function Connect($arFields = array()) { if (!is_object($this)) { $ldap = new CLDAP(); $ldap->arFields = $arFields; if ($ldap->Connect()) { return $ldap; } return false; } if ($this->conn = @ldap_connect($this->arFields["SERVER"], $this->arFields['PORT'])) { @ldap_set_option($this->conn, LDAP_OPT_PROTOCOL_VERSION, 3); @ldap_set_option($this->conn, LDAP_OPT_REFERRALS, 0); @ldap_set_option($this->conn, LDAP_OPT_SIZELIMIT, COption::GetOptionInt("ldap", "group_limit", 0)); @ldap_set_option($this->conn, LDAP_OPT_TIMELIMIT, 100); @ldap_set_option($this->conn, LDAP_OPT_TIMEOUT, 5); @ldap_set_option($this->conn, LDAP_OPT_NETWORK_TIMEOUT, 5); if (@ldap_bind($this->conn)) { return true; } } return false; }
$users_ldap = $user->loadList($where, null, null, null, $ljoin); $ljoin = array(); $ljoin["users_mediboard"] = "`users`.`user_id` = `users_mediboard`.`user_id`"; $ljoin["functions_mediboard"] = "`functions_mediboard`.`function_id` = `users_mediboard`.`function_id`"; $where = array(); $where["users.template"] = "= '0'"; $where["functions_mediboard.group_id"] = "= '{$group_id}'"; $users_all = $user->loadList($where, null, null, null, $ljoin); /** @var $users CUser[] */ $users = array_diff_key($users_all, $users_ldap); $users = array_slice($users, $start, $count); $count = $count_no_associate = $count_associate = 0; foreach ($users as $_user) { try { $source_ldap = CLDAP::bind($_user, $ldaprdn, $ldappass); $_user = CLDAP::searchAndMap($_user, $source_ldap, $source_ldap->_ldapconn, $_user->user_username, null); } catch (CMbException $e) { $e->stepAjax(); } if ($_user->_count_ldap != 0) { $count_associate++; } if ($_user->_count_ldap == 0) { CAppUI::stepAjax("'{$_user->_view}' / '{$_user->user_username}' non associé", UI_MSG_WARNING); $count_no_associate++; } $count++; } if ($count == 0) { echo "<script type='text/javascript'>stop=true;</script>"; }
/*************************************************************************** HTML form ****************************************************************************/ require $_SERVER["DOCUMENT_ROOT"] . BX_ROOT . "/modules/main/include/prolog_admin_after.php"; $aMenu = array(array("ICON" => "btn_list", "TEXT" => GetMessage("MAIN_ADMIN_MENU_LIST"), "TITLE" => GetMessage("LDAP_EDIT_LIST"), "LINK" => "ldap_server_admin.php?lang=" . LANG)); if ($ID > 0) { $aMenu[] = array("ICON" => "btn_new", "TEXT" => GetMessage("MAIN_ADMIN_MENU_CREATE"), "TITLE" => GetMessage("LDAP_EDIT_NEW"), "LINK" => "ldap_server_edit.php?lang=" . LANG); if ($MOD_RIGHT == "W") { $aMenu[] = array("ICON" => "btn_delete", "TEXT" => GetMessage("MAIN_ADMIN_MENU_DELETE"), "TITLE" => GetMessage("LDAP_EDIT_DEL"), "LINK" => "javascript:if(confirm('" . GetMessage("LDAP_EDIT_DEL_CONF") . "'))window.location='ldap_server_admin.php?action=delete&ID=" . $ID . "&lang=" . LANG . "&" . bitrix_sessid_get() . "';"); } } $context = new CAdminContextMenu($aMenu); $context->Show(); if (strlen($SERVER) > 0) { $ldp = false; $ldp = CLDAP::Connect(array("SERVER" => $SERVER, "PORT" => $PORT, "BASE_DN" => $BASE_DN, "ADMIN_LOGIN" => $ADMIN_LOGIN, "ADMIN_PASSWORD" => $ADMIN_PASSWORD, "CONVERT_UTF8" => $CONVERT_UTF8, "GROUP_FILTER" => $GROUP_FILTER, "GROUP_ID_ATTR" => $GROUP_ID_ATTR, "GROUP_NAME_ATTR" => $GROUP_NAME_ATTR, "GROUP_MEMBERS_ATTR" => $GROUP_MEMBERS_ATTR, "USER_FILTER" => $USER_FILTER, "USER_GROUP_ATTR" => $USER_GROUP_ATTR, "USER_GROUP_ACCESSORY" => $USER_GROUP_ACCESSORY, "MAX_PAGE_SIZE" => $MAX_PAGE_SIZE)); } if ($bPostback) { if (!$ldp) { $message = new CAdminMessage(array("MESSAGE" => GetMessage("LDAP_ERROR"), "DETAILS" => GetMessage("LDAP_EDIT_ERR_CON"), "TYPE" => "ERROR")); } elseif (!