re-activate ldap user search feature using new ldap libs

1.10.x
eric 10 years ago
parent 9053c702ef
commit 6f6b200dbb
  1. 2
      main/admin/index.php
  2. 14
      main/admin/ldap_users_list.php
  3. 72
      main/auth/ldap/authldap.php
  4. 18
      main/auth/ldap/ldap_var.inc.php

@ -120,7 +120,7 @@ if (api_is_platform_admin()) {
$items[] = array('url'=>'group_add.php', 'label' => get_lang('AddGroups'));
$items[] = array('url'=>'group_list.php', 'label' => get_lang('GroupList'));
}
if (isset($extAuthSource) && isset($extAuthSource['ldap']) && count($extAuthSource['ldap']) > 0) {
if (isset($extAuthSource) && isset($extAuthSource['extldap']) && count($extAuthSource['extldap']) > 0) {
$items[] = array('url'=>'ldap_users_list.php', 'label' => get_lang('ImportLDAPUsersIntoPlatform'));
}
$items[] = array('url'=>'user_fields.php', 'label' => get_lang('ManageUserFields'));

@ -17,11 +17,11 @@ $this_section = SECTION_PLATFORM_ADMIN;
api_protect_admin_script();
$action = $_GET["action"];
$login_as_user_id = $_GET["user_id"];
$action = @$_GET["action"] ?: null;
$login_as_user_id = @$_GET["user_id"] ?: null;
// Login as ...
if ($_GET['action'] == "login_as" && isset ($login_as_user_id))
if ($action == "login_as" && !empty ($login_as_user_id))
{
login_user($login_as_user_id);
}
@ -200,10 +200,10 @@ $form->display();
$parameters['keyword_username'] = $_GET['keyword_username'];
$parameters['keyword_firstname'] = $_GET['keyword_firstname'];
$parameters['keyword_lastname'] = $_GET['keyword_lastname'];
$parameters['keyword_email'] = $_GET['keyword_email'];
$parameters['keyword_username'] = @$_GET['keyword_username'] ?: null;
$parameters['keyword_firstname'] = @$_GET['keyword_firstname'] ?: null;
$parameters['keyword_lastname'] = @$_GET['keyword_lastname'] ?: null;
$parameters['keyword_email'] = @$_GET['keyword_email'] ?: null;
if (isset($_GET['id_session']))
$parameters['id_session'] = $_GET['id_session'];
// Create a sortable table with user-data

