Mirrors/dolibarr
1
0
Fork 0
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-02-20 13:46:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix: Set LDAP password when LDAP key changed

Browse Source
This commit is contained in:
Regis Houssin 2017-09-30 11:51:22 +02:00
parent 46cc23c568
commit cb9d627f02
5 changed files with 101 additions and 75 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
htdocs/adherents/class/adherent.class.php
View File

@ -1958,6 +1958,7 @@ class Adherent extends CommonObject
$info["objectclass"]=explode(',',$conf->global->LDAP_MEMBER_OBJECT_CLASS);
$this->fullname=$this->getFullName($langs);
// For avoid ldap error when firstname and lastname are empty
if ($this->morphy == 'mor' && empty($this->fullname)) {
$this->fullname = $this->societe;
@ -1983,11 +1984,10 @@ class Adherent extends CommonObject
// Check if it is the LDAP key and if its value has been changed
if (! empty($conf->global->LDAP_KEY_MEMBERS) && $conf->global->LDAP_KEY_MEMBERS == $conf->global->$constname)
{
if (! empty($this->oldcopy) && $this->$varname != $this->oldcopy->$varname) $keymodified=true;
if (! empty($this->oldcopy) && $this->$varname != $this->oldcopy->$varname) $keymodified=true; // For check if LDAP key has been modified
}
}
}
if ($this->firstname && ! empty($conf->global->LDAP_MEMBER_FIELD_FIRSTNAME)) $info[$conf->global->LDAP_MEMBER_FIELD_FIRSTNAME] = $this->firstname;
if ($this->poste && ! empty($conf->global->LDAP_MEMBER_FIELD_TITLE)) $info[$conf->global->LDAP_MEMBER_FIELD_TITLE] = $this->poste;
if ($this->societe && ! empty($conf->global->LDAP_MEMBER_FIELD_COMPANY)) $info[$conf->global->LDAP_MEMBER_FIELD_COMPANY] = $this->societe;
@ -2007,13 +2007,13 @@ class Adherent extends CommonObject
if ($this->datefin && ! empty($conf->global->LDAP_FIELD_MEMBER_END_LASTSUBSCRIPTION)) $info[$conf->global->LDAP_FIELD_MEMBER_END_LASTSUBSCRIPTION] = dol_print_date($this->datefin,'dayhourldap');
// When password is modified
if ($this->pass)
if (! empty($this->pass))
{
if (! empty($conf->global->LDAP_MEMBER_FIELD_PASSWORD)) $info[$conf->global->LDAP_MEMBER_FIELD_PASSWORD] = $this->pass; // this->pass = mot de passe non crypte
if (! empty($conf->global->LDAP_MEMBER_FIELD_PASSWORD_CRYPTED)) $info[$conf->global->LDAP_MEMBER_FIELD_PASSWORD_CRYPTED] = dol_hash($this->pass, 4); // md5 for OpenLdap TODO add type of encryption
if (! empty($conf->global->LDAP_MEMBER_FIELD_PASSWORD_CRYPTED)) $info[$conf->global->LDAP_MEMBER_FIELD_PASSWORD_CRYPTED] = dol_hash($this->pass, 4); // Create OpenLDAP MD5 password (TODO add type of encryption)
}
// When LDAP key is modified and password no defined
else if ($keymodified)
// Set LDAP password if possible
else
{
if (! empty($conf->global->DATABASE_PWD_ENCRYPTED))
{
@ -2021,7 +2021,7 @@ class Adherent extends CommonObject
if (empty($conf->global->MAIN_SECURITY_HASH_ALGO))
{
if ($this->pass_indatabase_crypted && ! empty($conf->global->LDAP_MEMBER_FIELD_PASSWORD_CRYPTED)) {
$info[$conf->global->LDAP_MEMBER_FIELD_PASSWORD_CRYPTED] = dol_hash($this->pass_indatabase_crypted, 5); // md5 for OpenLdap TODO add type of encryption
$info[$conf->global->LDAP_MEMBER_FIELD_PASSWORD_CRYPTED] = dol_hash($this->pass_indatabase_crypted, 5); // Create OpenLDAP MD5 password from Dolibarr MD5 password
}
}
}