$ldp->BindAdmin()) { $message = new CAdminMessage(array("MESSAGE" => GetMessage("LDAP_ERROR"), "DETAILS" => GetMessage("LDAP_EDIT_ERR_AUT"), "TYPE" => "ERROR")); } elseif (strlen($_REQUEST['refresh_groups']) <= 0) { $message = new CAdminMessage(array("MESSAGE" => GetMessage("LDAP_EDIT_OK_CON"), "TYPE" => "OK")); } } $aTabs = array(array("DIV" => "edit1", "TAB" => GetMessage("LDAP_EDIT_TAB1"), "ICON" => "main_user_edit", "TITLE" => GetMessage("LDAP_EDIT_TAB1_TITLE")), array("DIV" => "edit2", "TAB" => GetMessage("LDAP_EDIT_TAB11"), "ICON" => "main_user_edit", "TITLE" => GetMessage("LDAP_EDIT_TAB11_TITLE")), array("DIV" => "edit3", "TAB" => GetMessage("LDAP_EDIT_TAB2"), "ICON" => "main_user_edit", "TITLE" => GetMessage("LDAP_EDIT_USER_MAP")), array("DIV" => "edit4", "TAB" => GetMessage("LDAP_EDIT_TAB4"), "ICON" => "main_user_edit", "TITLE" => GetMessage("LDAP_EDIT_TAB4_TITLE"))); $tabControl = new CAdminTabControl("tabControl", $aTabs); if ($message) { echo $message->Show(); } else {
CAppUI::stepAjax("CUser-user_password-nomatch", UI_MSG_ERROR); } // Enregistrement $user->_user_password = $new_pwd1; $user->_is_changing = true; // If user was obliged to change and successfully changed, remove flag if ($user->force_change_password) { $user->force_change_password = false; } if ($msg = $user->store()) { CAppUI::stepAjax($msg, UI_MSG_ERROR); } // Si utilisateur associé au LDAP et modif mdp autorisée if ($ldap_linked && $allow_change_password) { try { CLDAP::changePassword($user, $old_pwd, $new_pwd1); CAppUI::stepAjax("CLDAP-change_password_succeeded", UI_MSG_OK); } catch (CMbException $e) { // Rétablissement de l'ancien mot de passe $user->_user_password = $old_pwd; if ($msg = $user->store()) { CAppUI::stepAjax($msg, UI_MSG_ERROR); } $e->stepAjax(); CAppUI::stepAjax("CLDAP-change_password_failed", UI_MSG_ERROR); } } CAppUI::stepAjax("CUser-msg-password-updated", UI_MSG_OK); CAppUI::$instance->weak_password = false; CAppUI::callbackAjax($callback); CApp::rip();
$strError = GetMessage("USER_IMPORT_CSV_NOT_FOUND"); } elseif ($dataSource == "ldap") { $dbLdap = CLdapServer::GetByID($ldapServer); if ($arLdap = $dbLdap->Fetch()) { // this is a test connection, thus any parameters other than related to establishing a connection, have no effect here $ldp = CLDAP::Connect( array( "SERVER" => $arLdap['SERVER'], "PORT" => $arLdap['PORT'], "ADMIN_LOGIN" => $arLdap['ADMIN_LOGIN'], "ADMIN_PASSWORD"=> $arLdap['ADMIN_PASSWORD'], "BASE_DN" => $arLdap['BASE_DN'], "GROUP_FILTER" => $arLdap['GROUP_FILTER'], "GROUP_ID_ATTR" => $arLdap['GROUP_ID_ATTR'], "USER_GROUP_ACCESSORY" => $arFields['USER_GROUP_ACCESSORY'], "USER_FILTER" => $arLdap['USER_FILTER'], "GROUP_NAME_ATTR"=> $arLdap['GROUP_NAME_ATTR'], "CONVERT_UTF8" => $arLdap['CONVERT_UTF8'], "MAX_PAGE_SIZE" => $arLdap['MAX_PAGE_SIZE'] ) ); if(!$ldp) $strError = GetMessage("USER_IMPORT_LDAP_SERVER_CONN_ERROR"); elseif(!$ldp->BindAdmin()) { $strError = GetMessage("USER_IMPORT_LDAP_SERVER_AUTH_ERROR"); $ldp->Disconnect(); }
/** * Changes a user's password inside the LDAP * * @param CUser $user The user * @param string $old_pass The user's old password * @param string $new_pass The user's new password * @param string $encryption Encryption type: Unicode or MD5 or SHA * * @return boolean Success */ static function changePassword(CUser $user, $old_pass, $new_pass, $encryption = "Unicode") { if (!in_array($encryption, array("Unicode", "MD5", "SHA"))) { return false; } $source_ldap = CLDAP::connect(); if (!$source_ldap) { return false; } if (!$source_ldap->secured) { $source_ldap->start_tls(); } $bound = $source_ldap->ldap_bind($source_ldap->_ldapconn, $user->user_username, $old_pass); if (!$bound) { return false; } $entry = array(); switch ($encryption) { case "Unicode": $entry["unicodePwd"][0] = self::encodeUnicodePassword($new_pass); break; case "MD5": $new_pass = md5($new_pass); $entry["userPassword"] = "******" . base64_encode(pack("H*", $new_pass)); break; case "SHA": $new_pass = sha1($new_pass); $entry["userPassword"] = "******" . base64_encode(pack("H*", $new_pass)); break; } $dn = $source_ldap->get_dn($user->user_username); return $source_ldap->ldap_mod_replace($source_ldap->_ldapconn, $dn, $entry); }
