projects
/
timetracker.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
A bit of cleanup.
[timetracker.git]
/
WEB-INF
/
lib
/
auth
/
Auth_ldap.class.php
diff --git
a/WEB-INF/lib/auth/Auth_ldap.class.php
b/WEB-INF/lib/auth/Auth_ldap.class.php
index
3710167
..
e17b6e7
100644
(file)
--- a/
WEB-INF/lib/auth/Auth_ldap.class.php
+++ b/
WEB-INF/lib/auth/Auth_ldap.class.php
@@
-53,10
+53,9
@@
class Auth_ldap extends Auth {
function __construct($params)
{
function __construct($params)
{
+ global $smarty;
$this->params = $params;
$this->params = $params;
- if (isset($GLOBALS['smarty'])) {
- $GLOBALS['smarty']->assign('Auth_ldap_params', $this->params);
- }
+ $smarty->assign('Auth_ldap_params', $this->params);
}
function ldap_escape($str){
}
function ldap_escape($str){
@@
-65,7
+64,7
@@
class Auth_ldap extends Auth {
foreach ($illegal as $id => $char) {
$legal[$id] = "\\".$char;
}
foreach ($illegal as $id => $char) {
$legal[$id] = "\\".$char;
}
- $str = str_replace($illegal, $legal,$str); //replace them
+ $str = str_replace($illegal, $legal,
$str); //replace them
return $str;
}
return $str;
}
@@
-112,15
+111,14
@@
class Auth_ldap extends Auth {
}
// We need to handle Windows AD and OpenLDAP differently.
}
// We need to handle Windows AD and OpenLDAP differently.
- if ($this->params['type']
!= 'openldap
') {
+ if ($this->params['type']
== 'ad
') {
- //
check if the user specified full login
+ //
Check if user specified full login.
if (strpos($login, '@') === false) {
if (strpos($login, '@') === false) {
- //
append default domain
+ //
Append default domain.
$login .= '@' . $this->params['default_domain'];
}
$login .= '@' . $this->params['default_domain'];
}
-
if (defined('AUTH_DEBUG') && isTrue(AUTH_DEBUG)) {
echo '$login='; var_dump($login); echo '<br />';
}
if (defined('AUTH_DEBUG') && isTrue(AUTH_DEBUG)) {
echo '$login='; var_dump($login); echo '<br />';
}
@@
-138,10
+136,10
@@
class Auth_ldap extends Auth {
}
if ($member_of) {
}
if ($member_of) {
- //
get groups
+ //
Get groups the user is a member of from AD LDAP server.
- $filter = '
samaccountn
ame='.Auth_ldap::ldap_escape($login);
- $fields = array('
samaccountname', 'mail', 'memberof', 'department', 'displayname', 'telephonenumber', 'primarygroupid
');
+ $filter = '
userPrincipalN
ame='.Auth_ldap::ldap_escape($login);
+ $fields = array('
memberof
');
$sr = @ldap_search($lc, $this->params['base_dn'], $filter, $fields);
if (defined('AUTH_DEBUG') && isTrue(AUTH_DEBUG)) {
$sr = @ldap_search($lc, $this->params['base_dn'], $filter, $fields);
if (defined('AUTH_DEBUG') && isTrue(AUTH_DEBUG)) {
@@
-149,7
+147,6
@@
class Auth_ldap extends Auth {
echo 'ldap_error()='; echo ldap_error($lc); echo '<br />';
}
echo 'ldap_error()='; echo ldap_error($lc); echo '<br />';
}
- // if search failed it's likely that account is disabled
if (!$sr) {
ldap_unbind($lc);
return false;
if (!$sr) {
ldap_unbind($lc);
return false;
@@
-169,8
+166,7
@@
class Auth_ldap extends Auth {
$groups = array();
$groups = array();
- // extract group names from
- // assuming the groups are in format: CN=<group_name>,...
+ // Extract group names. Assume the groups are in format: CN=<group_name>,...
for ($i = 0; $i < @$entries[0]['memberof']['count']; $i++) {
$grp = $entries[0]['memberof'][$i];
$grp_fields = explode(',', $grp);
for ($i = 0; $i < @$entries[0]['memberof']['count']; $i++) {
$grp = $entries[0]['memberof'][$i];
$grp_fields = explode(',', $grp);
@@
-181,8
+177,8
@@
class Auth_ldap extends Auth {
echo '$member_of'; var_dump($member_of); echo '<br />';
};
echo '$member_of'; var_dump($member_of); echo '<br />';
};
- //
check for group membership
-
foreach ($member_of as $check_grp) {
+ //
Check for group membership.
+ foreach ($member_of as $check_grp) {
if (!in_array($check_grp, $groups)) {
ldap_unbind($lc);
return false;
if (!in_array($check_grp, $groups)) {
ldap_unbind($lc);
return false;
@@
-191,9
+187,10
@@
class Auth_ldap extends Auth {
}
ldap_unbind($lc);
}
ldap_unbind($lc);
-
return array('login' => $login, 'data' => $entries, 'member_of' => $groups);
return array('login' => $login, 'data' => $entries, 'member_of' => $groups);
- } else {
+ }
+
+ if ($this->params['type'] == 'openldap') {
// Assuming OpenLDAP server.
$login_oldap = 'uid='.$login.','.$this->params['base_dn'];
// Assuming OpenLDAP server.
$login_oldap = 'uid='.$login.','.$this->params['base_dn'];
@@
-221,6
+218,7
@@
class Auth_ldap extends Auth {
}
if ($member_of) {
}
if ($member_of) {
+ // TODO: Fix this for OpenLDAP, as samaccountname has nothing to do with it.
// get groups
$filter = 'samaccountname='.Auth_ldap::ldap_escape($login_oldap);
// get groups
$filter = 'samaccountname='.Auth_ldap::ldap_escape($login_oldap);
@@
-277,6
+275,9
@@
class Auth_ldap extends Auth {
return array('login' => $login, 'data' => $entries, 'member_of' => $groups);
}
return array('login' => $login, 'data' => $entries, 'member_of' => $groups);
}
+
+ // Server type is neither 'ad' or 'openldap'.
+ return false;
}
function isPasswordExternal() {
}
function isPasswordExternal() {