25
htdocs/adherents/ldap.php
View File

@ -59,26 +59,23 @@ if (! $result)
if ($action == 'dolibarr2ldap')
{
$db->begin();
$ldap=new Ldap();
$result=$ldap->connect_bind();
$info=$object->_load_ldap_info();
$dn=$object->_load_ldap_dn($info);
$olddn=$dn; // We can say that old dn = dn as we force synchro
$result=$ldap->update($dn,$info,$user,$olddn);
if ($result >= 0)
if ($result > 0)
{
setEventMessages($langs->trans("MemberSynchronized"), null, 'mesgs');
$db->commit();
$info=$object->_load_ldap_info();
$dn=$object->_load_ldap_dn($info);
$olddn=$dn; // We can say that old dn = dn as we force synchro
$result=$ldap->update($dn,$info,$user,$olddn);
}
else
{
if ($result >= 0) {
setEventMessages($langs->trans("MemberSynchronized"), null, 'mesgs');
}
else {
setEventMessages($ldap->errors, $ldap->error, 'errors');
$db->rollback();
}
}

16
htdocs/admin/ldap_users.php
View File

@ -184,7 +184,7 @@ print '</tr>';
print '<tr class="oddeven"><td>'.$langs->trans("LDAPFieldFirstName").'</td><td>';
print '<input size="25" type="text" name="fieldfirstname" value="'.$conf->global->LDAP_FIELD_FIRSTNAME.'">';
print '</td><td>'.$langs->trans("LDAPFieldFirstNameExample").'</td>';
print '<td align="right"><input type="radio" name="key" value="LDAP_FIELD_FIRSTNAME"'.(($conf->global->LDAP_KEY_USERS && $conf->global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_FIRSTNAME)?' checked':'')."></td>";
print '<td align="right">&nbsp;</td>';
print '</tr>';
// Login unix
@ -208,7 +208,7 @@ print '</tr>';
print '<tr class="oddeven"><td>'.$langs->trans("LDAPFieldPasswordNotCrypted").'</td><td>';
print '<input size="25" type="text" name="fieldpassword" value="'.$conf->global->LDAP_FIELD_PASSWORD.'">';
print '</td><td>'.$langs->trans("LDAPFieldPasswordExample").'</td>';
print '<td align="right"><input type="radio" name="key" value="LDAP_FIELD_PASSWORD"'.(($conf->global->LDAP_KEY_USERS && $conf->global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_PASSWORD)?' checked':'')."></td>";
print '<td align="right">&nbsp;</td>';
print '</tr>';
// Password crypted
@ -216,7 +216,7 @@ print '</tr>';
print '<tr class="oddeven"><td>'.$langs->trans("LDAPFieldPasswordCrypted").'</td><td>';
print '<input size="25" type="text" name="fieldpasswordcrypted" value="'.$conf->global->LDAP_FIELD_PASSWORD_CRYPTED.'">';
print '</td><td>'.$langs->trans("LDAPFieldPasswordExample").'</td>';
print '<td align="right"><input type="radio" name="key" value="LDAP_FIELD_PASSWORD_CRYPTED"'.(($conf->global->LDAP_KEY_USERS && $conf->global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_PASSWORD_CRYPTED)?' checked':'')."></td>";
print '<td align="right">&nbsp;</td>';
print '</tr>';
// Mail
@ -232,7 +232,7 @@ print '</tr>';
print '<tr class="oddeven"><td>'.$langs->trans("LDAPFieldPhone").'</td><td>';
print '<input size="25" type="text" name="fieldphone" value="'.$conf->global->LDAP_FIELD_PHONE.'">';
print '</td><td>'.$langs->trans("LDAPFieldPhoneExample").'</td>';
print '<td align="right"><input type="radio" name="key" value="LDAP_FIELD_PHONE"'.(($conf->global->LDAP_KEY_USERS && $conf->global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_PHONE)?' checked':'')."></td>";
print '<td align="right">&nbsp;</td>';
print '</tr>';
// Mobile
@ -240,7 +240,7 @@ print '</tr>';
print '<tr class="oddeven"><td>'.$langs->trans("LDAPFieldMobile").'</td><td>';
print '<input size="25" type="text" name="fieldmobile" value="'.$conf->global->LDAP_FIELD_MOBILE.'">';
print '</td><td>'.$langs->trans("LDAPFieldMobileExample").'</td>';
print '<td align="right"><input type="radio" name="key" value="LDAP_FIELD_MOBILE"'.(($conf->global->LDAP_KEY_USERS && $conf->global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_MOBILE)?' checked':'')."></td>";
print '<td align="right">&nbsp;</td>';
print '</tr>';
// Skype
@ -256,7 +256,7 @@ print '</tr>';
print '<tr class="oddeven"><td>'.$langs->trans("LDAPFieldFax").'</td><td>';
print '<input size="25" type="text" name="fieldfax" value="'.$conf->global->LDAP_FIELD_FAX.'">';
print '</td><td>'.$langs->trans("LDAPFieldFaxExample").'</td>';
print '<td align="right"><input type="radio" name="key" value="LDAP_FIELD_FAX"'.(($conf->global->LDAP_KEY_USERS && $conf->global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_FAX)?' checked':'')."></td>";
print '<td align="right">&nbsp;</td>';
print '</tr>';
// Title
@ -264,7 +264,7 @@ print '</tr>';
print '<tr class="oddeven"><td>'.$langs->trans("LDAPFieldTitle").'</td><td>';
print '<input size="25" type="text" name="fieldtitle" value="'.$conf->global->LDAP_FIELD_TITLE.'">';
print '</td><td>'.$langs->trans("LDAPFieldTitleExample").'</td>';
print '<td align="right"><input type="radio" name="key" value="LDAP_FIELD_TITLE"'.(($conf->global->LDAP_KEY_USERS && $conf->global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_TITLE)?' checked':'')."></td>";
print '<td align="right">&nbsp;</td>';
print '</tr>';
// Note
@ -272,7 +272,7 @@ print '</tr>';
print '<tr class="oddeven"><td>'.$langs->trans("Note").'</td><td>';
print '<input size="25" type="text" name="fielddescription" value="'.$conf->global->LDAP_FIELD_DESCRIPTION.'">';
print '</td><td>'.$langs->trans("LDAPFieldDescriptionExample").'</td>';
print '<td align="right"><input type="radio" name="key" value="LDAP_FIELD_DESCRIPTION"'.(($conf->global->LDAP_KEY_USERS && $conf->global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_DESCRIPTION)?' checked':'')."></td>";
print '<td align="right">&nbsp;</td>';
print '</tr>';
// Sid

