($menu)
|
||||
{
|
||||
array_push($menu,
|
||||
array(
|
||||
'NAME' => 'Ldap Login',
|
||||
'URL' => get_admin_plugin_menu_link(LDAP_LOGIN_PATH.'/admin.php') )
|
||||
);
|
||||
return $menu;
|
||||
}
|
||||
|
||||
// LDAP connection public
|
||||
public function ldap_conn(){
|
||||
if( $this->cnx = $this->make_ldap_conn() ){
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
// LDAP connection private
|
||||
private function make_ldap_conn(){
|
||||
if ($this->config['ld_use_ssl'] == 1){
|
||||
if (empty($this->config['port'])){
|
||||
$this->config['uri'] = 'ldaps://'.$this->config['host'];
|
||||
}
|
||||
else {
|
||||
$this->config['uri'] = 'ldaps://'.$this->config['host'].':'.$this->config['port'];
|
||||
}
|
||||
}
|
||||
|
||||
// now, it's without ssl
|
||||
else {
|
||||
if (empty($this->config['port'])){
|
||||
$this->config['uri'] = 'ldap://'.$this->config['host'];
|
||||
}
|
||||
else {
|
||||
$this->config['uri'] = 'ldap://'.$this->config['host'].':'.$this->config['port'];
|
||||
}
|
||||
}
|
||||
|
||||
if ($conn = @ldap_connect($this->config['uri'])){
|
||||
@ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3); // LDAPv3 if possible
|
||||
return $conn;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
// return ldap error
|
||||
public function getErrorString(){
|
||||
return ldap_err2str(ldap_errno($this->cnx));
|
||||
}
|
||||
|
||||
// authentication public
|
||||
public function ldap_bind_as($user,$user_passwd){
|
||||
$this->write_log("[function]> ldap_bind_as");
|
||||
$this->write_log("[ldap_bind_as]> ".$user.",".$user_passwd);
|
||||
if($this->make_ldap_bind_as($this->cnx,$user,$user_passwd)){
|
||||
$this->write_log("[ldap_bind_as]> Bind was successfull");
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
// authentication private
|
||||
private function make_ldap_bind_as($conn,$user,$user_passwd){
|
||||
$this->write_log("[function]> make_ldap_bind_as");
|
||||
$this->write_log("[make_ldap_bind_as]> \$conn,".$user.",".$user_passwd);
|
||||
$bind = @ldap_bind($conn,$user,$user_passwd);
|
||||
if($bind){
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
public function ldap_get_email($user_dn){
|
||||
$sr=@ldap_read($this->cnx, $user_dn, "(objectclass=*)", array('mail'));
|
||||
$entry = @ldap_get_entries($this->cnx, $sr);
|
||||
|
||||
if (!empty($entry[0]['mail'])) {
|
||||
return $entry[0]['mail'][0];
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
public function ldap_get_user_email($username) {
|
||||
return $this->ldap_email($this->ldap_get_dn($username));
|
||||
}
|
||||
|
||||
// return userdn (and username) for authentication
|
||||
public function ldap_search_dn($value_to_search){
|
||||
$this->write_log("[function]> ldap_search_dn(".$value_to_search.")");
|
||||
$filter = '(&(objectClass=person)('.$this->config['ld_attr'].'='.$value_to_search.'))';
|
||||
|
||||
// connection handling
|
||||
$this->write_log("[ldap_search_dn]> Connecting to server");
|
||||
//if(!$bcnx = $this->make_ldap_conn()){
|
||||
