/**
* Print the auth ldap form
*
* @param $ID integer ID of the item
* @param $options array
* - target for the Form
*
* @return Nothing (display)
**/
function showForm($ID, $options = array())
{
global $LANG;
if (!haveRight("config", "w")) {
return false;
}
$spotted = false;
if (empty($ID)) {
if ($this->getEmpty()) {
$spotted = true;
}
if (isset($_GET['preconfig'])) {
$this->preconfig($_GET['preconfig']);
}
} else {
if ($this->getFromDB($ID)) {
$spotted = true;
}
}
if (canUseLdap()) {
$this->showTabs($options);
$this->showFormHeader($options);
if (empty($ID)) {
$target = $_SERVER['PHP_SELF'];
echo "<tr class='tab_bg_2'><td>" . $LANG['ldap'][16] . " :</td> ";
echo "<td colspan='3'>";
echo "<a href='{$target}?preconfig=AD'>" . $LANG['ldap'][17] . "</a>";
echo " / ";
echo "<a href='{$target}?preconfig=default'>" . $LANG['common'][44];
echo "</a></td></tr>";
}
echo "<tr class='tab_bg_1'><td>" . $LANG['common'][16] . " :</td>";
echo "<td><input type='text' name='name' value='" . $this->fields["name"] . "'></td>";
echo $ID > 0 ? "<td>" . $LANG['common'][26] . " :</td><td>" . convDateTime($this->fields["date_mod"]) : "<td colspan='2'> ";
echo "</td></tr>";
echo "<tr class='tab_bg_1'><td>" . $LANG['ldap'][44] . " :</td>";
echo "<td>";
Dropdown::showYesNo('is_default', $this->fields['is_default']);
echo "</td>";
echo "<td>" . $LANG['common'][60] . " :</td>";
echo "<td>";
Dropdown::showYesNo('is_active', $this->fields['is_active']);
echo "</td></tr>";
echo "<tr class='tab_bg_1'><td>" . $LANG['common'][52] . " :</td>";
echo "<td><input type='text' name='host' value='" . $this->fields["host"] . "'></td>";
echo "<td>" . $LANG['setup'][172] . " :</td>";
echo "<td><input id='port' type='text' name='port' value='" . $this->fields["port"] . "'>";
echo "</td></tr>";
echo "<tr class='tab_bg_1'><td>" . $LANG['setup'][159] . " :</td>";
echo "<td colspan='3'>";
echo "<input type='text' name='condition' value='" . $this->fields["condition"] . "' size='100'>";
echo "</td></tr>";
echo "<tr class='tab_bg_1'><td>" . $LANG['setup'][154] . " :</td>";
echo "<td colspan='3'>";
echo "<input type='text' name='basedn' size='100' value='" . $this->fields["basedn"] . "'>";
echo "</td></tr>";
echo "<tr class='tab_bg_1'><td>" . $LANG['setup'][155] . " :</td>";
echo "<td colspan='3'><input type='text' name='rootdn' size='100' value='" . $this->fields["rootdn"] . "'>";
echo "</td></tr>";
echo "<tr class='tab_bg_1'><td>" . $LANG['setup'][156] . " :</td>";
echo "<td><input type='password' name='rootdn_passwd' value='' autocomplete='off'></td>";
echo "<td>" . $LANG['setup'][228] . " :</td>";
echo "<td><input type='text' name='login_field' value='" . $this->fields["login_field"] . "'>";
echo "</td></tr>";
echo "<tr class='tab_bg_1'><td>" . $LANG['common'][25] . " :</td>";
echo "<td colspan='3'>";
echo "<textarea cols='40' rows='4' name='comment'>" . $this->fields["comment"] . "</textarea>";
//Fill fields when using preconfiguration models
if (!$ID) {
$hidden_fields = array('comment_field', 'condition', 'email_field', 'entity_condition', 'entity_field', 'firstname_field', 'group_condition', 'group_field', 'group_member_field', 'group_search_type', 'mobile_field', 'phone_field', 'phone2_field', 'port', 'realname_field', 'registration_number_field', 'title_field', 'use_dn', 'use_tls');
foreach ($hidden_fields as $hidden_field) {
echo "<input type='hidden' name='{$hidden_field}' value='" . $this->fields[$hidden_field] . "'>";
}
}
echo "</td></tr>";
$this->showFormButtons($options);
$this->addDivForTabs();
} else {