80
htdocs/user/class/user.class.php
View File

@ -2265,51 +2265,81 @@ class User extends CommonObject
global $conf,$langs;
$info=array();
$keymodified=false;
// Object classes
$info["objectclass"]=explode(',',$conf->global->LDAP_USER_OBJECT_CLASS);
$this->fullname=$this->getFullName($langs);
// Possible LDAP KEY (constname => varname)
$ldapkey = array(
'LDAP_FIELD_FULLNAME' => 'fullname',
'LDAP_FIELD_NAME' => 'lastname',
'LDAP_FIELD_LOGIN' => 'login',
'LDAP_FIELD_LOGIN_SAMBA' => 'login',
'LDAP_FIELD_MAIL' => 'email',
'LDAP_FIELD_SID' => 'ldap_sid',
'LDAP_FIELD_SKYPE' => 'skype'
);
// Champs
if ($this->fullname && ! empty($conf->global->LDAP_FIELD_FULLNAME)) $info[$conf->global->LDAP_FIELD_FULLNAME] = $this->fullname;
if ($this->lastname && ! empty($conf->global->LDAP_FIELD_NAME)) $info[$conf->global->LDAP_FIELD_NAME] = $this->lastname;
foreach ($ldapkey as $constname => $varname)
{
if (! empty($this->$varname) && ! empty($conf->global->$constname))
{
$info[$conf->global->$constname] = $this->$varname;
// Check if it is the LDAP key and if its value has been changed
if (! empty($conf->global->LDAP_KEY_USERS) && $conf->global->LDAP_KEY_USERS == $conf->global->$constname)
{
if (! empty($this->oldcopy) && $this->$varname != $this->oldcopy->$varname) $keymodified=true; // For check if LDAP key has been modified
}
}
}
if ($this->firstname && ! empty($conf->global->LDAP_FIELD_FIRSTNAME)) $info[$conf->global->LDAP_FIELD_FIRSTNAME] = $this->firstname;
if ($this->login && ! empty($conf->global->LDAP_FIELD_LOGIN)) $info[$conf->global->LDAP_FIELD_LOGIN] = $this->login;
if ($this->login && ! empty($conf->global->LDAP_FIELD_LOGIN_SAMBA)) $info[$conf->global->LDAP_FIELD_LOGIN_SAMBA] = $this->login;
if ($this->ldap_sid && ! empty($conf->global->LDAP_FIELD_SID)) $info[$conf->global->LDAP_FIELD_SID] = $this->ldap_sid;
if ($this->societe_id > 0)
if ($this->address && ! empty($conf->global->LDAP_FIELD_ADDRESS)) $info[$conf->global->LDAP_FIELD_ADDRESS] = $this->address;
if ($this->zip && ! empty($conf->global->LDAP_FIELD_ZIP)) $info[$conf->global->LDAP_FIELD_ZIP] = $this->zip;
if ($this->town && ! empty($conf->global->LDAP_FIELD_TOWN)) $info[$conf->global->LDAP_FIELD_TOWN] = $this->town;
if ($this->office_phone && ! empty($conf->global->LDAP_FIELD_PHONE)) $info[$conf->global->LDAP_FIELD_PHONE] = $this->office_phone;
if ($this->user_mobile && ! empty($conf->global->LDAP_FIELD_MOBILE)) $info[$conf->global->LDAP_FIELD_MOBILE] = $this->user_mobile;
if ($this->office_fax && ! empty($conf->global->LDAP_FIELD_FAX)) $info[$conf->global->LDAP_FIELD_FAX] = $this->office_fax;
if ($this->note_public && ! empty($conf->global->LDAP_FIELD_DESCRIPTION)) $info[$conf->global->LDAP_FIELD_DESCRIPTION] = $this->note_public;
if ($this->socid > 0)
{
$soc = new Societe($this->db);
$soc->fetch($this->societe_id);
$soc->fetch($this->socid);
$info["o"] = $soc->lastname;
$info["o"] = $soc->name;
if ($soc->client == 1) $info["businessCategory"] = "Customers";
if ($soc->client == 2) $info["businessCategory"] = "Prospects";
if ($soc->fournisseur == 1) $info["businessCategory"] = "Suppliers";
