View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
433 | RackTables | default | public | 2011-06-07 16:31 | 2011-06-15 10:10 |
Reporter | infrastation | Assigned To | infrastation | ||
Priority | normal | Severity | feature | Reproducibility | N/A |
Status | closed | Resolution | fixed | ||
Target Version | 0.19.5 | Fixed in Version | 0.19.5 | ||
Summary | 433: eDirectory support in LDAP | ||||
Description | by Walery Wysotsky: "I changed module inc/auth.php. Now it is possible to gather group members for LDAP servers, different from MS ActiveDirectory (I use Novell eDirectory) and use it in permission checks (lgcn_ tag)." | ||||
Tags | No tags attached. | ||||
Attached Files | auth.php.diff (1,738 bytes)
329c329,331 < strlen ($LDAP_options['search_attr']) --- > strlen ($LDAP_options['search_attr']) and > isset ($LDAP_options['group_attr']) and > strlen ($LDAP_options['group_attr']) 337c339 < array_merge (array ('memberof'), explode (' ', $LDAP_options['displayname_attrs'])) --- > array_merge (array ($LDAP_options['group_attr']), explode (' ', $LDAP_options['displayname_attrs'])) 353,355c355,363 < if (isset ($info[0]['memberof'])) < for ($i = 0; $i < $info[0]['memberof']['count']; $i++) < foreach (explode (',', $info[0]['memberof'][$i]) as $pair) --- > if (isset ($info[0][$LDAP_options['group_attr']])) > for ($i = 0; $i < $info[0][$LDAP_options['group_attr']]['count']; $i++) > { > $pair = $info[0][$LDAP_options['group_attr']][$i]; > if > ( > isset ($LDAP_options['group_filter']) and > strlen ($LDAP_options['group_filter']) > ) 357,359c365,371 < list ($attr_name, $attr_value) = explode ('=', $pair); < if (strtoupper ($attr_name) == 'CN' and validTagName ('$lgcn_' . $attr_value, TRUE)) < $ret['memberof'][] = '$lgcn_' . $attr_value; --- > if (preg_match($LDAP_options['group_filter'], $pair, $matches)) > { > $attr_name = $matches[1]; > $attr_value = $matches[2]; > } > else > $attr_name = 'undefined'; 360a373,381 > else > { > $pairs = explode (',', $info[0][$LDAP_options['group_attr']][$i]); > // group CN in only first element > list ($attr_name, $attr_value) = explode ('=', $pairs[0]); > } > if (strtoupper ($attr_name) == 'CN' and validTagName ('$lgcn_' . $attr_value, TRUE)) > $ret['memberof'][] = '$lgcn_' . $attr_value; > } secret-sample.php.diff (260 bytes)
46a47,56 > > // for AD LDAP > 'group_attr' => 'memberof', > // for eDirectory LDAP > // 'group_attr' => 'groupmembership', > > // filter user groups, optional > # 'group_filter' => '/(cn)=(\w+),ou=RackTables,ou=IT,o=bogdan/i', > > edirectory-r4.patch (1,987 bytes)
Index: wwwroot/inc/auth.php =================================================================== --- wwwroot/inc/auth.php (revision 4562) +++ wwwroot/inc/auth.php (working copy) @@ -365,6 +365,10 @@ function queryLDAPServer ($username, $password) { global $LDAP_options; + if (! array_key_exists ('group_attr', $LDAP_options)) + $LDAP_options['group_attr'] = 'memberof'; + if (! array_key_exists ('group_filter', $LDAP_options)) + $LDAP_options['group_filter'] = '/^[Cc][Nn]=([^,]+)/'; if(extension_loaded('ldap') === FALSE) throw new RackTablesError ('LDAP misconfiguration. LDAP PHP Module is not installed.', RackTablesError::MISCONFIGURED); @@ -429,7 +433,7 @@ $connect, $LDAP_options['search_dn'], '(' . $LDAP_options['search_attr'] . "=${username})", - array_merge (array ('memberof'), explode (' ', $LDAP_options['displayname_attrs'])) + array_merge (array ($LDAP_options['group_attr']), explode (' ', $LDAP_options['displayname_attrs'])) ); if (@ldap_count_entries ($connect, $results) != 1) { @@ -445,17 +449,14 @@ $space = ' '; } // Pull group membership, if any was returned. - if (isset ($info[0]['memberof'])) - for ($i = 0; $i < $info[0]['memberof']['count']; $i++) - foreach (explode (',', $info[0]['memberof'][$i]) as $pair) - { - $items = explode ('=', $pair); - if (count ($items) != 2) - continue; - list ($attr_name, $attr_value) = $items; - if (strtoupper ($attr_name) == 'CN' and validTagName ('$lgcn_' . $attr_value, TRUE)) - $ret['memberof'][] = '$lgcn_' . $attr_value; - } + if (isset ($info[0][$LDAP_options['group_attr']])) + for ($i = 0; $i < $info[0][$LDAP_options['group_attr']]['count']; $i++) + if + ( + preg_match ($LDAP_options['group_filter'], $info[0][$LDAP_options['group_attr']][$i], $matches) + and validTagName ('$lgcn_' . $matches[1], TRUE) + ) + $ret['memberof'][] = '$lgcn_' . $matches[1]; } @ldap_close ($connect); return $ret; | ||||
Date Modified | Username | Field | Change |
---|---|---|---|
2011-06-07 16:31 | infrastation | New Issue | |
2011-06-07 16:32 | infrastation | Assigned To | => infrastation |
2011-06-07 16:32 | infrastation | Status | new => acknowledged |
2011-06-07 16:32 | infrastation | Target Version | => 0.19.5 |
2011-06-07 16:32 | infrastation | File Added: auth.php.diff | |
2011-06-07 16:32 | infrastation | File Added: secret-sample.php.diff | |
2011-06-11 22:53 | infrastation | File Added: edirectory-r2.patch | |
2011-06-13 21:01 | infrastation | File Added: edirectory-r4.patch | |
2011-06-13 21:02 | infrastation | File Deleted: edirectory-r2.patch | |
2011-06-14 14:08 | infrastation | Note Added: 0000341 | |
2011-06-14 14:08 | infrastation | Status | acknowledged => assigned |
2011-06-15 10:10 | infrastation | Status | assigned => closed |
2011-06-15 10:10 | infrastation | Fixed in Version | => 0.19.5 |
2011-06-15 10:10 | infrastation | Resolution | open => fixed |