echo "<div class='center'> <table class='tab_cadre_fixe'>";
echo "<tr><th colspan='2'>" . $LANG['login'][2] . "</th></tr>";
echo "<tr class='tab_bg_2'><td class='center'>";
echo "<p class='red'>" . $LANG['setup'][157] . "</p>";
echo "<p>" . $LANG['setup'][158] . "</p></td></tr></table></div>";
}
}
/**
*
**/
static function showAdvancedOptions(Entity $entity)
{
global $DB, $LANG;
$con_spotted = false;
$ID = $entity->getField('id');
if (!$entity->can($ID, 'r')) {
return false;
}
// Entity right applied (could be user_authtype)
$canedit = $entity->can($ID, 'w');
// Get data
$entdata = new EntityData();
if (!$entdata->getFromDB($ID)) {
$entdata->getEmpty();
}
if ($canedit) {
echo "<form method='post' name=form action='" . getItemTypeFormURL(__CLASS__) . "'>";
}
echo "<table class='tab_cadre_fixe'>";
echo "<tr><th colspan='2'>" . $LANG['entity'][23] . "</th></tr>";
echo "<tr class='tab_bg_1'><td colspan='2' class='center'>" . $LANG['entity'][26] . "</td></tr>";
echo "<tr class='tab_bg_1'>";
echo "<td>" . $LANG['entity'][13] . " : </td>";
echo "<td>";
autocompletionTextField($entdata, "tag", array('size' => 100));
echo "</td></tr>";
if (canUseLdap()) {
echo "<tr class='tab_bg_1'>";
echo "<td>" . $LANG['entity'][12] . " : </td>";
echo "<td>";
autocompletionTextField($entdata, "ldap_dn", array('size' => 100));
echo "</td></tr>";
}
echo "<tr class='tab_bg_1'>";
echo "<td>" . $LANG['entity'][27] . " : </td>";
echo "<td>";
autocompletionTextField($entdata, "mail_domain", array('size' => 100));
echo "</td></tr>";
if (canUseLdap()) {
echo "<tr><th colspan='2'>" . $LANG['entity'][24] . "</th></tr>";
echo "<tr class='tab_bg_1'>";
echo "<td>" . $LANG['entity'][15] . " : </td>";
echo "<td>";
Dropdown::show('AuthLDAP', array('value' => $entdata->fields['authldaps_id'], 'emptylabel' => $LANG['ldap'][44], 'condition' => "`is_active` = '1'"));
echo "</td></tr>";
echo "<tr class='tab_bg_1'>";
echo "<td>" . $LANG['entity'][25] . " : </td>";
echo "<td>";
autocompletionTextField($entdata, 'entity_ldapfilter', array('size' => 100));
echo "</td></tr>";
}
if ($canedit) {
echo "<tr>";
echo "<td class='tab_bg_2 center' colspan='2'>";
echo "<input type='hidden' name='entities_id' value='{$ID}'>";
if ($entdata->fields["id"]) {
echo "<input type='hidden' name='id' value='" . $entdata->fields["id"] . "'>";
echo "<input type='submit' name='update' value=\"" . $LANG['buttons'][7] . "\"\n class='submit'>";
} else {
echo "<input type='submit' name='add' value=\"" . $LANG['buttons'][7] . "\" class='submit'>";
}
echo "</td></tr>";
echo "</table></form>";
} else {
echo "</table>";
}
}
// ----------------------------------------------------------------------
// Original Author of file:
// Purpose of file:
// ----------------------------------------------------------------------
define('GLPI_ROOT', '..');
include GLPI_ROOT . "/inc/includes.php";
checkRight("config", "r");
commonHeader($LANG['title'][14], $_SERVER['PHP_SELF'], "config", "extauth", -1);
echo "<table class='tab_cadre'>";
echo "<tr><th> " . $LANG['setup'][67] . " </th></tr>";
if (haveRight("config", "w")) {
echo "<tr class='tab_bg_1'><td class='center b'><a href='auth.settings.php'>";
}
echo $LANG['common'][12] . ' ' . $LANG['login'][10] . "</a></td></tr>";
echo "<tr class='tab_bg_1'><td class='center b'>";
if (canUseLdap()) {
echo "<a href='authldap.php'>" . $LANG['login'][2] . "</a>";
} else {
echo "<p class='red'>" . $LANG['setup'][157] . "</p><p>" . $LANG['setup'][158] . '</p>';
}
echo "</td></tr>";
echo "<tr class='tab_bg_1'><td class='center b'>";
if (canUseImapPop()) {
