if ($_SESSION['UserDBAuthMode'] == USERDB_AUTH_LDAP) {
// We need the user system now!
ini_set('error_reporting', E_WARNING);
// Enable Warnings!
InitUserDbSettings();
// We need some DB Settings
InitUserSystemPhpLogCon();
// LDAP Variables
$content['LDAPServer'] = $_SESSION['LDAPServer'];
$content['LDAPPort'] = $_SESSION['LDAPPort'];
$content['LDAPBindDN'] = $_SESSION['LDAPBindDN'];
$content['LDAPBindPassword'] = $_SESSION['LDAPBindPassword'];
// try LDAP Connect!
$ldapConn = DoLDAPConnect();
if ($ldapConn) {
$bBind = DoLDAPBind($ldapConn);
if (!$bBind) {
RevertOneStep($content['INSTALL_STEP'] - 1, GetAndReplaceLangStr($content['LN_LOGIN_LDAP_USERBINDFAILED'], $_SESSION['LDAPBindDN']));
}
} else {
RevertOneStep($content['INSTALL_STEP'] - 1, GetAndReplaceLangStr($content['LN_INSTALL_LDAPCONNECTFAILED'], $_SESSION['LDAPServer']));
}
}
}
} else {
if ($content['INSTALL_STEP'] == 5) {
$content['sql_sucess'] = 0;
$content['sql_failed'] = 0;
// Import default database if user db is enabled!
if ($_SESSION['UserDBEnabled'] == 1) {
// Init $totaldbdefs
function CheckLDAPUserLogin($username, $password)
{
global $content;
// Create LDAP Searchfilter
$ldap_filter = '(&' . $content['LDAPSearchFilter'] . '(' . $content['LDAPUidAttribute'] . '=' . $username . '))';
// Get LDAP Connection
$ldapConn = DoLDAPConnect();
if ($ldapConn) {
if (!DoLDAPBind($ldapConn)) {
if (GetConfigSetting("DebugUserLogin", 0) == 1) {
// Die with error
DebugLDAPErrorAndDie(GetAndReplaceLangStr($content['LN_LOGIN_LDAP_USERBINDFAILED'], $content['LDAPBindDN'], ldap_err2str(ldap_errno($ldapConn))), $ldap_filter);
}
return false;
}
} else {
if (GetConfigSetting("DebugUserLogin", 0) == 1) {
// Die with error
DebugLDAPErrorAndDie(GetAndReplaceLangStr($content['LN_LOGIN_LDAP_SERVERFAILED'], $content['LDAPServer'] . ":" . $content['LDAPPort'], ldap_err2str(ldap_errno($ldapConn))), $ldap_filter);
}
// return false in this case
return false;
}
// Search for the user
if (!($r = @ldap_search($ldapConn, $content['LDAPBaseDN'], $ldap_filter, array("uid", "cn", "localentryid", "userpassword")))) {
if (GetConfigSetting("DebugUserLogin", 0) == 1) {
// Die with error
DebugLDAPErrorAndDie(GetAndReplaceLangStr($content['LN_LOGIN_LDAP_USERCOULDNOTLOGIN'], $username, ldap_err2str(ldap_errno($ldapConn))), $ldap_filter);
}
// return false in this case
return false;
}
$info = ldap_get_entries($ldapConn, $r);
if (!$info || $info["count"] != 1) {
if (GetConfigSetting("DebugUserLogin", 0) == 1) {
// Die with error
DebugLDAPErrorAndDie(GetAndReplaceLangStr($content['LN_LOGIN_LDAP_USERNOTFOUND'], $username), $ldap_filter);
}
// return false in this case
return false;
}
// now we have the user data. Do a bind to check for his password
if (!($r = @ldap_bind($ldapConn, $info[0]['dn'], $password))) {
if (GetConfigSetting("DebugUserLogin", 0) == 1) {
// Die with error
DebugLDAPErrorAndDie(GetAndReplaceLangStr($content['LN_LOGIN_LDAP_PASSWORDFAIL'], $username), $ldap_filter);
}
// return false in this case
return false;
}
// for the moment when a user logs in from LDAP, create it in the DB.
// then the prefs and group management is done in the DB and we don't rewrite the whole Loganalyzer code…
//
// added by czhujer
//
$ldapadmingroup = "cn=loganalyzeradminusers,cn=groups,cn=accounts,dc=someorg,dc=en";
if (LdapCheckGroup($ldapConn, $info[0]['dn'], $ldapadmingroup)) {
$ldapuser_is_admin = 1;
$ldapuser_is_readonly = 0;
//echo "You're (".$info[0]['dn'].") member of \"".$ldapadmingroup."\"";
} else {
//echo "You're (".$info[0]['dn'].") not member of \"".$ldapadmingroup."\"";
$ldapuser_admin = 0;
$ldapuser_is_readonly = 1;
}
/* debug
echo "<pre>";
print_r($info);
echo "</pre>";
DebugLDAPErrorAndDie("" , $ldap_filter );
*/
//
// end of czhujer modify
//
/* DB_RemoveBadChars() needs to be done here to maintain backwards compatibility even if it is not needed here*/
$md5pass = md5(DB_RemoveBadChars($password));
// check if the user already exist
$sqlquery = "SELECT * FROM `" . DB_USERS . "` WHERE username = '******'";
$result = DB_Query($sqlquery);
$myrow = DB_GetSingleRow($result, true);
if (!isset($myrow['is_admin'])) {
// Create User | use password to create MD5 Hash, so technically the user could login without LDAP as well
//$sqlcmd = "INSERT INTO `" . DB_USERS . "` (username, password, is_admin, is_readonly) VALUES ('" . $username . "', '" . $md5pass . "', 0, 1)";
//modified by czhujer
$sqlcmd = "INSERT INTO `" . DB_USERS . "` (username, password, is_admin, is_readonly) VALUES " . "('" . $username . "', '" . $md5pass . "', " . intval($ldapuser_is_admin) . ", " . intval($ldapuser_is_readonly) . ")";
$result = DB_Query($sqlcmd);
DB_FreeQuery($result);
$myrow['is_admin'] = 0;
$myrow['last_login'] = 0;
$myrow['is_readonly'] = 1;
}
// Construct Row and return
$myrowfinal['username'] = $username;
$myrowfinal['password'] = $md5pass;
$myrowfinal['dn'] = $info[0]['dn'];
if (isset($myrow['ID'])) {
$myrowfinal['ID'] = $myrow['ID'];
} else {
$myrowfinal['ID'] = DB_ReturnLastInsertID();
}
// Get from last insert!
$myrowfinal['is_admin'] = $myrow['is_admin'];
$myrowfinal['is_readonly'] = $myrow['is_readonly'];
$myrowfinal['last_login'] = $myrow['last_login'];
return $myrowfinal;
}
