change ldap plugin to be able to use ldap filters

2024-09-03 20:36:10 +02:00 · 2021-03-10 20:07:57 +01:00 · 2021-03-10 20:07:57 +01:00 · 7f10e5e253
commit 7f10e5e253
parent 9d85bc2569
4 changed files with 25 additions and 6 deletions
--- a/conf/sql/multisite.sql
+++ b/conf/sql/multisite.sql
@ -1 +1 @@
-INSERT INTO wp_sitemeta VALUES(NULL,1,'sll_settings','a:14:{s:14:"account_suffix";s:0:"";s:7:"base_dn";s:27:"ou=users,dc=yunohost,dc=org";s:18:"domain_controllers";a:1:{i:0;s:9:"localhost";}s:9:"directory";s:2:"ol";s:4:"role";s:10:"subscriber";s:13:"high_security";s:5:"false";s:8:"ol_login";s:3:"uid";s:7:"use_tls";s:5:"false";s:9:"ldap_port";s:3:"389";s:12:"ldap_version";s:1:"3";s:12:"create_users";s:4:"true";s:7:"enabled";s:4:"true";s:7:"version";s:3:"1.5";s:6:"groups";a:1:{i:0;s:0:"";}}');
+REPLACE INTO wp_sitemeta VALUES(NULL,1,'authLDAPOptions','a:22:{s:7:"Enabled";s:1:"1";s:7:"CachePW";b:0;s:3:"URI";s:44:"ldap://localhost/ou=users,dc=yunohost,dc=org";s:12:"URISeparator";s:1:" ";s:6:"Filter";s:__LENGTH__:"(&(|(objectclass=posixAccount))(uid=%s)(permission=cn=__APP__.admin,ou=permission,dc=yunohost,dc=org))";s:8:"NameAttr";s:0:"";s:7:"SecName";s:0:"";s:7:"UidAttr";s:0:"";s:8:"MailAttr";s:0:"";s:7:"WebAttr";s:0:"";s:6:"Groups";a:5:{s:13:"administrator";s:0:"";s:6:"editor";s:0:"";s:6:"author";s:0:"";s:11:"contributor";s:0:"";s:10:"subscriber";s:0:"";}s:5:"Debug";b:0;s:9:"GroupAttr";s:0:"";s:11:"GroupFilter";s:0:"";s:11:"DefaultRole";s:13:"administrator";s:11:"GroupEnable";b:0;s:13:"GroupOverUser";b:0;s:7:"Version";i:1;s:26:"DoNotOverwriteNonLdapUsers";b:0;s:8:"StartTLS";b:0;s:14:"GroupSeparator";s:0:"";s:9:"GroupBase";s:0:"";}');
--- a/conf/sql/single.sql
+++ b/conf/sql/single.sql
@ -1 +1 @@
-INSERT INTO wp_options VALUES(NULL,'sll_settings','a:14:{s:14:"account_suffix";s:0:"";s:7:"base_dn";s:27:"ou=users,dc=yunohost,dc=org";s:18:"domain_controllers";a:1:{i:0;s:9:"localhost";}s:9:"directory";s:2:"ol";s:4:"role";s:10:"subscriber";s:13:"high_security";s:5:"false";s:8:"ol_login";s:3:"uid";s:7:"use_tls";s:5:"false";s:9:"ldap_port";s:3:"389";s:12:"ldap_version";s:1:"3";s:12:"create_users";s:4:"true";s:7:"enabled";s:4:"true";s:7:"version";s:3:"1.5";s:6:"groups";a:1:{i:0;s:0:"";}}','yes');
+REPLACE INTO wp_options VALUES(NULL,'authLDAPOptions','a:22:{s:7:"Enabled";s:1:"1";s:7:"CachePW";b:0;s:3:"URI";s:44:"ldap://localhost/ou=users,dc=yunohost,dc=org";s:12:"URISeparator";s:1:" ";s:6:"Filter";s:__LENGTH__:"(&(|(objectclass=posixAccount))(uid=%s)(permission=cn=__APP__.admin,ou=permission,dc=yunohost,dc=org))";s:8:"NameAttr";s:0:"";s:7:"SecName";s:0:"";s:7:"UidAttr";s:0:"";s:8:"MailAttr";s:0:"";s:7:"WebAttr";s:0:"";s:6:"Groups";a:5:{s:13:"administrator";s:0:"";s:6:"editor";s:0:"";s:6:"author";s:0:"";s:11:"contributor";s:0:"";s:10:"subscriber";s:0:"";}s:5:"Debug";b:0;s:9:"GroupAttr";s:0:"";s:11:"GroupFilter";s:0:"";s:11:"DefaultRole";s:13:"administrator";s:11:"GroupEnable";b:0;s:13:"GroupOverUser";b:0;s:7:"Version";i:1;s:26:"DoNotOverwriteNonLdapUsers";b:0;s:8:"StartTLS";b:0;s:14:"GroupSeparator";s:0:"";s:9:"GroupBase";s:0:"";}','yes');
--- a/scripts/install
+++ b/scripts/install
@ -171,7 +171,7 @@ ynh_script_progression --message="Installing WordPress plugins..." --weight=20
 ynh_exec_warn_less wget --no-verbose https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar --output-document=$final_path/wp-cli.phar
