bashclub/piler
1
0
Fork 0
mirror of https://bitbucket.org/jsuto/piler.git synced 2025-06-12 23:17:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

added support for multiple AD

Browse Source
This commit is contained in:
SJ
2013-07-08 11:31:17 +02:00
parent d3073dd444
commit bc16df8778
24 changed files with 636 additions and 95 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
webui/model/domain/domain.php
View File

@ -3,12 +3,26 @@
class ModelDomainDomain extends Model {
public function getDomains() {
$data = array();
$query = $this->db->query("SELECT domain, mapped FROM " . TABLE_DOMAIN . " ORDER BY domain ASC");
$query = $this->db->query("SELECT domain, mapped, ldap_id FROM " . TABLE_DOMAIN . " ORDER BY domain ASC");
if(isset($query->rows)) { return $query->rows; }
if(isset($query->rows)) {
foreach($query->rows as $q) {
return array();
$ldap = '';
if($q['ldap_id'] > 0) {
$query2 = $this->db->query("SELECT description FROM " . TABLE_LDAP . " WHERE id=?", array($q['ldap_id']));
if(isset($query2->row)) { $ldap = $query2->row['description']; }
}
$data[] = array('domain' => $q['domain'], 'mapped' => $q['mapped'], 'ldap' => $ldap);
}
}
return $data;
}
@ -38,14 +52,14 @@ class ModelDomainDomain extends Model {
}
public function addDomain($domain = '', $mapped = '') {
public function addDomain($domain = '', $mapped = '', $ldap_id = 0) {
if($domain == "" || $mapped == "") { return 0; }
$domains = explode("\n", $domain);
foreach ($domains as $domain) {
$domain = rtrim($domain);
$query = $this->db->query("INSERT INTO " . TABLE_DOMAIN . " (domain, mapped) VALUES (?,?)", array($domain, $mapped));
$query = $this->db->query("INSERT INTO " . TABLE_DOMAIN . " (domain, mapped, ldap_id) VALUES (?,?,?)", array($domain, $mapped, $ldap_id));
$rc = $this->db->countAffected();

60
webui/model/saas/ldap.php Normal file
View File

@ -0,0 +1,60 @@
<?php
class ModelSaasLdap extends Model
{
public function get() {
$query = $this->db->query("SELECT id, description, ldap_host, ldap_base_dn, ldap_bind_dn FROM " . TABLE_LDAP . " ORDER BY description ASC");
if($query->num_rows > 0) { return $query->rows; }
return array();
}
public function delete($id = 0, $description = '') {
if($id == 0) { return 0; }
$query = $this->db->query("DELETE FROM " . TABLE_LDAP . " WHERE id=?", array($id));
$rc = $this->db->countAffected();
LOGGER("remove ldap entry: #$id, $description (rc=$rc)");
return $rc;
}
public function add($arr = array()) {
if(!isset($arr['description']) || !isset($arr['ldap_host'])) { return 0; }
$query = $this->db->query("INSERT INTO " . TABLE_LDAP . " (description, ldap_host, ldap_base_dn, ldap_bind_dn, ldap_bind_pw) VALUES (?,?,?,?,?)", array($arr['description'], $arr['ldap_host'], $arr['ldap_base_dn'], $arr['ldap_bind_dn'], $arr['ldap_bind_pw']));
$rc = $this->db->countAffected();
LOGGER("add ldap entry: " . $arr['description'] . " / " . $arr['ldap_host'] . " / " . $arr['ldap_base_dn'] . " (rc=$rc)");
if($rc == 1){ return 1; }
return 0;
}
public function get_ldap_params_by_email($email = '') {
$domain = '';
if($email == '') { return array(); }
list($l,$d) = explode("@", $email);
$query = $this->db->query("SELECT ldap_host, ldap_base_dn, ldap_bind_dn, ldap_bind_pw from " . TABLE_DOMAIN . " as d, " . TABLE_LDAP . " as l where d.ldap_id=l.id and d.domain=?", array($d));
if($query->num_rows > 0) { return array($query->row['ldap_host'], $query->row['ldap_base_dn'], $query->row['ldap_bind_dn'], $query->row['ldap_bind_pw']); }
return array();
}
}
?>