if(!$this->cnx){
|
||||
$this->write_log("[ldap_search_dn]> Cannot connect to server!");
|
||||
return false;
|
||||
}
|
||||
$this->write_log("[ldap_search_dn]> make_ldap_bind_as(\$this->cnx,".$this->config['ld_binddn'].",".$this->config['ld_bindpw'].")");
|
||||
//if(!$this->make_ldap_bind_as($bcnx,$this->config['ld_binddn'],$this->config['ld_bindpw'])){
|
||||
if(!$this->make_ldap_bind_as($this->cnx,$this->config['ld_binddn'],$this->config['ld_bindpw'])){
|
||||
$this->write_log("[ldap_search_dn]> Cannot bind to server!");
|
||||
return false;
|
||||
}
|
||||
|
||||
$this->write_log("[ldap_search_dn]> @ldap_search(\$this->cnx,".$this->config['basedn'].",".$filter.",array('dn'),0,1)");
|
||||
|
||||
// look for our attribute and get always the DN for login
|
||||
//if($search = ldap_search($bcnx,$this->config['basedn'],$filter,array('dn'),0,1)){
|
||||
if($search = @ldap_search($this->cnx,$this->config['basedn'],$filter,array('dn'),0,1)){
|
||||
$this->write_log("[ldap_search_dn]> ldap_search successfull");
|
||||
//$entry = ldap_get_entries($bcnx, $search);
|
||||
$entry = @ldap_get_entries($this->cnx, $search);
|
||||
//if (!empty($entry[0][strtolower($this->config['ld_attr'])][0])) {
|
||||
if (!empty($entry[0]["dn"])) {
|
||||
$this->write_log("[ldap_search_dn]> RESULT: ".$entry[0]["dn"]);
|
||||
//@ldap_unbind($bcnx);
|
||||
return $entry[0]["dn"];
|
||||
}
|
||||
$this->write_log("[ldap_search_dn]> result is empty!");
|
||||
return false;
|
||||
}
|
||||
$this->write_log("[ldap_search_dn]> ldap_search NOT successfull:");
|
||||
return false;
|
||||
}
|
||||
|
||||
// look for LDAP group membership
|
||||
public function check_ldap_group_membership($user_dn, $user_login){
|
||||
$group_dn = $this->config['ld_group'];
|
||||
$this->write_log("[function]> check_ldap_group_membership('$user_dn', '$group_dn', '$user_login')");
|
||||
//if no group specified return true
|
||||
if(!$group_dn){
|
||||
return true;
|
||||
}
|
||||
if(!$this->cnx){
|
||||
$this->write_log("[check_ldap_group_membership]> Cannot connect to server!");
|
||||
return false;
|
||||
}
|
||||
if(!$this->make_ldap_bind_as($this->cnx,$this->config['ld_binddn'],$this->config['ld_bindpw'])){
|
||||
$this->write_log("[check_ldap_group_membership]> Cannot bind to server!");
|
||||
return false;
|
||||
}
|
||||
// search for all member and memberUid attributes for a group_dn
|
||||
$search_filter = "(|(&(objectClass=posixGroup)(memberUid=$user_login))(&(objectClass=group)(member=$user_dn)))";
|
||||
$this->write_log("[check_ldap_group_membership]> @ldap_search(\$this->cnx,'$group_dn', '$search_filter', array('memberOf'),0,1)");
|
||||
if($search = @ldap_search($this->cnx, $group_dn, $search_filter, array("dn"),0,1)){
|
||||
$entry = @ldap_get_entries($this->cnx, $search);
|
||||
//check if there are dn-attributes
|
||||
if (!empty($entry[0]["dn"])) {
|
||||
$this->write_log("[check_ldap_group_membership]> match found: ".$entry[0]["dn"]);
|
||||
return true;
|
||||
} else {
|
||||
