function Connect($arFields = array())
{
if (!is_object($this)) {
$ldap = new CLDAP();
$ldap->arFields = $arFields;
if ($ldap->Connect()) {
return $ldap;
}
return false;
}
if ($this->conn = @ldap_connect($this->arFields["SERVER"], $this->arFields['PORT'])) {
@ldap_set_option($this->conn, LDAP_OPT_PROTOCOL_VERSION, 3);
@ldap_set_option($this->conn, LDAP_OPT_REFERRALS, 0);
@ldap_set_option($this->conn, LDAP_OPT_SIZELIMIT, COption::GetOptionInt("ldap", "group_limit", 0));
@ldap_set_option($this->conn, LDAP_OPT_TIMELIMIT, 100);
@ldap_set_option($this->conn, LDAP_OPT_TIMEOUT, 5);
@ldap_set_option($this->conn, LDAP_OPT_NETWORK_TIMEOUT, 5);
if (@ldap_bind($this->conn)) {
return true;
}
}
return false;
}
$users_ldap = $user->loadList($where, null, null, null, $ljoin);
$ljoin = array();
$ljoin["users_mediboard"] = "`users`.`user_id` = `users_mediboard`.`user_id`";
$ljoin["functions_mediboard"] = "`functions_mediboard`.`function_id` = `users_mediboard`.`function_id`";
$where = array();
$where["users.template"] = "= '0'";
$where["functions_mediboard.group_id"] = "= '{$group_id}'";
$users_all = $user->loadList($where, null, null, null, $ljoin);
/** @var $users CUser[] */
$users = array_diff_key($users_all, $users_ldap);
$users = array_slice($users, $start, $count);
$count = $count_no_associate = $count_associate = 0;
foreach ($users as $_user) {
try {
$source_ldap = CLDAP::bind($_user, $ldaprdn, $ldappass);
$_user = CLDAP::searchAndMap($_user, $source_ldap, $source_ldap->_ldapconn, $_user->user_username, null);
} catch (CMbException $e) {
$e->stepAjax();
}
if ($_user->_count_ldap != 0) {
$count_associate++;
}
if ($_user->_count_ldap == 0) {
CAppUI::stepAjax("'{$_user->_view}' / '{$_user->user_username}' non associé", UI_MSG_WARNING);
$count_no_associate++;
}
$count++;
}
if ($count == 0) {
echo "<script type='text/javascript'>stop=true;</script>";
}
/***************************************************************************
HTML form
****************************************************************************/
require $_SERVER["DOCUMENT_ROOT"] . BX_ROOT . "/modules/main/include/prolog_admin_after.php";
$aMenu = array(array("ICON" => "btn_list", "TEXT" => GetMessage("MAIN_ADMIN_MENU_LIST"), "TITLE" => GetMessage("LDAP_EDIT_LIST"), "LINK" => "ldap_server_admin.php?lang=" . LANG));
if ($ID > 0) {
$aMenu[] = array("ICON" => "btn_new", "TEXT" => GetMessage("MAIN_ADMIN_MENU_CREATE"), "TITLE" => GetMessage("LDAP_EDIT_NEW"), "LINK" => "ldap_server_edit.php?lang=" . LANG);
if ($MOD_RIGHT == "W") {
$aMenu[] = array("ICON" => "btn_delete", "TEXT" => GetMessage("MAIN_ADMIN_MENU_DELETE"), "TITLE" => GetMessage("LDAP_EDIT_DEL"), "LINK" => "javascript:if(confirm('" . GetMessage("LDAP_EDIT_DEL_CONF") . "'))window.location='ldap_server_admin.php?action=delete&ID=" . $ID . "&lang=" . LANG . "&" . bitrix_sessid_get() . "';");
}
}
$context = new CAdminContextMenu($aMenu);
$context->Show();
if (strlen($SERVER) > 0) {
$ldp = false;