$dbLdap = CLdapServer::GetByID($ldapServer); if ($dbLdap->Fetch()) { $csvImport->externalAuthID = "LDAP#" . $ldapServer; } } if ($csvImport->IsErrorOccured()) { $strError = $csvImport->GetErrorMessage(); } } else { $strError = GetMessage("USER_IMPORT_CSV_NOT_FOUND"); } } elseif ($dataSource == "ldap") { $dbLdap = CLdapServer::GetByID($ldapServer); if ($arLdap = $dbLdap->Fetch()) { // this is a test connection, thus any parameters other than related to establishing a connection, have no effect here $ldap = new CLDAP(); $ldap->arFields = array("SERVER" => $arLdap['SERVER'], "PORT" => $arLdap['PORT'], "ADMIN_LOGIN" => $arLdap['ADMIN_LOGIN'], "ADMIN_PASSWORD" => $arLdap['ADMIN_PASSWORD'], "BASE_DN" => $arLdap['BASE_DN'], "GROUP_FILTER" => $arLdap['GROUP_FILTER'], "GROUP_ID_ATTR" => $arLdap['GROUP_ID_ATTR'], "USER_GROUP_ACCESSORY" => $arLdap['USER_GROUP_ACCESSORY'], "USER_FILTER" => $arLdap['USER_FILTER'], "GROUP_NAME_ATTR" => $arLdap['GROUP_NAME_ATTR'], "CONVERT_UTF8" => $arLdap['CONVERT_UTF8'], "MAX_PAGE_SIZE" => $arLdap['MAX_PAGE_SIZE']); if ($ldap->Connect()) { $ldp = $ldap; if (!$ldp->BindAdmin()) { $strError = GetMessage("USER_IMPORT_LDAP_SERVER_AUTH_ERROR"); } $ldp->Disconnect(); } else { $strError = GetMessage("USER_IMPORT_LDAP_SERVER_CONN_ERROR"); } } else { $strError = GetMessage("USER_IMPORT_LDAP_SERVER_NOT_FOUND"); } } elseif ($dataSource == "1c" && $create1cUser == "Y") { $user = new CUser();
* @package Mediboard * @author SARL OpenXtrem <*****@*****.**> * @license GNU General Public License, see http://www.gnu.org/licenses/gpl.html * @version $Revision$ * @link http://www.mediboard.org */ $id_ext = new CIdSante400(); $id_ext->tag = CAppUI::conf("admin LDAP ldap_tag"); $id_ext->object_class = "CUser"; $list = $id_ext->loadMatchingList(); if (count($list) == 0) { CAppUI::setMsg("Aucun identifiant à convertir"); } $count = 0; foreach ($list as $_id_ext) { if (strpos($_id_ext->id400, "-") !== false) { continue; } $count++; $_id_ext->id400 = CLDAP::convertHexaToRegistry($_id_ext->id400); $_id_ext->last_update = CMbDT::dateTime(); if ($msg = $_id_ext->store()) { CAppUI::setMsg($msg, UI_MSG_WARNING); } else { CAppUI::setMsg("Identifiant converti"); } } if ($count == 0) { CAppUI::setMsg("Aucun identifiant à convertir"); } echo CAppUI::getMsg();
/** * Login function, handling standard login, loginas, LDAP connection * Preferences get loaded on success * * @param bool $force_login To allow admin users to login as someone else * * @return boolean Job done */ static function login($force_login = false) { $ldap_connection = CAppUI::conf("admin LDAP ldap_connection"); $allow_login_as_ldap = CAppUI::conf("admin LDAP allow_login_as_admin"); // Login as $loginas = trim(CValue::request("loginas")); $passwordas = trim(CValue::request("passwordas")); // LDAP $ldap_guid = trim(CValue::get("ldap_guid")); // Standard login $username = trim(CValue::request("username")); $password = trim(CValue::request("password")); // Token sign-in $token_hash = trim(CValue::request("token")); // Test login and password validity $user = new CUser(); $user->_is_logging = true; // -------------- Login as: no need to provide a password for administrators if ($loginas) { if (self::$instance->user_type != 1 && !