$this->write_log("[check_ldap_group_membership]> no group membership for user found for given group and user, check on ldap side");
|
||||
}
|
||||
} else {
|
||||
$this->write_log("[check_ldap_group_membership]> ldap_search NOT successfull: " .$this->getErrorString());
|
||||
}
|
||||
$this->write_log("[check_ldap_group_membership]> No matching groups found for given group_dn: ". $group_dn);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
public function getAttr() {
|
||||
$search = @ldap_read($this->cnx, "cn=subschema", "(objectClass=*)", array('*', 'subschemasubentry'));
|
||||
$entries = @ldap_get_entries($this->cnx, $search);
|
||||
echo count($entries);
|
||||
}
|
||||
|
||||
public function getRootDse() {
|
||||
$search = @ldap_read($this->cnx, NULL, 'objectClass=*', array("*", "+"));
|
||||
$entries = @ldap_get_entries($this->cnx, $search);
|
||||
return $entries[0];
|
||||
}
|
||||
|
||||
|
||||
public function ldap_check_basedn(){
|
||||
if ($read = @ldap_read($this->cnx,$this->config['basedn'],'(objectClass=*)',array('dn'))){
|
||||
$entry = @ldap_get_entries($this->cnx, $read);
|
||||
if (!empty($entry[0]['dn'])) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
}
|
||||
?>
|
||||
<?php
|
||||
global $conf;
|
||||
class Ldap {
|
||||
var $cnx;
|
||||
var $config;
|
||||
|
||||
// for debug
|
||||
public function write_log($message){
|
||||
$log = 0;
|
||||
if($log>0){
|
||||
@file_put_contents('/var/log/ldap_login.log',$message."\n",FILE_APPEND);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* check ldap configuration
|
||||
*
|
||||
* Dans le cas ou l'acces au ldap est anonyme il faut impérativement faire une recherche
|
||||
* pour tester la connection.
|
||||
*
|
||||
* When OpenLDAP 2.x.x is used, ldap_connect() will always return a resource as it does not actually connect
|
||||
* but just initializes the connecting parameters. The actual connect happens with the next calls
|
||||
* to ldap_* funcs, usually with ldap_bind().
|
||||
*/
|
||||
public function check_ldap(){
|
||||
//$this->write_log("[function]> check_ldap");
|
||||
if (!$this->ldap_conn()) {
|
||||
return $this->getErrorString();
|
||||
}
|
||||
|
||||
// test du compte root si renseigné
|
||||
if (!empty($this->config['ld_binddn']) && !empty($this->config['ld_bindpw'])){ // if empty ld_binddn, anonymous search
|
||||
// authentication with rootdn and rootpw for search
|
||||
if (!$this->ldap_bind_as($this->config['ld_binddn'],$this->config['ld_bindpw'])){
|
||||
return $this->getErrorString();
|
||||
}
|
||||
} else {
|
||||
// sinon recherche du basedn (cf comportement ldap_connect avec OpenLDAP)
|
||||
if (!$this->ldap_check_basedn()){ // search userdn
|
||||
return $this->getErrorString();
|
||||
}
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
public function load_default_config(){
|
||||
$this->config['host'] = 'localhost';
|
||||
$this->config['basedn'] = 'ou=people,dc=example,dc=com'; // racine !
|
||||
$this->config['port'] = ''; // if port is empty, I count on the software to care of it !