$ldp = CLDAP::Connect(array("SERVER" => $SERVER, "PORT" => $PORT, "BASE_DN" => $BASE_DN, "ADMIN_LOGIN" => $ADMIN_LOGIN, "ADMIN_PASSWORD" => $ADMIN_PASSWORD, "CONVERT_UTF8" => $CONVERT_UTF8, "GROUP_FILTER" => $GROUP_FILTER, "GROUP_ID_ATTR" => $GROUP_ID_ATTR, "GROUP_NAME_ATTR" => $GROUP_NAME_ATTR, "GROUP_MEMBERS_ATTR" => $GROUP_MEMBERS_ATTR, "USER_FILTER" => $USER_FILTER, "USER_GROUP_ATTR" => $USER_GROUP_ATTR, "USER_GROUP_ACCESSORY" => $USER_GROUP_ACCESSORY, "MAX_PAGE_SIZE" => $MAX_PAGE_SIZE));
}
if ($bPostback) {
if (!$ldp) {
$message = new CAdminMessage(array("MESSAGE" => GetMessage("LDAP_ERROR"), "DETAILS" => GetMessage("LDAP_EDIT_ERR_CON"), "TYPE" => "ERROR"));
} elseif (!$ldp->BindAdmin()) {
$message = new CAdminMessage(array("MESSAGE" => GetMessage("LDAP_ERROR"), "DETAILS" => GetMessage("LDAP_EDIT_ERR_AUT"), "TYPE" => "ERROR"));
} elseif (strlen($_REQUEST['refresh_groups']) <= 0) {
$message = new CAdminMessage(array("MESSAGE" => GetMessage("LDAP_EDIT_OK_CON"), "TYPE" => "OK"));
}
}
$aTabs = array(array("DIV" => "edit1", "TAB" => GetMessage("LDAP_EDIT_TAB1"), "ICON" => "main_user_edit", "TITLE" => GetMessage("LDAP_EDIT_TAB1_TITLE")), array("DIV" => "edit2", "TAB" => GetMessage("LDAP_EDIT_TAB11"), "ICON" => "main_user_edit", "TITLE" => GetMessage("LDAP_EDIT_TAB11_TITLE")), array("DIV" => "edit3", "TAB" => GetMessage("LDAP_EDIT_TAB2"), "ICON" => "main_user_edit", "TITLE" => GetMessage("LDAP_EDIT_USER_MAP")), array("DIV" => "edit4", "TAB" => GetMessage("LDAP_EDIT_TAB4"), "ICON" => "main_user_edit", "TITLE" => GetMessage("LDAP_EDIT_TAB4_TITLE")));
$tabControl = new CAdminTabControl("tabControl", $aTabs);
if ($message) {
echo $message->Show();
} else {
CAppUI::stepAjax("CUser-user_password-nomatch", UI_MSG_ERROR);
}
// Enregistrement
$user->_user_password = $new_pwd1;
$user->_is_changing = true;
// If user was obliged to change and successfully changed, remove flag
if ($user->force_change_password) {
$user->force_change_password = false;
}
if ($msg = $user->store()) {
CAppUI::stepAjax($msg, UI_MSG_ERROR);
}
// Si utilisateur associé au LDAP et modif mdp autorisée
if ($ldap_linked && $allow_change_password) {
try {
CLDAP::changePassword($user, $old_pwd, $new_pwd1);
CAppUI::stepAjax("CLDAP-change_password_succeeded", UI_MSG_OK);
} catch (CMbException $e) {
// Rétablissement de l'ancien mot de passe
$user->_user_password = $old_pwd;
if ($msg = $user->store()) {
CAppUI::stepAjax($msg, UI_MSG_ERROR);
}
$e->stepAjax();
CAppUI::stepAjax("CLDAP-change_password_failed", UI_MSG_ERROR);
}
}
CAppUI::stepAjax("CUser-msg-password-updated", UI_MSG_OK);
CAppUI::$instance->weak_password = false;
CAppUI::callbackAjax($callback);
CApp::rip();
$strError = GetMessage("USER_IMPORT_CSV_NOT_FOUND");
}
elseif ($dataSource == "ldap")
{
$dbLdap = CLdapServer::GetByID($ldapServer);
if ($arLdap = $dbLdap->Fetch())
{
// this is a test connection, thus any parameters other than related to establishing a connection, have no effect here