echo "<a href='authmail.php'>" . $LANG['login'][3] . "</a>";
} else {
echo "<p class='red'>" . $LANG['setup'][165] . "</p><p>" . $LANG['setup'][166] . '</p>';
}
echo "</td> </tr>";
echo "<tr class='tab_bg_1'><td class='center'><a href='auth.others.php'>" . $LANG['login'][17] . "</a></td></tr>";
echo "</table>";
commonFooter();
}
if ($options['before-days'] && $options['after-days']) {
echo "You cannot use options before-days and after-days at the same time.";
exit(1);
}
if ($options['before-days']) {
$options['days'] = $options['before-days'];
$options['operator'] = '>';
unset($options['before-days']);
}
if ($options['after-days']) {
$options['days'] = $options['after-days'];
$options['operator'] = '<';
unset($options['after-days']);
}
if (!canUseLdap() || !countElementsInTable('glpi_authldaps')) {
echo "LDAP extension is not active or no LDAP directory defined";
}
$sql = "SELECT `id`, `name`\n FROM `glpi_authldaps`";
//Get the ldap server's id by his name
if ($options['ldapservers_id'] != NOT_AVAILABLE) {
$sql .= " WHERE `id` = '" . $options['ldapservers_id'] . "'";
}
$result = $DB->query($sql);
if ($DB->numrows($result) == 0 && $_GET["ldapservers_id"] != NOT_AVAILABLE) {
echo "LDAP Server not found";
} else {
foreach ($DB->request($sql) as $data) {
echo "Processing LDAP Server: " . $data['name'] . ", ID : " . $data['id'] . " \n";
$options['ldapservers_id'] = $data['id'];
import($options);
/**
* Manage use authentication and initialize the session
*
* @param $login_name string
* @param $login_password string
* @param $noauto boolean
*
* @return boolean (success)
*/
function Login($login_name, $login_password, $noauto = false)
{
global $DB, $CFG_GLPI, $LANG;
$this->getAuthMethods();
$this->user_present = 1;
$this->auth_succeded = false;
//In case the user was deleted in the LDAP directory
$user_deleted_ldap = false;
if (!$noauto && ($authtype = self::checkAlternateAuthSystems())) {
if ($this->getAlternateAuthSystemsUserLogin($authtype) && !empty($this->user->fields['name'])) {
// Used for log when login process failed
$login_name = $this->user->fields['name'];
$this->auth_succeded = true;
$this->extauth = 1;
$this->user_present = $this->user->getFromDBbyName(addslashes($login_name));
$this->user->fields['authtype'] = $authtype;
// if LDAP enabled too, get user's infos from LDAP
$this->user->fields["auths_id"] = $CFG_GLPI['authldaps_id_extra'];
if (canUseLdap()) {
if (isset($this->authtypes["ldap"][$this->user->fields["auths_id"]])) {
$ldap_method = $this->authtypes["ldap"][$this->user->fields["auths_id"]];
$ds = AuthLdap::connectToServer($ldap_method["host"], $ldap_method["port"], $ldap_method["rootdn"], decrypt($ldap_method["rootdn_passwd"], GLPIKEY), $ldap_method["use_tls"], $ldap_method["deref_option"]);
if ($ds) {
$params['method'] = AuthLdap::IDENTIFIER_LOGIN;
$params['fields'][AuthLdap::IDENTIFIER_LOGIN] = $ldap_method["login_field"];
$user_dn = AuthLdap::searchUserDn($ds, array('basedn' => $ldap_method["basedn"], 'login_field' => $ldap_method['login_field'], 'search_parameters' => $params, 'user_params' => array('method' => AuthLDAP::IDENTIFIER_LOGIN, 'value' => $login_name), 'condition' => $ldap_method["condition"]));
if ($user_dn) {
$this->user->getFromLDAP($ds, $ldap_method, $user_dn['dn'], $login_name);
}
}
}
}
// Reset to secure it
$this->user->fields['name'] = $login_name;
$this->user->fields["last_login"] = $_SESSION["glpi_currenttime"];
} else {
$this->addToError($LANG['login'][8]);
}
}
// If not already auth
if (!$this->auth_succeded) {
if (empty($login_name) || empty($login_password)) {