|
||||
$this->config['ld_attr'] = 'uid';
|
||||
$this->config['ld_group'] = 'cn=myPiwigoLDAPGroup,cn=users,dc=example,dc=com';
|
||||
$this->config['ld_use_ssl'] = False;
|
||||
$this->config['ld_bindpw'] ='';
|
||||
$this->config['ld_binddn'] ='';
|
||||
|
||||
$this->config['allow_newusers'] = False;
|
||||
$this->config['advertise_admin_new_ldapuser'] = False;
|
||||
$this->config['send_password_by_mail_ldap'] = False;
|
||||
}
|
||||
|
||||
function load_config() {
|
||||
// first we load the base config
|
||||
$conf_file = @file_get_contents( LDAP_LOGIN_PATH.'data.dat' );
|
||||
if ($conf_file!==false)
|
||||
{
|
||||
$this->config = unserialize($conf_file);
|
||||
}
|
||||
}
|
||||
|
||||
function save_config()
|
||||
{
|
||||
$file = fopen( LDAP_LOGIN_PATH.'/data.dat', 'w' );
|
||||
fwrite($file, serialize($this->config) );
|
||||
fclose( $file );
|
||||
}
|
||||
|
||||
function ldap_admin_menu($menu)
|
||||
{
|
||||
array_push($menu,
|
||||
array(
|
||||
'NAME' => 'Ldap Login',
|
||||
'URL' => get_admin_plugin_menu_link(LDAP_LOGIN_PATH.'/admin.php') )
|
||||
);
|
||||
return $menu;
|
||||
}
|
||||
|
||||
// LDAP connection public
|
||||
public function ldap_conn(){
|
||||
if( $this->cnx = $this->make_ldap_conn() ){
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
// LDAP connection private
|
||||
private function make_ldap_conn(){
|
||||
if ($this->config['ld_use_ssl'] == 1){
|
||||
if (empty($this->config['port'])){
|
||||
$this->config['uri'] = 'ldaps://'.$this->config['host'];
|
||||
}
|
||||
else {
|
||||
$this->config['uri'] = 'ldaps://'.$this->config['host'].':'.$this->config['port'];
|
||||
}
|
||||
}
|
||||
|
||||
// now, it's without ssl
|
||||
else {
|
||||
if (empty($this->config['port'])){
|
||||
$this->config['uri'] = 'ldap://'.$this->config['host'];
|
||||
}
|
||||
else {
|
||||
$this->config['uri'] = 'ldap://'.$this->config['host'].':'.$this->config['port'];
|
||||
}
|
||||
}
|
||||
|
||||
if ($conn = @ldap_connect($this->config['uri'])){
|
||||
@ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3); // LDAPv3 if possible
|
||||
return $conn;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
// return ldap error
|
||||
public function getErrorString(){
|
||||
return ldap_err2str(ldap_errno($this->cnx));
|
||||
}
|
||||
|
||||
// authentication public
|
||||
public function ldap_bind_as($user,$user_passwd){
|
||||
$this->write_log("[function]> ldap_bind_as");
|
||||
$this->write_log("[ldap_bind_as]> ".$user.",".$user_passwd);
|
||||
if($this->make_ldap_bind_as($this->cnx,$user,$user_passwd)){
|
||||
$this->write_log("[ldap_bind_as]> Bind was successfull");
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
// authentication private
|
||||
private function make_ldap_bind_as($conn,$user,$user_passwd){
|
||||
$this->write_log("[function]> make_ldap_bind_as");
|
||||
$this->write_log("[make_ldap_bind_as]> \$conn,".$user.",".$user_passwd);
|
||||
$bind = @ldap_bind($conn,$user,$user_passwd);
|
||||
if($bind){
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
public function ldap_get_email($user_dn){
|
||||
$sr=@ldap_read($this->cnx, $user_dn, "(objectclass=*)", array('mail'));
|
||||
$entry = @ldap_get_entries($this->cnx, $sr);
|
||||
|
||||
if (!empty($entry[0]['mail'])) {
|
||||
return $entry[0]['mail'][0];
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
public function ldap_get_user_email($username) {
|
||||
return $this->ldap_email($this->ldap_get_dn($username));
|
||||
}
|
||||
|
||||
// return userdn (and username) for authentication
|
||||
public function ldap_search_dn($value_to_search){
|
||||
$this->write_log("[function]> ldap_search_dn(".$value_to_search.")");
|
||||
$filter = '(&(objectClass=person)('.$this->config['ld_attr'].'='.$value_to_search.'))';
|
||||
|
||||
// connection handling
|