}
if ($this->address && ! empty($conf->global->LDAP_FIELD_ADDRESS)) $info[$conf->global->LDAP_FIELD_ADDRESS] = $this->address;
if ($this->zip && ! empty($conf->global->LDAP_FIELD_ZIP)) $info[$conf->global->LDAP_FIELD_ZIP] = $this->zip;
if ($this->town && ! empty($conf->global->LDAP_FIELD_TOWN)) $info[$conf->global->LDAP_FIELD_TOWN] = $this->town;
if ($this->office_phone && ! empty($conf->global->LDAP_FIELD_PHONE)) $info[$conf->global->LDAP_FIELD_PHONE] = $this->office_phone;
if ($this->user_mobile && ! empty($conf->global->LDAP_FIELD_MOBILE)) $info[$conf->global->LDAP_FIELD_MOBILE] = $this->user_mobile;
if ($this->office_fax && ! empty($conf->global->LDAP_FIELD_FAX)) $info[$conf->global->LDAP_FIELD_FAX] = $this->office_fax;
if ($this->note && ! empty($conf->global->LDAP_FIELD_DESCRIPTION)) $info[$conf->global->LDAP_FIELD_DESCRIPTION] = $this->note;
if ($this->email && ! empty($conf->global->LDAP_FIELD_MAIL)) $info[$conf->global->LDAP_FIELD_MAIL] = $this->email;
if ($this->skype && ! empty($conf->global->LDAP_FIELD_SKYPE)) $info[$conf->global->LDAP_FIELD_SKYPE] = $this->skype;
// Password
if ($this->pass && ! empty($conf->global->LDAP_FIELD_PASSWORD)) $info[$conf->global->LDAP_FIELD_PASSWORD] = $this->pass; // this->pass = mot de passe non crypte
if (! empty($conf->global->DATABASE_PWD_ENCRYPTED))
// When password is modified
if (! empty($this->pass))
{
if ($this->pass_indatabase_crypted && ! empty($conf->global->LDAP_FIELD_PASSWORD_CRYPTED)) {
$info[$conf->global->LDAP_FIELD_PASSWORD_CRYPTED] = dol_hash($this->pass_indatabase_crypted, 5); // md5 for OpenLdap TODO add type of encryption
}
if (! empty($conf->global->LDAP_FIELD_PASSWORD)) $info[$conf->global->LDAP_FIELD_PASSWORD] = $this->pass; // this->pass = mot de passe non crypte
if (! empty($conf->global->LDAP_FIELD_PASSWORD_CRYPTED)) $info[$conf->global->LDAP_FIELD_PASSWORD_CRYPTED] = dol_hash($this->pass, 4); // Create OpenLDAP MD5 password (TODO add type of encryption)
}
// Set LDAP password if possible
else
{
if ($this->pass && ! empty($conf->global->LDAP_FIELD_PASSWORD_CRYPTED)) {
$info[$conf->global->LDAP_FIELD_PASSWORD_CRYPTED] = dol_hash($this->pass, 4); // md5 for OpenLdap TODO add type of encryption
if (! empty($conf->global->DATABASE_PWD_ENCRYPTED))
{
// Just for the default MD5 !
if (empty($conf->global->MAIN_SECURITY_HASH_ALGO))
{
if ($this->pass_indatabase_crypted && ! empty($conf->global->LDAP_FIELD_PASSWORD_CRYPTED)) {
$info[$conf->global->LDAP_FIELD_PASSWORD_CRYPTED] = dol_hash($this->pass_indatabase_crypted, 5); // Create OpenLDAP MD5 password from Dolibarr MD5 password
}
}
}
// Use $this->pass_indatabase value if exists
else if (! empty($this->pass_indatabase))
{
if (! empty($conf->global->LDAP_FIELD_PASSWORD)) $info[$conf->global->LDAP_FIELD_PASSWORD] = $this->pass_indatabase; // $this->pass_indatabase = mot de passe non crypte
if (! empty($conf->global->LDAP_FIELD_PASSWORD_CRYPTED)) $info[$conf->global->LDAP_FIELD_PASSWORD_CRYPTED] = dol_hash($this->pass_indatabase, 4); // md5 for OpenLdap TODO add type of encryption
}
}