 wpcli_alias="php$phpversion $final_path/wp-cli.phar --allow-root --path=$final_path"
-$wpcli_alias plugin install simple-ldap-login
+$wpcli_alias plugin install authldap
 $wpcli_alias plugin install http-authentication
 $wpcli_alias plugin install companion-auto-update
 $wpcli_alias plugin install wp-fail2ban-redux
@ -202,9 +202,15 @@ then
 	# Activate multisite in wordpress config
 	ynh_replace_string --match_string="//--MULTISITE2--define" --replace_string="define" --target_file=$final_path/wp-config.php
 	ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file=../conf/sql/multisite.sql
 	ynh_replace_string --match_string="__LENGTH__" --replace_string="$((${#app} + 95))" --target_file=../conf/sql/multisite.sql
 	ynh_mysql_connect_as --user=$db_name --password=$db_pwd --database=$db_name < ../conf/sql/multisite.sql
 	plugin_network="--network"
 else
 	ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file=../conf/sql/single.sql
 	ynh_replace_string --match_string="__LENGTH__" --replace_string="$((${#app} + 95))" --target_file=../conf/sql/single.sql
 	ynh_mysql_connect_as --user=$db_name --password=$db_pwd --database=$db_name < ../conf/sql/single.sql
 	plugin_network=""
 fi
@ -214,7 +220,7 @@ fi
 #=================================================
 ynh_script_progression --message="Activating plugins..." --weight=4
-$wpcli_alias plugin activate simple-ldap-login $plugin_network
+$wpcli_alias plugin activate authldap $plugin_network
 # Do not activate http-authentication, this plugin is sometimes unstable
 $wpcli_alias plugin activate companion-auto-update $plugin_network
 # Enable the auto update of major versions
--- a/scripts/upgrade
+++ b/scripts/upgrade
@ -134,6 +134,9 @@ fi
 $wpcli_alias plugin is-installed wp-fail2ban && $wpcli_alias plugin deactivate $plugin_network wp-fail2ban && $wpcli_alias plugin uninstall wp-fail2ban
 $wpcli_alias plugin is-installed wp-fail2ban-redux || $wpcli_alias plugin install wp-fail2ban-redux
 # Remove old ldap plugin
 $wpcli_alias plugin is-installed simple-ldap-login && $wpcli_alias plugin deactivate $plugin_network simple-ldap-login && $wpcli_alias plugin uninstall simple-ldap-login
 # Cleaning legacy permissions
 if ynh_legacy_permissions_exists; then
 	ynh_legacy_permissions_delete_all
@ -214,6 +217,8 @@ ynh_backup_if_checksum_is_different --file="$final_path/wp-config.php"
 #=================================================
 ynh_script_progression --message="Configuring multisite..." --weight=2
 db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd)
 if [ $multisite -eq 1 ]
 then
 	ynh_replace_string --match_string="#--MULTISITE--" --replace_string="" --target_file=/etc/nginx/conf.d/$domain.d/$app.conf
@ -222,9 +227,17 @@ then
    ynh_systemd_action --service_name=nginx --action=reload
 	ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file=../conf/sql/multisite.sql
 	ynh_replace_string --match_string="__LENGTH__" --replace_string="$((${#app} + 95))" --target_file=../conf/sql/multisite.sql
 	ynh_mysql_connect_as --user=$db_name --password=$db_pwd --database=$db_name < ../conf/sql/multisite.sql
 	plugin_network="--network"
 else
 	multisite=0
 	ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file=../conf/sql/single.sql
 	ynh_replace_string --match_string="__LENGTH__" --replace_string="$((${#app} + 95))" --target_file=../conf/sql/single.sql