||||
$this->write_log("[ldap_search_dn]> Connecting to server");
|
||||
//if(!$bcnx = $this->make_ldap_conn()){
|
||||
if(!$this->cnx){
|
||||
$this->write_log("[ldap_search_dn]> Cannot connect to server!");
|
||||
return false;
|
||||
}
|
||||
$this->write_log("[ldap_search_dn]> make_ldap_bind_as(\$this->cnx,".$this->config['ld_binddn'].",".$this->config['ld_bindpw'].")");
|
||||
//if(!$this->make_ldap_bind_as($bcnx,$this->config['ld_binddn'],$this->config['ld_bindpw'])){
|
||||
if(!$this->make_ldap_bind_as($this->cnx,$this->config['ld_binddn'],$this->config['ld_bindpw'])){
|
||||
$this->write_log("[ldap_search_dn]> Cannot bind to server!");
|
||||
return false;
|
||||
}
|
||||
|
||||
$this->write_log("[ldap_search_dn]> @ldap_search(\$this->cnx,".$this->config['basedn'].",".$filter.",array('dn'),0,1)");
|
||||
|
||||
// look for our attribute and get always the DN for login
|
||||
//if($search = ldap_search($bcnx,$this->config['basedn'],$filter,array('dn'),0,1)){
|
||||
if($search = @ldap_search($this->cnx,$this->config['basedn'],$filter,array('dn'),0,1)){
|
||||
$this->write_log("[ldap_search_dn]> ldap_search successfull");
|
||||
//$entry = ldap_get_entries($bcnx, $search);
|
||||
$entry = @ldap_get_entries($this->cnx, $search);
|
||||
//if (!empty($entry[0][strtolower($this->config['ld_attr'])][0])) {
|
||||
if (!empty($entry[0]["dn"])) {
|
||||
$this->write_log("[ldap_search_dn]> RESULT: ".$entry[0]["dn"]);
|
||||
//@ldap_unbind($bcnx);
|
||||
return $entry[0]["dn"];
|
||||
}
|
||||
$this->write_log("[ldap_search_dn]> result is empty!");
|
||||
return false;
|
||||
}
|
||||
$this->write_log("[ldap_search_dn]> ldap_search NOT successfull:");
|
||||
return false;
|
||||
}
|
||||
|
||||
// look for LDAP group membership
|
||||
public function check_ldap_group_membership($user_dn, $user_login){
|
||||
$group_dn = $this->config['ld_group'];
|
||||
$this->write_log("[function]> check_ldap_group_membership('$user_dn', '$group_dn', '$user_login')");
|
||||
//if no group specified return true
|
||||
if(!$group_dn){
|
||||
return true;
|
||||
}
|
||||
if(!$this->cnx){
|
||||
$this->write_log("[check_ldap_group_membership]> Cannot connect to server!");
|
||||
return false;
|
||||
}
|
||||
if(!$this->make_ldap_bind_as($this->cnx,$this->config['ld_binddn'],$this->config['ld_bindpw'])){
|
||||
$this->write_log("[check_ldap_group_membership]> Cannot bind to server!");
|
||||
return false;
|
||||
}
|
||||
// search for all member and memberUid attributes for a group_dn
|
||||
$search_filter = "(|(&(objectClass=posixGroup)(memberUid=$user_login))(&(objectClass=group)(member=$user_dn)))";
|
||||
$this->write_log("[check_ldap_group_membership]> @ldap_search(\$this->cnx,'$group_dn', '$search_filter', array('memberOf'),0,1)");
|
||||
if($search = @ldap_search($this->cnx, $group_dn, $search_filter, array("dn"),0,1)){
|
||||
$entry = @ldap_get_entries($this->cnx, $search);
|
||||
//check if there are dn-attributes
|
||||
if (!empty($entry[0]["dn"])) {
|
||||
$this->write_log("[check_ldap_group_membership]> match found: ".$entry[0]["dn"]);
|
||||
return true;
|
||||
} else {
|
||||
$this->write_log("[check_ldap_group_membership]> no group membership for user found for given group and user, check on ldap side");
|
||||
}
|
||||
} else {
|
||||
$this->write_log("[check_ldap_group_membership]> ldap_search NOT successfull: " .$this->getErrorString());
|
||||
}
|
||||
$this->write_log("[check_ldap_group_membership]> No matching groups found for given group_dn: ". $group_dn);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
public function getAttr() {
|
||||
$search = @ldap_read($this->cnx, "cn=subschema", "(objectClass=*)", array('*', 'subschemasubentry'));
|
||||
$entries = @ldap_get_entries($this->cnx, $search);
|
||||
echo count($entries);
|
||||
}
|
||||
|
||||