@ -62,6 +62,7 @@ use \ChamiloSession as Session;
/**
* Code
*/
require_once api_get_path(SYS_CODE_PATH).'auth/external_login/ldap.inc.php';
require 'ldap_var.inc.php';
/**
* Check login and password with LDAP
@ -325,7 +326,9 @@ function ldap_set_version(&$resource) {
*/
function ldap_handle_bind(&$ldap_handler,&$ldap_bind) {
//error_log('Entering ldap_handle_bind(&$ldap_handler,&$ldap_bind)',0);
global $ldap_rdn,$ldap_pass;
global $ldap_rdn,$ldap_pass, $extldap_config;
$ldap_rdn = $extldap_config['admin_dn'];
$ldap_pass = $extldap_config['admin_password'];
if (!empty($ldap_rdn) and !empty($ldap_pass)) {
//error_log('Trying authenticated login :'.$ldap_rdn.'/'.$ldap_pass,0);
$ldap_bind = ldap_bind($ldap_handler,$ldap_rdn,$ldap_pass);
@ -352,21 +355,23 @@ function ldap_handle_bind(&$ldap_handler,&$ldap_bind) {
*/
function ldap_get_users() {
global $ldap_basedn, $ldap_host, $ldap_port, $ldap_rdn, $ldap_pass;
global $ldap_basedn, $ldap_host, $ldap_port, $ldap_rdn, $ldap_pass, $ldap_search_dn, $extldap_user_correspondance;
$keyword_firstname = trim(Database::escape_string($_GET['keyword_firstname']));
$keyword_lastname = trim(Database::escape_string($_GET['keyword_lastname']));
$keyword_username = trim(Database::escape_string($_GET['keyword_username']));
$keyword_type = Database::escape_string($_GET['keyword_type']);
$keyword_firstname = isset($_GET['keyword_firstname']) ? trim(Database::escape_string($_GET['keyword_firstname'])): '';
$keyword_lastname = isset($_GET['keyword_lastname']) ? trim(Database::escape_string($_GET['keyword_lastname'])) : '';
$keyword_username = isset($_GET['keyword_username']) ? trim(Database::escape_string($_GET['keyword_username'])) : '';
$keyword_type = isset($_GET['keyword_type']) ? Database::escape_string($_GET['keyword_type']) : '';
$ldap_query=array();
if ($keyword_username != "") {
$ldap_query[]="(uid=".$keyword_username."*)";
} else if ($keyword_lastname!=""){
$ldap_query[]="(sn=".$keyword_lastname."*)";
$ldap_query[] = str_replace('%username%', $keyword_username, $ldap_search_dn);
} else {
if ($keyword_lastname!=""){
$ldap_query[]="(".$extldap_user_correspondance['lastname']."=".$keyword_lastname."*)";
}
if ($keyword_firstname!="") {
$ldap_query[]="(givenName=".$keyword_firstname."*)";
$ldap_query[]="(".$extldap_user_correspondance['firstname']."=".$keyword_firstname."*)";
}
}
if ($keyword_type !="" && $keyword_type !="all") {
@ -380,7 +385,7 @@ function ldap_get_users() {
}
$str_query.=" )";
} else {
$str_query=$ldap_query[0];
$str_query= count($ldap_query) > 0 ? $ldap_query[0] : null;
}
$ds = ldap_connect($ldap_host, $ldap_port);
@ -421,6 +426,9 @@ function ldap_get_number_of_users() {
* @author Mustapha Alouani
*/
function ldap_get_user_data($from, $number_of_items, $column, $direction) {
global $extldap_user_correspondance;
$users = array();
$is_western_name_order = api_is_western_name_order();
if (isset($_GET['submit'])) {
@ -434,17 +442,17 @@ function ldap_get_user_data($from, $number_of_items, $column, $direction) {
//$dn_array=ldap_explode_dn($info[$key]["dn"],1);
//$user[] = $dn_array[0]; // uid is first key
//$user[] = $dn_array[0]; // uid is first key
$user[] = $info[$key]['uid'][0];
$user[] = $info[$key]['uid'][0];
$user[] = $info[$key][$extldap_user_correspondance['username']][0];
$user[] = $info[$key][$extldap_user_correspondance['username']][0];
if ($is_western_name_order) {
$user[] = api_convert_encoding($info[$key]['cn'][0], api_get_system_encoding(), 'UTF-8');
$user[] = api_convert_encoding($info[$key]['sn'][0], api_get_system_encoding(), 'UTF-8');
$user[] = api_convert_encoding($info[$key][$extldap_user_correspondance['firstname']][0], api_get_system_encoding(), 'UTF-8');
$user[] = api_convert_encoding($info[$key][$extldap_user_correspondance['lastname']][0], api_get_system_encoding(), 'UTF-8');
} else {
$user[] = api_convert_encoding($info[$key]['sn'][0], api_get_system_encoding(), 'UTF-8');
$user[] = api_convert_encoding($info[$key]['cn'][0], api_get_system_encoding(), 'UTF-8');
$user[] = api_convert_encoding($info[$key][$extldap_user_correspondance['firstname']][0], api_get_system_encoding(), 'UTF-8');
$user[] = api_convert_encoding($info[$key][$extldap_user_correspondance['lastname']][0], api_get_system_encoding(), 'UTF-8');
}
$user[] = $info[$key]['mail'][0];
$outab[] = $info[$key]['eduPersonPrimaryAffiliation'][0]; // Ici "student"
$user[] = $info[$key][$extldap_user_correspondance['username']][0];
$users[] = $user;
}
} else {
@ -462,9 +470,12 @@ function ldap_get_user_data($from, $number_of_items, $column, $direction) {
* @author Mustapha Alouani
*/
function modify_filter($user_id,$url_params, $row) {
$url_params_id="id[]=".$row[0];
$query_string="id[]=".$row[0];
if (!empty($_GET['id_session'])){
$query_string .= '&id_session='.Security::remove_XSS($_GET['id_session']);
}
//$url_params_id="id=".$row[0];
$result .= '<a href="ldap_users_list.php?action=add_user&amp;user_id='.$user_id.'&amp;id_session='.Security::remove_XSS($_GET['id_session']).'&amp;'.$url_params_id.'&amp;sec_token='.$_SESSION['sec_token'].'" onclick="javascript:if(!confirm('."'".addslashes(api_htmlentities(get_lang("ConfirmYourChoice"), ENT_QUOTES, api_get_system_encoding()))."'".')) return false;">'.Display::return_icon('add_user.gif', get_lang('AddUsers')).'</a>';
$result = '<a href="ldap_users_list.php?action=add_user&amp;user_id='.$user_id.'&amp;'.$query_string.'&amp;sec_token='.$_SESSION['sec_token'].'" onclick="javascript:if(!confirm('."'".addslashes(api_htmlentities(get_lang("ConfirmYourChoice"), ENT_QUOTES, api_get_system_encoding()))."'".')) return false;">'.Display::return_icon('add_user.gif', get_lang('AddUsers')).'</a>';
return $result;
}
@ -474,26 +485,9 @@ function modify_filter($user_id,$url_params, $row) {
* @author Mustapha Alouani
*/
function ldap_add_user($login) {
global $ldap_basedn, $ldap_host, $ldap_port, $ldap_rdn, $ldap_pass;
$ds = ldap_connect($ldap_host, $ldap_port);
ldap_set_version($ds);
$user_id = 0;
if ($ds) {
$str_query="(uid=".$login.")";
$r = false;
$res = ldap_handle_bind($ds, $r);
$sr = ldap_search($ds, $ldap_basedn, $str_query);
//echo "Number of results is : ".ldap_count_entries($ds,$sr)."<p>";
$info = ldap_get_entries($ds, $sr);
for ($key = 0; $key < $info['count']; $key ++) {
$user_id = ldap_add_user_by_array($info[$key]);
}
} else {
Display :: display_error_message(get_lang('LDAPConnectionError'));
if ($ldap_user = extldap_authenticate($login, 'nopass', true)) {
return extldap_add_user_by_array($ldap_user);
}
return $user_id;
}
function ldap_add_user_by_array($data, $update_if_exists = true) {

