diff --git a/htdocs/admin/ldap.php b/htdocs/admin/ldap.php index f5096960b8b..647f1688ddf 100644 --- a/htdocs/admin/ldap.php +++ b/htdocs/admin/ldap.php @@ -65,6 +65,9 @@ if (empty($reshook)) { if (!dolibarr_set_const($db, 'LDAP_SERVER_TYPE', GETPOST("type", 'aZ09'), 'chaine', 0, '', $conf->entity)) { $error++; } + if (!dolibarr_set_const($db, 'LDAP_USERACCOUNTCONTROL', GETPOST("userAccountControl", 'int'), 'chaine', 0, '', $conf->entity)) { + $error++; + } if (!dolibarr_set_const($db, 'LDAP_SERVER_PROTOCOLVERSION', GETPOST("LDAP_SERVER_PROTOCOLVERSION", 'aZ09'), 'chaine', 0, '', $conf->entity)) { $error++; } @@ -195,6 +198,11 @@ print ''.$langs->trans("Type").''; print $formldap->selectLdapServerType(getDolGlobalString('LDAP_SERVER_TYPE'), 'type'); print ' '; +// userAccountControl +print ''.$langs->trans("LDAPUserAccountControl").''; +print ''; +print ''.$langs->trans("LDAPUserAccountControlExample").''; + // Version print ''.$langs->trans("Version").''; print $formldap->selectLdapServerProtocolVersion(getDolGlobalString('LDAP_SERVER_PROTOCOLVERSION'), 'LDAP_SERVER_PROTOCOLVERSION'); diff --git a/htdocs/core/modules/modLdap.class.php b/htdocs/core/modules/modLdap.class.php index 2b02a1b58c1..9eb9ce60c7b 100644 --- a/htdocs/core/modules/modLdap.class.php +++ b/htdocs/core/modules/modLdap.class.php @@ -86,6 +86,7 @@ class modLdap extends DolibarrModules 12=>array('LDAP_FIELD_FAX', 'chaine', 'facsimiletelephonenumber', '', 0), 13=>array('LDAP_FIELD_MOBILE', 'chaine', 'mobile', '', 0), 14=>array('LDAP_GROUP_FILTER', 'chaine', '&(objectClass=groupOfNames)', '', 0), + 15=>array('LDAP_USERACCOUNTCONTROL', 'int', 512, '', 0), ); // Boxes diff --git a/htdocs/core/triggers/interface_50_modLdap_Ldapsynchro.class.php b/htdocs/core/triggers/interface_50_modLdap_Ldapsynchro.class.php index 6c2f5ea9060..37d5274bcb4 100644 --- a/htdocs/core/triggers/interface_50_modLdap_Ldapsynchro.class.php +++ b/htdocs/core/triggers/interface_50_modLdap_Ldapsynchro.class.php @@ -89,6 +89,11 @@ class InterfaceLdapsynchro extends DolibarrTriggers $info = $object->_load_ldap_info(); $dn = $object->_load_ldap_dn($info); + //For compatibility with Samba 4 AD + if ($ldap->serverType == "activedirectory") { + $info['userAccountControl'] = $conf->global->LDAP_USERACCOUNTCONTROL; + } + $result = $ldap->add($dn, $info, $user); } @@ -210,6 +215,33 @@ class InterfaceLdapsynchro extends DolibarrTriggers } } elseif ($action == 'USER_ENABLEDISABLE') { dol_syslog("Trigger '".$this->name."' for action '$action' launched by ".__FILE__.". id=".$object->id); + if (intval($conf->global->LDAP_SYNCHRO_ACTIVE) === Ldap::SYNCHRO_DOLIBARR_TO_LDAP && $conf->global->LDAP_SERVER_TYPE == "activedirectory") { + $ldap = new Ldap(); + $result = $ldap->connect_bind(); + if ($result > 0) { + $info = $object->_load_ldap_info(); + $dn = $object->_load_ldap_dn($info); + $search = "(" . $object->_load_ldap_dn($info, 2) . ")"; + $uAC = $ldap->getAttributeValues($search, "userAccountControl"); + if ($uAC["count"] == 1) { + $userAccountControl = intval($uAC[0]); + $enabledBitMask = 0x2; + $isEnabled = ($userAccountControl & $enabledBitMask) === 0; + if ($isEnabled && intval($object->statut) === 1) { + $userAccountControl += 2; + } elseif (!$isEnabled && intval($object->statut) === 0) { + $userAccountControl -= 2; + } + $info['userAccountControl'] = $userAccountControl; + $resUpdate = $ldap->update($dn, $info, $user, $dn); + if ($resUpdate < 0) { + $this->error = "ErrorLDAP " . $ldap->error; + } + } + } else { + $this->error = "ErrorLDAP " . $ldap->error; + } + } } elseif ($action == 'USER_DELETE') { dol_syslog("Trigger '".$this->name."' for action '$action' launched by ".__FILE__.". id=".$object->id); if (!empty($conf->global->LDAP_SYNCHRO_ACTIVE) && getDolGlobalInt('LDAP_SYNCHRO_ACTIVE') === Ldap::SYNCHRO_DOLIBARR_TO_LDAP) { @@ -314,6 +346,15 @@ class InterfaceLdapsynchro extends DolibarrTriggers $result = $ldap->add($dn, $info, $user); } + // Avoid Ldap error due to empty member + if (isset($info['member']) && empty($info['member'])) { + unset($info['member']); + } + + if ($ldap->serverType == "activedirectory") { + $info['sAMAccountName'] = $object->name; + } + if ($result < 0) { $this->error = "ErrorLDAP ".$ldap->error; } diff --git a/htdocs/don/card.php b/htdocs/don/card.php index 1b5634e49e6..17d8e51dc60 100644 --- a/htdocs/don/card.php +++ b/htdocs/don/card.php @@ -78,7 +78,7 @@ $extrafields->fetch_name_optionals_label($object->table_element); $search_array_options = $extrafields->getOptionalsFromPost($object->table_element, '', 'search_'); // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context -$hookmanager->initHooks(array('doncard', 'globalcard')); +$hookmanager->initHooks(array($object->element.'card', 'globalcard')); $upload_dir = $conf->don->dir_output; diff --git a/htdocs/langs/en_US/ldap.lang b/htdocs/langs/en_US/ldap.lang index 19dd29e0a51..9fca942800a 100644 --- a/htdocs/langs/en_US/ldap.lang +++ b/htdocs/langs/en_US/ldap.lang @@ -28,4 +28,6 @@ PasswordOfUserInLDAP=Password of user in LDAP LDAPPasswordHashType=Password hash type LDAPPasswordHashTypeExample=Type of password hash used on the server SupportedForLDAPExportScriptOnly=Only supported by an ldap export script -SupportedForLDAPImportScriptOnly=Only supported by an ldap import script \ No newline at end of file +SupportedForLDAPImportScriptOnly=Only supported by an ldap import script +LDAPUserAccountControl = userAccountControl on creation (active directory) +LDAPUserAccountControlExample = 512 Normal Account / 546 Normal Account + No Passwd + Disabled (see : https://fr.wikipedia.org/wiki/Active_Directory) \ No newline at end of file