$force_login) { self::setMsg("Auth-failed-loginas-admin", UI_MSG_ERROR); return false; } $username = $loginas; $password = $ldap_connection ? $passwordas : null; if (self::$instance->user_type == 1 && $allow_login_as_ldap) { $password = null; } $user->user_username = $username; $user->_user_password = $password; } elseif ($ldap_connection && $ldap_guid) { try { $user = CLDAP::getFromLDAPGuid($ldap_guid); } catch (Exception $e) { self::setMsg($e->getMessage(), UI_MSG_ERROR); return false; } } elseif ($token_hash) { $token = CViewAccessToken::getByHash($token_hash); if (!$token->isValid()) { self::setMsg("Auth-failed-invalidToken", UI_MSG_ERROR); return false; } $token->useIt(); $token->applyParams(); $user->load($token->user_id); self::$instance->auth_method = "token"; } elseif (self::$auth_info && self::$auth_info->user_id) { $auth = self::$auth_info; $user->load($auth->user_id); self::$instance->auth_method = $auth->auth_method; } else { if (!$username) { self::setMsg("Auth-failed-nousername", UI_MSG_ERROR); return false; } if (!$password) { self::setMsg("Auth-failed-nopassword", UI_MSG_ERROR); return false; } $user->user_username = $username; $user->_user_password = $password; self::$instance->weak_password = self::checkPasswordWeakness($user); } if (!$user->_id) { $user->loadMatchingObject(); self::$instance->auth_method = "basic"; } // User template case if ($user->template) { self::setMsg("Auth-failed-template", UI_MSG_ERROR); return false; } // LDAP case (when not using a ldap_guid), we check is the user in the LDAP directory is still allowed // TODO we shoud check it when using ldap_guid too if ($ldap_connection && $username) { $user_ldap = new CUser(); $user_ldap->user_username = $username; $user_ldap->loadMatchingObject(); $idex = $user_ldap->loadLastId400(CAppUI::conf("admin LDAP ldap_tag")); // The user in linked to the LDAP if ($idex->_id) { $ldap_guid = $idex->id400; $user_ldap->_user_password = $password; $user_ldap->_bound = false; try { $user = CLDAP::login($user_ldap, $ldap_guid); if (!$user->_bound) { self::setMsg("Auth-failed-combination", UI_MSG_ERROR); return false; } } catch (CMbInvalidCredentialsException $e) { self::setMsg($e->getMessage(), UI_MSG_WARNING); return false; } catch (CMbException $e) { // No UI_MSG_ERROR nor $e->stepAjax as it needs to run through! self::setMsg($e->getMessage(), UI_MSG_WARNING); } } } if (!$user->_bound && !self::checkPasswordAttempt($user)) { return false; } $user->user_login_errors = 0; $user->store(); // Put user_group in AppUI self::$instance->user_remote = 1; $ds = CSQLDataSource::get("std"); // We get the user's group if the Mediusers module is installed if ($ds->loadTable("users_mediboard") && $ds->loadTable("groups_mediboard")) { $sql = "SELECT `remote` FROM `users_mediboard` WHERE `user_id` = '{$user->_id}'"; self::$instance->user_remote = $ds->loadResult($sql); $sql = "SELECT `groups_mediboard`.`group_id`\n FROM `groups_mediboard`, `functions_mediboard`, `users_mediboard`\n WHERE `groups_mediboard`.`group_id` = `functions_mediboard`.`group_id`\n AND `functions_mediboard`.`function_id` = `users_mediboard`.`function_id`\n AND `users_mediboard`.`user_id` = '{$user->_id}'"; self::$instance->user_group = $ds->loadResult($sql); } // Test if remote connection is allowed // Get the client and the proxy IP $adress = get_remote_address(); self::$instance->ip = $adress["client"]; self::$instance->proxy = $adress["proxy"]; self::$instance->_is_intranet = is_intranet_ip(self::$instance->ip) && self::$instance->ip != self::conf("system reverse_proxy"); if (!self::$instance->_is_intranet && self::$instance->user_remote == 1 && $user->user_type != 1) { self::setMsg("Auth-failed-user-noremoteaccess", UI_MSG_ERROR); return false; } self::$instance->user_id = $user->_id; // save the last_login dateTime CUserAuthentication::logAuth($user); // <DEPRECATED> self::$instance->user_first_name = $user->user_first_name; self::$instance->user_last_name = $user->user_last_name; self::$instance->user_email = $user->user_email; self::$instance->user_type = $user->user_type; self::$instance->user_last_login = $user->getLastLogin(); // </DEPRECATED> // load the user preferences self::buildPrefs(); return true; }