$ldp = CLDAP::Connect(
array(
"SERVER" => $arLdap['SERVER'],
"PORT" => $arLdap['PORT'],
"ADMIN_LOGIN" => $arLdap['ADMIN_LOGIN'],
"ADMIN_PASSWORD"=> $arLdap['ADMIN_PASSWORD'],
"BASE_DN" => $arLdap['BASE_DN'],
"GROUP_FILTER" => $arLdap['GROUP_FILTER'],
"GROUP_ID_ATTR" => $arLdap['GROUP_ID_ATTR'],
"USER_GROUP_ACCESSORY" => $arFields['USER_GROUP_ACCESSORY'],
"USER_FILTER" => $arLdap['USER_FILTER'],
"GROUP_NAME_ATTR"=> $arLdap['GROUP_NAME_ATTR'],
"CONVERT_UTF8" => $arLdap['CONVERT_UTF8'],
"MAX_PAGE_SIZE" => $arLdap['MAX_PAGE_SIZE']
)
);
if(!$ldp)
$strError = GetMessage("USER_IMPORT_LDAP_SERVER_CONN_ERROR");
elseif(!$ldp->BindAdmin())
{
$strError = GetMessage("USER_IMPORT_LDAP_SERVER_AUTH_ERROR");
$ldp->Disconnect();
}
/**
* Changes a user's password inside the LDAP
*
* @param CUser $user The user
* @param string $old_pass The user's old password
* @param string $new_pass The user's new password
* @param string $encryption Encryption type: Unicode or MD5 or SHA
*
* @return boolean Success
*/
static function changePassword(CUser $user, $old_pass, $new_pass, $encryption = "Unicode")
{
if (!in_array($encryption, array("Unicode", "MD5", "SHA"))) {
return false;
}
$source_ldap = CLDAP::connect();
if (!$source_ldap) {
return false;
}
if (!$source_ldap->secured) {
$source_ldap->start_tls();
}
$bound = $source_ldap->ldap_bind($source_ldap->_ldapconn, $user->user_username, $old_pass);
if (!$bound) {
return false;
}
$entry = array();
switch ($encryption) {
case "Unicode":
$entry["unicodePwd"][0] = self::encodeUnicodePassword($new_pass);
break;
case "MD5":
$new_pass = md5($new_pass);
$entry["userPassword"] = "******" . base64_encode(pack("H*", $new_pass));
break;
case "SHA":
$new_pass = sha1($new_pass);
$entry["userPassword"] = "******" . base64_encode(pack("H*", $new_pass));
break;
}
$dn = $source_ldap->get_dn($user->user_username);
return $source_ldap->ldap_mod_replace($source_ldap->_ldapconn, $dn, $entry);
}
$dbLdap = CLdapServer::GetByID($ldapServer);
if ($dbLdap->Fetch()) {
$csvImport->externalAuthID = "LDAP#" . $ldapServer;
}
}
if ($csvImport->IsErrorOccured()) {
$strError = $csvImport->GetErrorMessage();
}
} else {
$strError = GetMessage("USER_IMPORT_CSV_NOT_FOUND");
}
} elseif ($dataSource == "ldap") {
$dbLdap = CLdapServer::GetByID($ldapServer);
if ($arLdap = $dbLdap->Fetch()) {
// this is a test connection, thus any parameters other than related to establishing a connection, have no effect here
$ldap = new CLDAP();
$ldap->arFields = array("SERVER" => $arLdap['SERVER'], "PORT" => $arLdap['PORT'], "ADMIN_LOGIN" => $arLdap['ADMIN_LOGIN'], "ADMIN_PASSWORD" => $arLdap['ADMIN_PASSWORD'], "BASE_DN" => $arLdap['BASE_DN'], "GROUP_FILTER" => $arLdap['GROUP_FILTER'], "GROUP_ID_ATTR" => $arLdap['GROUP_ID_ATTR'], "USER_GROUP_ACCESSORY" => $arLdap['USER_GROUP_ACCESSORY'], "USER_FILTER" => $arLdap['USER_FILTER'], "GROUP_NAME_ATTR" => $arLdap['GROUP_NAME_ATTR'], "CONVERT_UTF8" => $arLdap['CONVERT_UTF8'], "MAX_PAGE_SIZE" => $arLdap['MAX_PAGE_SIZE']);