41
htdocs/user/ldap.php
View File

@ -57,30 +57,29 @@ $parameters=array('id'=>$socid);
$reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks
if ($reshook < 0) setEventMessages($hookmanager->error, $hookmanager->errors, 'errors');
if (empty($reshook)) {
if ($_GET["action"] == 'dolibarr2ldap') {
$db->begin();
if (empty($reshook))
{
if ($_GET["action"] == 'dolibarr2ldap')
{
$ldap = new Ldap();
$result = $ldap->connect_bind();
$ldap = new Ldap();
$result = $ldap->connect_bind();
if ($result > 0)
{
$info = $object->_load_ldap_info();
$dn = $object->_load_ldap_dn($info);
$olddn = $dn; // We can say that old dn = dn as we force synchro
$info = $object->_load_ldap_info();
$dn = $object->_load_ldap_dn($info);
$olddn = $dn; // We can say that old dn = dn as we force synchro
$result = $ldap->update($dn, $info, $user, $olddn);
}
$result = $ldap->update($dn, $info, $user, $olddn);
if ($result >= 0)
{
setEventMessages($langs->trans("UserSynchronized"), null, 'mesgs');
$db->commit();
}
else
{
setEventMessages($ldap->error, $ldap->errors, 'errors');
$db->rollback();
}
}
if ($result >= 0) {
setEventMessages($langs->trans("UserSynchronized"), null, 'mesgs');
}
else {
setEventMessages($ldap->error, $ldap->errors, 'errors');
}
}
}
/*