 	ynh_mysql_connect_as --user=$db_name --password=$db_pwd --database=$db_name < ../conf/sql/single.sql
 	plugin_network=""
 	if ynh_permission_has_user --permission="main" --user="visitor"
 	then
@ -243,8 +256,8 @@ ynh_script_progression --message="Updating plugins" --weight=11
 update_plugin () {
 	( $wpcli_alias plugin is-installed $1 && $wpcli_alias plugin update $1 ) || $wpcli_alias plugin install $1
 }
-update_plugin simple-ldap-login
+update_plugin authldap
-$wpcli_alias plugin activate simple-ldap-login $plugin_network
+$wpcli_alias plugin activate authldap $plugin_network
 update_plugin companion-auto-update
 $wpcli_alias plugin activate companion-auto-update $plugin_network
`@ -1 +1 @@`
	`INSERT INTO wp_sitemeta VALUES(NULL,1,'sll_settings','a:14:{s:14:"account_suffix";s:0:"";s:7:"base_dn";s:27:"ou=users,dc=yunohost,dc=org";s:18:"domain_controllers";a:1:{i:0;s:9:"localhost";}s:9:"directory";s:2:"ol";s:4:"role";s:10:"subscriber";s:13:"high_security";s:5:"false";s:8:"ol_login";s:3:"uid";s:7:"use_tls";s:5:"false";s:9:"ldap_port";s:3:"389";s:12:"ldap_version";s:1:"3";s:12:"create_users";s:4:"true";s:7:"enabled";s:4:"true";s:7:"version";s:3:"1.5";s:6:"groups";a:1:{i:0;s:0:"";}}');`	REPLACE INTO wp_sitemeta VALUES(NULL,1,'authLDAPOptions','a:22:{s:7:"Enabled";s:1:"1";s:7:"CachePW";b:0;s:3:"URI";s:44:"ldap://localhost/ou=users,dc=yunohost,dc=org";s:12:"URISeparator";s:1:" ";s:6:"Filter";s:__LENGTH__:"(&(\|(objectclass=posixAccount))(uid=%s)(permission=cn=__APP__.admin,ou=permission,dc=yunohost,dc=org))";s:8:"NameAttr";s:0:"";s:7:"SecName";s:0:"";s:7:"UidAttr";s:0:"";s:8:"MailAttr";s:0:"";s:7:"WebAttr";s:0:"";s:6:"Groups";a:5:{s:13:"administrator";s:0:"";s:6:"editor";s:0:"";s:6:"author";s:0:"";s:11:"contributor";s:0:"";s:10:"subscriber";s:0:"";}s:5:"Debug";b:0;s:9:"GroupAttr";s:0:"";s:11:"GroupFilter";s:0:"";s:11:"DefaultRole";s:13:"administrator";s:11:"GroupEnable";b:0;s:13:"GroupOverUser";b:0;s:7:"Version";i:1;s:26:"DoNotOverwriteNonLdapUsers";b:0;s:8:"StartTLS";b:0;s:14:"GroupSeparator";s:0:"";s:9:"GroupBase";s:0:"";}');
`@ -1 +1 @@`
	`INSERT INTO wp_options VALUES(NULL,'sll_settings','a:14:{s:14:"account_suffix";s:0:"";s:7:"base_dn";s:27:"ou=users,dc=yunohost,dc=org";s:18:"domain_controllers";a:1:{i:0;s:9:"localhost";}s:9:"directory";s:2:"ol";s:4:"role";s:10:"subscriber";s:13:"high_security";s:5:"false";s:8:"ol_login";s:3:"uid";s:7:"use_tls";s:5:"false";s:9:"ldap_port";s:3:"389";s:12:"ldap_version";s:1:"3";s:12:"create_users";s:4:"true";s:7:"enabled";s:4:"true";s:7:"version";s:3:"1.5";s:6:"groups";a:1:{i:0;s:0:"";}}','yes');`	REPLACE INTO wp_options VALUES(NULL,'authLDAPOptions','a:22:{s:7:"Enabled";s:1:"1";s:7:"CachePW";b:0;s:3:"URI";s:44:"ldap://localhost/ou=users,dc=yunohost,dc=org";s:12:"URISeparator";s:1:" ";s:6:"Filter";s:__LENGTH__:"(&(\|(objectclass=posixAccount))(uid=%s)(permission=cn=__APP__.admin,ou=permission,dc=yunohost,dc=org))";s:8:"NameAttr";s:0:"";s:7:"SecName";s:0:"";s:7:"UidAttr";s:0:"";s:8:"MailAttr";s:0:"";s:7:"WebAttr";s:0:"";s:6:"Groups";a:5:{s:13:"administrator";s:0:"";s:6:"editor";s:0:"";s:6:"author";s:0:"";s:11:"contributor";s:0:"";s:10:"subscriber";s:0:"";}s:5:"Debug";b:0;s:9:"GroupAttr";s:0:"";s:11:"GroupFilter";s:0:"";s:11:"DefaultRole";s:13:"administrator";s:11:"GroupEnable";b:0;s:13:"GroupOverUser";b:0;s:7:"Version";i:1;s:26:"DoNotOverwriteNonLdapUsers";b:0;s:8:"StartTLS";b:0;s:14:"GroupSeparator";s:0:"";s:9:"GroupBase";s:0:"";}','yes');