@ -23,24 +23,24 @@
* Configuration settings
*/
// your ldap server
$ldap_host = api_get_setting('ldap_main_server_address');
$ldap_host = $extldap_config['host'][0];
// your ldap server's port number
$ldap_port = api_get_setting('ldap_main_server_port');
$ldap_port = @$extldap_config['port'] ?: null;
//domain
$ldap_basedn = api_get_setting('ldap_domain');
$ldap_basedn = $extldap_config['base_dn'];
//search term for students
$ldap_search_dn = api_get_setting('ldap_search_string');
$ldap_search_dn = $extldap_config['user_search'];
//additional server params for use of replica in case of problems
$ldap_host2 = api_get_setting('ldap_replicate_server_address');
$ldap_port2 = api_get_setting('ldap_replicate_server_port');
$ldap_host2 = count($extldap_config['host']) > 1 ? $extldap_config['host'][1] : null;
$ldap_port2 = $extldap_config['port'];
//protocol version - set to 3 for LDAP 3
$ldap_version = api_get_setting('ldap_version');
$ldap_version = $extldap_config['protocol_version'];
//non-anonymous LDAP mode
$ldap_rdn = api_get_setting('ldap_authentication_login');
$ldap_pass = api_get_setting('ldap_authentication_password');
$ldap_rdn = $extldap_config['admin_dn'];
$ldap_pass = $extldap_config['admin_password'];
$ldap_pass_placeholder = "PLACEHOLDER";

Loading…
Cancel
Save