* @author SARL OpenXtrem <*****@*****.**> * @license GNU General Public License, see http://www.gnu.org/licenses/gpl.html * @version $Revision: 18997 $ * @link http://www.mediboard.org */ CCanDo::checkRead(); $mediuser_id = CValue::get("mediuser_id"); $samaccountname = CValue::get("samaccountname"); $mediuser = new CMediusers(); $mediuser->load($mediuser_id); $user = $mediuser->_ref_user; if (!$user) { $user = new CUser(); } $ldaprdn = CAppUI::conf("admin LDAP ldap_user"); $ldappass = CAppUI::conf("admin LDAP ldap_password"); $force_create = false; if (!$mediuser->_id) { $force_create = true; } try { $source_ldap = CLDAP::bind($user, $ldaprdn, $ldappass); $user = CLDAP::searchAndMap($user, $source_ldap, $source_ldap->_ldapconn, $samaccountname, null, true); } catch (CMbException $e) { $e->stepAjax(UI_MSG_ERROR); } // Création du template $smarty = new CSmartyDP(); $smarty->assign("user", $user); $smarty->assign("association", $mediuser_id ? 0 : 1); $smarty->display("inc_create_user_ldap.tpl");
try { $source_ldap = CLDAP::bind($user, $ldaprdn, $ldappass); $results = $source_ldap->ldap_search($source_ldap->_ldapconn, $filter); } catch (CMbException $e) { $e->stepAjax(UI_MSG_ERROR); } $nb_users = $results["count"]; unset($results["count"]); $users = array(); foreach ($results as $key => $_result) { $objectguid = CLDAP::getObjectGUID($_result); $users[$key]["objectguid"] = $objectguid; $users[$key]["user_username"] = CLDAP::getValue($_result, "samaccountname"); $users[$key]["user_first_name"] = CLDAP::getValue($_result, "givenname"); $users[$key]["user_last_name"] = CLDAP::getValue($_result, "sn"); $users[$key]["actif"] = CLDAP::getValue($_result, "useraccountcontrol") == 66048 ? 1 : 0; $idex = new CIdSante400(); $idex->tag = CAppUI::conf("admin LDAP ldap_tag"); $idex->id400 = $objectguid; $idex->object_class = "CUser"; $idex->loadMatchingObject(); $users[$key]["associate"] = $idex->_id ? $idex->object_id : null; } $smarty = new CSmartyDP(); $smarty->assign("users", $users); $smarty->assign("mediuser", $mediuser); $smarty->assign("nb_users", $nb_users); $smarty->assign("givenname", CMbString::capitalize($mediuser->_user_first_name)); $smarty->assign("sn", strtoupper($mediuser->_user_last_name)); $smarty->assign("samaccountname", strtolower($mediuser->_user_username)); $smarty->display("inc_search_user_ldap.tpl");
<?php /** * $Id$ * * @category Admin * @package Mediboard * @author SARL OpenXtrem <*****@*****.**> * @license GNU General Public License, see http://www.gnu.org/licenses/gpl.html * @version $Revision$ * @link http://www.mediboard.org */ CCanDo::checkEdit(); $mediuser_id = CValue::get("user_id"); $action = CValue::get("action", "update"); $mediuser = new CMediusers(); $mediuser->load($mediuser_id); if ($mediuser->_id) { $user = $mediuser->_ref_user; if ($user->_id && $user->isLDAPLinked()) { $ldap_idex = $user->loadLastId400(CAppUI::conf("admin LDAP ldap_tag")); if ($action == "update") { CLDAP::login($user, $ldap_idex->id400); CAppUI::stepAjax("user-updated-from-ldap"); } elseif ($action == "unlink") { $ldap_idex->delete(); CAppUI::stepAjax("user-unlink_from_ldap"); } } } CApp::rip();