26
webui/model/user/auth.php
View File

@ -63,22 +63,36 @@ class ModelUserAuth extends Model {
private function checkLoginAgainstLDAP($username = '', $password = '') {
$ldap = new LDAP(LDAP_HOST, LDAP_HELPER_DN, LDAP_HELPER_PASSWORD);
$ldap_host = LDAP_HOST;
$ldap_base_dn = LDAP_BASE_DN;
$ldap_helper_dn = LDAP_HELPER_DN;
$ldap_helper_password = LDAP_HELPER_PASSWORD;
if(ENABLE_SAAS == 1) {
$a = $this->model_saas_ldap->get_ldap_params_by_email($username);
$ldap_host = $a[0];
$ldap_base_dn = $a[1];
$ldap_helper_dn = $a[2];
$ldap_helper_password = $a[3];
}
$ldap = new LDAP($ldap_host, $ldap_helper_dn, $ldap_helper_password);
if($ldap->is_bind_ok()) {
$query = $ldap->query(LDAP_BASE_DN, "(&(objectClass=" . LDAP_ACCOUNT_OBJECTCLASS . ")(" . LDAP_MAIL_ATTR . "=$username))", array());
$query = $ldap->query($ldap_base_dn, "(&(objectClass=" . LDAP_ACCOUNT_OBJECTCLASS . ")(" . LDAP_MAIL_ATTR . "=$username))", array());
if(isset($query->row['dn']) && $query->row['dn']) {
$a = $query->row;
$ldap_auth = new LDAP(LDAP_HOST, $a['dn'], $password);
$ldap_auth = new LDAP($ldap_host, $a['dn'], $password);
if(ENABLE_SYSLOG == 1) { syslog(LOG_INFO, "ldap auth against '" . LDAP_HOST . "', dn: '" . $a['dn'] . "', result: " . $ldap_auth->is_bind_ok()); }
if(ENABLE_SYSLOG == 1) { syslog(LOG_INFO, "ldap auth against '" . $ldap_host . "', dn: '" . $a['dn'] . "', result: " . $ldap_auth->is_bind_ok()); }
if($ldap_auth->is_bind_ok()) {
$query = $ldap->query(LDAP_BASE_DN, "(|(&(objectClass=" . LDAP_ACCOUNT_OBJECTCLASS . ")(" . LDAP_MAIL_ATTR . "=$username))(&(objectClass=" . LDAP_DISTRIBUTIONLIST_OBJECTCLASS . ")(" . LDAP_DISTRIBUTIONLIST_ATTR . "=$username)" . ")(&(objectClass=" . LDAP_DISTRIBUTIONLIST_OBJECTCLASS . ")(" . LDAP_DISTRIBUTIONLIST_ATTR . "=" . stripslashes($a['dn']) . ")))", array());
$query = $ldap->query($ldap_base_dn, "(|(&(objectClass=" . LDAP_ACCOUNT_OBJECTCLASS . ")(" . LDAP_MAIL_ATTR . "=$username))(&(objectClass=" . LDAP_DISTRIBUTIONLIST_OBJECTCLASS . ")(" . LDAP_DISTRIBUTIONLIST_ATTR . "=$username)" . ")(&(objectClass=" . LDAP_DISTRIBUTIONLIST_OBJECTCLASS . ")(" . LDAP_DISTRIBUTIONLIST_ATTR . "=" . stripslashes($a['dn']) . ")))", array());
$is_auditor = $this->check_ldap_membership($query->rows);
@ -96,7 +110,7 @@ class ModelUserAuth extends Model {
}
}
else if(ENABLE_SYSLOG == 1) {
syslog(LOG_INFO, "cannot bind to '" . LDAP_HOST . "' as '" . LDAP_HELPER_DN . "'");
syslog(LOG_INFO, "cannot bind to '" . $ldap_host . "' as '" . $ldap_helper_dn . "'");
}
return 0;