index 7d70459a5b5317c3eab06448c86596be2efc2342..1b90b74878b16d9c177a629149a73fb3858df299 100644 (file)
{
global $config;
- /* - Search for $username and optinal @REALM in all configured LDAP trees */
- /* - If uniq, fill username and server with the correct values and return */
- /* - Else return emtpy values where the error occurs */
+ /* Search for $username and optional @REALM in all configured LDAP trees */
+ foreach($config->data["LOCATIONS"] as $name => $data){
+
+ $config->set_current($name);
+ $mode= "kerberos";
+ if (isset($config->current['KRBSASL']) && preg_match('/^true$/i', $config->current['KRBSASL'])){
+ $mode= "sasl";
+ }
+
+ /* Look for entry or realm */
+ $ldap= $config->get_ldap_link();
+ if (!preg_match("/Success/i", $ldap->error)){
+ print_red(sprintf(_("User login failed. LDAP server said '%s'."), $ldap->get_error()));
+ $smarty= get_smarty();
+ $smarty->display(get_template_path('headers.tpl'));
+ echo "<body>".get_global('errors')."</body></html>";
+ exit();
+ }
+ $ldap->search("(&(objectClass=gosaAccount)(|(uid=$username)(userPassword={$mode}$username)))", array("uid"));
+ /* Found a uniq match? Return it... */
+ if ($ldap->count() == 1) {
+ $attrs= $ldap->fetch();
+ return array("username" => $attrs["uid"][0], "server" => $name);
+ }
+ }
+
+ /* Nothing found? Return emtpy array */
return array("username" => "", "server" => "");
}
function ldap_login_user_htaccess ($username)
{
- /* Use the username to fill the userinfo class as in ldap_login_user and return */
- /* Load acl, etc.*/
- return NULL;
+ global $config;
+
+ /* Look for entry or realm */
+ $ldap= $config->get_ldap_link();
+ if (!preg_match("/Success/i", $ldap->error)){
+ print_red(sprintf(_("User login failed. LDAP server said '%s'."), $ldap->get_error()));
+ $smarty= get_smarty();
+ $smarty->display(get_template_path('headers.tpl'));
+ echo "<body>".get_global('errors')."</body></html>";
+ exit();
+ }
+ $ldap->search("(&(objectClass=gosaAccount)(uid=$username))", array("uid"));
+ /* Found no uniq match? Strange, because we did above... */
+ if ($ldap->count() != 1) {
+ print_red(_("Username / UID is not unique. Please check your LDAP database."));
+ return (NULL);
+ }
+ $attrs= $ldap->fetch();
+
+ /* got user dn, fill acl's */
+ $ui= new userinfo($config, $ldap->getDN());
+ $ui->username= $attrs['uid'][0];
+
+ /* No password check needed - the webserver did it for us */
+ $ldap->disconnect();
+
+ /* Username is set, load subtreeACL's now */
+ $ui->loadACL();
+
+ /* TODO: check java script for htaccess authentication */
+ session::set('js',true);
+
+ return ($ui);
}
}
+/* \!brief This function searches the ldap database.
+ It search in $sub_base,*,$base for all objects matching the $filter.
+
+ @param $filter String The ldap search filter
+ @param $category String The ACL category the result objects belongs
+ @param $sub_base String The sub base we want to search for e.g. "ou=apps"
+ @param $base String The ldap base from which we start the search
+ @param $attributes Array The attributes we search for.