public function getRootDse() {
|
||||
$search = @ldap_read($this->cnx, NULL, 'objectClass=*', array("*", "+"));
|
||||
$entries = @ldap_get_entries($this->cnx, $search);
|
||||
return $entries[0];
|
||||
}
|
||||
|
||||
|
||||
public function ldap_check_basedn(){
|
||||
if ($read = @ldap_read($this->cnx,$this->config['basedn'],'(objectClass=*)',array('dn'))){
|
||||
$entry = @ldap_get_entries($this->cnx, $read);
|
||||
if (!empty($entry[0]['dn'])) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
}
|
||||
?>
|
||||
|
|
@ -1,113 +1,113 @@
|
|||
<?php
|
||||
/*
|
||||
Plugin Name: Ldap_Login
|
||||
Version: auto
|
||||
Description: Allow piwigo authentication along an ldap
|
||||
Plugin URI: http://piwigo.org/ext/extension_view.php?eid=650
|
||||
Author: 22decembre
|
||||
Author URI: http://www.22decembre.eu
|
||||
*/
|
||||
if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');
|
||||
|
||||
// +-----------------------------------------------------------------------+
|
||||
// | Define plugin constants |
|
||||
// +-----------------------------------------------------------------------+
|
||||
define('LDAP_LOGIN_ID', basename(dirname(__FILE__)));
|
||||
define('LDAP_LOGIN_PATH' , PHPWG_PLUGINS_PATH . LDAP_LOGIN_ID . '/');
|
||||
define('LDAP_LOGIN_ADMIN', get_root_url() . 'admin.php?page=plugin-' . LDAP_LOGIN_ID);
|
||||
define('LDAP_LOGIN_VERSION', '1.2');
|
||||
|
||||
include_once(LDAP_LOGIN_PATH.'/class.ldap.php');
|
||||
|
||||
// +-----------------------------------------------------------------------+
|
||||
// | Event handlers |
|
||||
// +-----------------------------------------------------------------------+
|
||||
|
||||
add_event_handler('init', 'ld_init');
|
||||
|
||||
add_event_handler('try_log_user','login', 0, 4);
|
||||
|
||||
add_event_handler('get_admin_plugin_menu_links', array(&$ldap, 'ldap_admin_menu'));
|
||||
|
||||
// +-----------------------------------------------------------------------+
|
||||
// | Admin menu loading |
|
||||
// +-----------------------------------------------------------------------+
|
||||
|
||||
$ldap = new Ldap();
|
||||
$ldap->load_config();
|
||||
set_plugin_data($plugin['id'], $ldap);
|
||||
unset($ldap);
|
||||
|
||||
// +-----------------------------------------------------------------------+
|
||||
// | functions |
|
||||
// +-----------------------------------------------------------------------+
|
||||
|
||||
function random_password( $length = 8 ) {
|
||||
$chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()_-=+;:,.?";
|
||||
$password = substr( str_shuffle( $chars ), 0, $length );
|
||||
return $password;
|
||||
}
|
||||
|
||||
function ld_init(){
|
||||
load_language('plugin.lang', LDAP_LOGIN_PATH);
|
||||
}
|
||||
|
||||
|
||||
function login($success, $username, $password, $remember_me){
|
||||
|
||||
global $conf;
|
||||
|
||||
$obj = new Ldap();
|
||||
$obj->load_config();
|
||||
$obj->ldap_conn() or die("Unable to connect LDAP server : ".$ldap->getErrorString());
|
||||
|
||||
$user_dn = $obj->ldap_search_dn($username); // retrieve the userdn
|
||||
|
||||
// If we have userdn, attempt to login an check user's group access
|
||||
if (!($user_dn && $obj->ldap_bind_as($user_dn,$password) &&
|
||||
$obj->check_ldap_group_membership($user_dn, $username))) {
|
||||
trigger_notify('login_failure', stripslashes($username));
|
||||
return false; // wrong user/password or no group access
|
||||
}
|
||||
|
||||
// search user in piwigo database
|
||||
$query = 'SELECT '.$conf['user_fields']['id'].' AS id FROM '.USERS_TABLE.' WHERE '.$conf['user_fields']['username'].' = \''.pwg_db_real_escape_string($username).'\' ;';
|
||||
|
||||
$row = pwg_db_fetch_assoc(pwg_query($query));
|
||||
|
||||
// if query is not empty, it means everything is ok and we can continue, auth is done !
