X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=WEB-INF%2Flib%2Fauth%2FAuth_ldap.class.php;h=b3f5d52a2fc619c58efb8f3e21ca205abe89aaae;hb=fb177d58cddc49dcc9507bfa75ab78732571eef9;hp=93fdebf4aafabec99625acca72f6ec12f4168181;hpb=9a23a8c0a51b7ec38a96f525484134f3cb85dc7e;p=timetracker.git
diff --git a/WEB-INF/lib/auth/Auth_ldap.class.php b/WEB-INF/lib/auth/Auth_ldap.class.php
index 93fdebf4..b3f5d52a 100644
--- a/WEB-INF/lib/auth/Auth_ldap.class.php
+++ b/WEB-INF/lib/auth/Auth_ldap.class.php
@@ -78,6 +78,13 @@ class Auth_ldap extends Auth {
*/
function authenticate($login, $password)
{
+ // Special handling for admin@localhost - authenticate against db, not ldap.
+ // It is a fallback mechanism when admin account in LDAP directory does not exist or is misconfigured.
+ if ($login == 'admin@localhost') {
+ import('auth.Auth_db');
+ return Auth_db::authenticate($login, $password);
+ }
+
if (!function_exists('ldap_bind')) {
die ('php_ldap extension not loaded!');
}
@@ -97,16 +104,16 @@ class Auth_ldap extends Auth {
}
if (!$lc) return false;
-
+
ldap_set_option($lc, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($lc, LDAP_OPT_REFERRALS, 0);
if (defined('AUTH_DEBUG') && isTrue(AUTH_DEBUG)) {
ldap_set_option($lc, LDAP_OPT_DEBUG_LEVEL, 7);
}
-
+
// We need to handle Windows AD and OpenLDAP differently.
if ($this->params['type'] != 'openldap') {
-
+
// check if the user specified full login
if (strpos($login, '@') === false) {
// append default domain
@@ -119,7 +126,7 @@ class Auth_ldap extends Auth {
}
$lb = @ldap_bind($lc, $login, $password);
-
+
if (defined('AUTH_DEBUG') && isTrue(AUTH_DEBUG)) {
echo '$lb='; var_dump($lb); echo '
';
echo 'ldap_error()='; echo ldap_error($lc); echo '
';
@@ -130,7 +137,7 @@ class Auth_ldap extends Auth {
return false;
}
- if ($member_of) {
+ if ($member_of) {
// get groups
$filter = 'samaccountname='.Auth_ldap::ldap_escape($login);
@@ -185,21 +192,16 @@ class Auth_ldap extends Auth {
ldap_unbind($lc);
- // handle special case - admin account, strip domain part
- if (strpos($login, 'admin@') !== false) {
- $login = substr($login, 0, 5);
- }
-
return array('login' => $login, 'data' => $entries, 'member_of' => $groups);
} else {
-
+
// Assuming OpenLDAP server.
$login_oldap = 'uid='.$login.','.$this->params['base_dn'];
if (defined('AUTH_DEBUG') && isTrue(AUTH_DEBUG)) {
echo '$login_oldap='; var_dump($login_oldap); echo '
';
}
-
+
// check if the user specified full login
if (strpos($login, '@') === false) {
// append default domain
@@ -207,7 +209,7 @@ class Auth_ldap extends Auth {
}
$lb = @ldap_bind($lc, $login_oldap, $password);
-
+
if (defined('AUTH_DEBUG') && isTrue(AUTH_DEBUG)) {
echo '$lb='; var_dump($lb); echo '
';
echo 'ldap_error()='; echo ldap_error($lc); echo '
';
@@ -218,7 +220,7 @@ class Auth_ldap extends Auth {
return false;
}
- if ($member_of) {
+ if ($member_of) {
// get groups
$filter = 'samaccountname='.Auth_ldap::ldap_escape($login_oldap);
@@ -273,11 +275,6 @@ class Auth_ldap extends Auth {
ldap_unbind($lc);
- // handle special case - admin account, strip domain part
- if (strpos($login, 'admin@') !== false) {
- $login = substr($login, 0, 5);
- }
-
return array('login' => $login, 'data' => $entries, 'member_of' => $groups);
}
}
@@ -285,4 +282,4 @@ class Auth_ldap extends Auth {
function isPasswordExternal() {
return true;
}
-}
\ No newline at end of file
+}