$this->addToError($LANG['login'][8]);
} else {
// exists=0 -> no exist
// exists=1 -> exist with password
// exists=2 -> exist without password
$exists = $this->userExists(array('name' => addslashes($login_name)));
// Pas en premier car sinon on ne fait pas le blankpassword
// First try to connect via le DATABASE
if ($exists == 1) {
// Without UTF8 decoding
if (!$this->auth_succeded) {
$this->auth_succeded = $this->connection_db(addslashes($login_name), $login_password);
if ($this->auth_succeded) {
$this->extauth = 0;
$this->user_present = $this->user->getFromDBbyName(addslashes($login_name));
$this->user->fields["authtype"] = self::DB_GLPI;
$this->user->fields["password"] = $login_password;
}
}
} else {
if ($exists == 2) {
//The user is not authenticated on the GLPI DB, but we need to get informations about him
//to find out his authentication method
$this->user->getFromDBbyName(addslashes($login_name));
//If the user has already been logged, the method_auth and auths_id are already set
//so we test this connection first
switch ($this->user->fields["authtype"]) {
case self::CAS:
case self::EXTERNAL:
case self::LDAP:
if (canUseLdap()) {
AuthLdap::tryLdapAuth($this, $login_name, $login_password, $this->user->fields["auths_id"], $this->user->fields["user_dn"]);
if (!$this->auth_succeded && $this->user_deleted_ldap) {
$user_deleted_ldap = true;
}
}
break;
case self::MAIL:
if (canUseImapPop()) {
AuthMail::tryMailAuth($this, $login_name, $login_password, $this->user->fields["auths_id"]);
}
break;
case self::NOT_YET_AUTHENTIFIED:
break;
}
} else {
if (!$exists) {
//test all ldap servers only is user is not present in glpi's DB
if (!$this->auth_succeded && canUseLdap()) {
AuthLdap::tryLdapAuth($this, $login_name, $login_password, 0, false, false);
}
//test all imap/pop servers
if (!$this->auth_succeded && canUseImapPop()) {
AuthMail::tryMailAuth($this, $login_name, $login_password, 0, false);
}
}
}
}
// Fin des tests de connexion
}
}
if ($user_deleted_ldap) {
User::manageDeletedUserInLdap($this->user->fields["id"]);
}
// Ok, we have gathered sufficient data, if the first return false the user
// is not present on the DB, so we add him.
// if not, we update him.
if ($this->auth_succeded) {
// Prepare data
$this->user->fields["last_login"] = $_SESSION["glpi_currenttime"];
if ($this->extauth) {
$this->user->fields["_extauth"] = 1;
}
if ($DB->isSlave()) {
if (!$this->user_present) {
// Can't add in slave mode
$this->addToError($LANG['login'][11]);
$this->auth_succeded = false;
}
} else {
if ($this->user_present) {
// update user and Blank PWD to clean old database for the external auth
$this->user->update($this->user->fields);
if ($this->extauth) {
$this->user->blankPassword();
}
} else {
if ($CFG_GLPI["is_users_auto_add"]) {
// Auto add user
$input = $this->user->fields;
unset($this->user->fields);
$this->user->add($input);
} else {
// Auto add not enable so auth failed
$this->addToError($LANG['login'][11]);
$this->auth_succeded = false;
}
}
}
}
// Log Event (if possible)
if (!$DB->isSlave()) {
// GET THE IP OF THE CLIENT
$ip = getenv("HTTP_X_FORWARDED_FOR") ? getenv("HTTP_X_FORWARDED_FOR") : getenv("REMOTE_ADDR");
if ($this->auth_succeded) {
$logged = GLPI_DEMO_MODE ? "logged in" : $LANG['log'][40];
Event::log(-1, "system", 3, "login", $login_name . " {$logged}: " . $ip);
} else {
$logged = GLPI_DEMO_MODE ? "connection failed" : $LANG['log'][41];
Event::log(-1, "system", 1, "login", $logged . ": " . $login_name . " ({$ip})");
}
}
$this->initSession();
if ($noauto) {
$_SESSION["noAUTO"] = 1;
}
return $this->auth_succeded;
}