|
||||
if (!empty($row['id'])) {
|
||||
log_user($row['id'], $remember_me);
|
||||
trigger_notify('login_success', stripslashes($username));
|
||||
return true;
|
||||
}
|
||||
|
||||
// if query is empty but ldap auth is done we can create a piwigo user if it's said so !
|
||||
else {
|
||||
// this is where we check we are allowed to create new users upon that.
|
||||
if ($obj->config['allow_newusers']) {
|
||||
|
||||
// retrieve LDAP e-mail address and create a new user
|
||||
$mail = $obj->ldap_get_email($user_dn);
|
||||
$new_id = register_user($username,random_password(8),$mail);
|
||||
|
||||
// Login user
|
||||
log_user($new_id, False);
|
||||
trigger_notify('login_success', stripslashes($username));
|
||||
|
||||
// in case the e-mail address is empty, redirect to profile page
|
||||
if($mail==NULL) {
|
||||
redirect('profile.php');
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
// else : this is the normal behavior ! user is not created.
|
||||
else {
|
||||
trigger_notify('login_failure', stripslashes($username));
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
||||
<?php
|
||||
/*
|
||||
Plugin Name: Ldap_Login
|
||||
Version: auto
|
||||
Description: Allow piwigo authentication along an ldap
|
||||
Plugin URI: http://piwigo.org/ext/extension_view.php?eid=650
|
||||
Author: 22decembre
|
||||
Author URI: http://www.22decembre.eu
|
||||
*/
|
||||
if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');
|
||||
|
||||
// +-----------------------------------------------------------------------+
|
||||
// | Define plugin constants |
|
||||
// +-----------------------------------------------------------------------+
|
||||
define('LDAP_LOGIN_ID', basename(dirname(__FILE__)));
|
||||
define('LDAP_LOGIN_PATH' , PHPWG_PLUGINS_PATH . LDAP_LOGIN_ID . '/');
|
||||
define('LDAP_LOGIN_ADMIN', get_root_url() . 'admin.php?page=plugin-' . LDAP_LOGIN_ID);
|
||||
define('LDAP_LOGIN_VERSION', '1.2');
|
||||
|
||||
include_once(LDAP_LOGIN_PATH.'/class.ldap.php');
|
||||
|
||||
// +-----------------------------------------------------------------------+
|
||||
// | Event handlers |
|
||||
// +-----------------------------------------------------------------------+
|
||||
|
||||
add_event_handler('init', 'ld_init');
|
||||
|
||||
add_event_handler('try_log_user','login', 0, 4);
|
||||
|
||||
add_event_handler('get_admin_plugin_menu_links', array(&$ldap, 'ldap_admin_menu'));
|
||||
|
||||
// +-----------------------------------------------------------------------+
|
||||
// | Admin menu loading |
|
||||
// +-----------------------------------------------------------------------+
|
||||
|
||||
$ldap = new Ldap();
|
||||
$ldap->load_config();
|
||||
set_plugin_data($plugin['id'], $ldap);
|
||||
unset($ldap);
|
||||
|
||||
// +-----------------------------------------------------------------------+
|
||||
// | functions |
|
||||
// +-----------------------------------------------------------------------+
|
||||
|
||||
function random_password( $length = 8 ) {
|
||||
$chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()_-=+;:,.?";
|
||||
$password = substr( str_shuffle( $chars ), 0, $length );