+ @param $flags Long A set of Flags
+ */
+function get_sub_list($filter, $category,$sub_base, $base= "", $attributes= array(), $flags= GL_SUBSEARCH)
+{
+
+ global $config, $ui;
+
+ /* Get LDAP link */
+ $ldap= $config->get_ldap_link($flags & GL_SIZELIMIT);
+
+ /* Set search base to configured base if $base is empty */
+ if ($base == ""){
+ $ldap->cd ($config->current['BASE']);
+ } else {
+ $ldap->cd ($base);
+ }
+
+ /* Remove , ("ou=1,ou=2.." => "ou=1") */
+ $sub_base = preg_replace("/,.*$/","",$sub_base);
+
+ /* Check if there is a sub department specified */
+ if($sub_base == ""){
+ return(get_list($filter, $category,$base,$attributes,$flags));
+ }
+
+ /* Get all deparments matching the given sub_base */
+ $departments = array();
+ $ldap->search($sub_base,array("dn"));
+ while($attrs = $ldap->fetch()){
+ $departments[$attrs['dn']] = $attrs['dn'];
+ }
+
+ $result= array();
+ $limit_exceeded = FALSE;
+
+ /* Search in all matching departments */
+ foreach($departments as $dep){
+
+ /* Break if the size limit is exceeded */
+ if($limit_exceeded){
+ return($result);
+ }
+
+ $ldap->cd($dep);
+
+ /* Perform ONE or SUB scope searches? */
+ if ($flags & GL_SUBSEARCH) {
+ $ldap->search ($filter, $attributes);
+ } else {
+ $ldap->ls ($filter,$base,$attributes);
+ }
+
+ /* Check for size limit exceeded messages for GUI feedback */
+ if (preg_match("/size limit/i", $ldap->error)){
+ register_global('limit_exceeded', TRUE);
+ $limit_exceeded = TRUE;
+ }
+
+ /* Crawl through result entries and perform the migration to the
+ result array */
+ while($attrs = $ldap->fetch()) {
+ $dn= $ldap->getDN();
+
+ /* Convert dn into a printable format */
+ if ($flags & GL_CONVERT){
+ $attrs["dn"]= convert_department_dn($dn);
+ } else {
+ $attrs["dn"]= $dn;
+ }
+
+ /* Sort in every value that fits the permissions */
+ if (is_array($category)){
+ foreach ($category as $o){
+ if ($ui->get_category_permissions($dn, $o) != ""){
+ $result[]= $attrs;
+ break;
+ }
+ }
+ } else {
+ if ($ui->get_category_permissions($dn, $category) != ""){
+ $result[]= $attrs;
+ }
+ }
+ }
+ }
+ return($result);
+}
+
+
+
function get_list($filter, $category, $base= "", $attributes= array(), $flags= GL_SUBSEARCH)
{
global $config, $ui;
{
global $config;
+ $map = array( "applicationou" => "ou=apps,",
+ "systemsou" => "ou=systems,",
+ "serverou" => "ou=servers,ou=systems,",
+ "terminalou" => "ou=terminals,ou=systems,",
+ "workstationou" => "ou=workstations,ou=systems,",
+ "printerou" => "ou=printers,ou=systems,",
+ "phoneou" => "ou=phones,ou=systems,",
+ "componentou" => "ou=netdevices,ou=systems,",
+ "blocklistou" => "ou=gofax,ou=systems,",
+ "incomingou" => "ou=incoming,",
+ "aclroleou" => "ou=aclroles,",
+ "macroou" => "ou=macros,ou=asterisk,ou=configs,ou=systems,",
+ "conferenceou" => "ou=conferences,ou=asterisk,ou=configs,ou=systems,",
+
+ "faiou" => "ou=fai,ou=configs,ou=systems,",
+ "faiscriptou" => "ou=scripts,",
+ "faihookou" => "ou=hooks,",
+ "faitemplateou" => "ou=templates,",
+ "faivariableou" => "ou=variables,",
+ "faiprofileou" => "ou=profiles,",
+ "faipackageou" => "ou=packages,",
+ "faipartitionou"=> "ou=disk,",
+
+ "deviceou" => "ou=devices,",
+ "mimetypeou" => "ou=mime,");
+
/* Preset ou... */
if (isset($config->current[$name])){
$ou= $config->current[$name];
+ } elseif (isset($map[$name])) {
+ $ou = $map[$name];
+ return($ou);
} else {
+ trigger_error("No department mapping found for type ".$name);
return "";
}
-
+
+
if ($ou != ""){
if (!preg_match('/^[^=]+=[^=]+/', $ou)){
return @LDAP::convert("ou=$ou,");
function register_global($name, $object)
{
- $_SESSION[$name]= $object;
+ session::set($name,$object);
}
function is_global($name)
{
- return isset($_SESSION[$name]);
+ return(session::is_set($name));
}
-function &get_global($name)
+function get_global($name)
{
- return $_SESSION[$name];
+ return(session::get($name));
}
);
return(array("TIMEZONES" => $timezones, "DST_ZONES" => $dst_timezones));
}
+
+
+function display_error_page()
+{
+ $smarty= get_smarty();
+ $smarty->display(get_template_path('headers.tpl'));
+ echo "<body>".msg_dialog::get_dialogs()."</body></html>";
+ exit();
+}
+
// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
?>