|
||||
return $password;
|
||||
}
|
||||
|
||||
function ld_init(){
|
||||
load_language('plugin.lang', LDAP_LOGIN_PATH);
|
||||
}
|
||||
|
||||
|
||||
function login($success, $username, $password, $remember_me){
|
||||
|
||||
global $conf;
|
||||
|
||||
$obj = new Ldap();
|
||||
$obj->load_config();
|
||||
$obj->ldap_conn() or die("Unable to connect LDAP server : ".$ldap->getErrorString());
|
||||
|
||||
$user_dn = $obj->ldap_search_dn($username); // retrieve the userdn
|
||||
|
||||
// If we have userdn, attempt to login an check user's group access
|
||||
if (!($user_dn && $obj->ldap_bind_as($user_dn,$password) &&
|
||||
$obj->check_ldap_group_membership($user_dn, $username))) {
|
||||
trigger_notify('login_failure', stripslashes($username));
|
||||
return false; // wrong user/password or no group access
|
||||
}
|
||||
|
||||
// search user in piwigo database
|
||||
$query = 'SELECT '.$conf['user_fields']['id'].' AS id FROM '.USERS_TABLE.' WHERE '.$conf['user_fields']['username'].' = \''.pwg_db_real_escape_string($username).'\' ;';
|
||||
|
||||
$row = pwg_db_fetch_assoc(pwg_query($query));
|
||||
|
||||
// if query is not empty, it means everything is ok and we can continue, auth is done !
|
||||
if (!empty($row['id'])) {
|
||||
log_user($row['id'], $remember_me);
|
||||
trigger_notify('login_success', stripslashes($username));
|
||||
return true;
|
||||
}
|
||||
|
||||
// if query is empty but ldap auth is done we can create a piwigo user if it's said so !
|
||||
else {
|
||||
// this is where we check we are allowed to create new users upon that.
|
||||
if ($obj->config['allow_newusers']) {
|
||||
|
||||
// retrieve LDAP e-mail address and create a new user
|
||||
$mail = $obj->ldap_get_email($user_dn);
|
||||
$new_id = register_user($username,random_password(8),$mail);
|
||||
|
||||
// Login user
|
||||
log_user($new_id, False);
|
||||
trigger_notify('login_success', stripslashes($username));
|
||||
|
||||
// in case the e-mail address is empty, redirect to profile page
|
||||
if($mail==NULL) {
|
||||
redirect('profile.php');
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
// else : this is the normal behavior ! user is not created.
|
||||
else {
|
||||
trigger_notify('login_failure', stripslashes($username));
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
@ -1,16 +1,16 @@
|
|||
DO
|
||||
min/
|
||||
min/index.php
|
||||
min/ldap_login_plugin_admin.php
|
||||
min/ldap_login_plugin_admin.tpl
|
||||
ass.ldap.php
|
||||
dex.php
|
||||
nguage/
|
||||
nguage/en_UK/
|
||||
nguage/en_UK/plugin.lang.php
|
||||
nguage/fr_CA/
|
||||
nguage/fr_CA/plugin.lang.php
|
||||
nguage/fr_FR/
|
||||
nguage/fr_FR/plugin.lang.php
|
||||
nguage/index.php
|
||||
DO
|
||||
min/
|
||||
min/index.php
|
||||
min/ldap_login_plugin_admin.php
|
||||
min/ldap_login_plugin_admin.tpl
|
||||
ass.ldap.php
|
||||
dex.php
|
||||
nguage/
|
||||
nguage/en_UK/
|
||||
nguage/en_UK/plugin.lang.php
|
||||
nguage/fr_CA/
|
||||
nguage/fr_CA/plugin.lang.php
|
||||
nguage/fr_FR/
|
||||
nguage/fr_FR/plugin.lang.php
|
||||
nguage/index.php
|
||||
in.inc.php
|
||||
Loading…
Reference in a new issue