if ($ldap->Connect()) {
$ldp = $ldap;
if (!$ldp->BindAdmin()) {
$strError = GetMessage("USER_IMPORT_LDAP_SERVER_AUTH_ERROR");
}
$ldp->Disconnect();
} else {
$strError = GetMessage("USER_IMPORT_LDAP_SERVER_CONN_ERROR");
}
} else {
$strError = GetMessage("USER_IMPORT_LDAP_SERVER_NOT_FOUND");
}
} elseif ($dataSource == "1c" && $create1cUser == "Y") {
$user = new CUser();
* @package Mediboard
* @author SARL OpenXtrem <*****@*****.**>
* @license GNU General Public License, see http://www.gnu.org/licenses/gpl.html
* @version $Revision$
* @link http://www.mediboard.org
*/
$id_ext = new CIdSante400();
$id_ext->tag = CAppUI::conf("admin LDAP ldap_tag");
$id_ext->object_class = "CUser";
$list = $id_ext->loadMatchingList();
if (count($list) == 0) {
CAppUI::setMsg("Aucun identifiant à convertir");
}
$count = 0;
foreach ($list as $_id_ext) {
if (strpos($_id_ext->id400, "-") !== false) {
continue;
}
$count++;
$_id_ext->id400 = CLDAP::convertHexaToRegistry($_id_ext->id400);
$_id_ext->last_update = CMbDT::dateTime();
if ($msg = $_id_ext->store()) {
CAppUI::setMsg($msg, UI_MSG_WARNING);
} else {
CAppUI::setMsg("Identifiant converti");
}
}
if ($count == 0) {
CAppUI::setMsg("Aucun identifiant à convertir");
}
echo CAppUI::getMsg();
/**
* Login function, handling standard login, loginas, LDAP connection
* Preferences get loaded on success
*
* @param bool $force_login To allow admin users to login as someone else
*
* @return boolean Job done
*/
static function login($force_login = false)
{
$ldap_connection = CAppUI::conf("admin LDAP ldap_connection");
$allow_login_as_ldap = CAppUI::conf("admin LDAP allow_login_as_admin");
// Login as
$loginas = trim(CValue::request("loginas"));
$passwordas = trim(CValue::request("passwordas"));
// LDAP
$ldap_guid = trim(CValue::get("ldap_guid"));
// Standard login
$username = trim(CValue::request("username"));
$password = trim(CValue::request("password"));
// Token sign-in
$token_hash = trim(CValue::request("token"));
// Test login and password validity
$user = new CUser();
$user->_is_logging = true;
// -------------- Login as: no need to provide a password for administrators
if ($loginas) {
if (self::$instance->user_type != 1 && !$force_login) {
self::setMsg("Auth-failed-loginas-admin", UI_MSG_ERROR);
return false;
}
$username = $loginas;
$password = $ldap_connection ? $passwordas : null;
if (self::$instance->user_type == 1 && $allow_login_as_ldap) {
$password = null;
}
$user->user_username = $username;
$user->_user_password = $password;
} elseif ($ldap_connection && $ldap_guid) {
try {
$user = CLDAP::getFromLDAPGuid($ldap_guid);
} catch (Exception $e) {
self::setMsg($e->getMessage(), UI_MSG_ERROR);
return false;
}
} elseif ($token_hash) {
$token = CViewAccessToken::getByHash($token_hash);
if (!$token->isValid()) {
self::setMsg("Auth-failed-invalidToken", UI_MSG_ERROR);
return false;
}
$token->useIt();
$token->applyParams();
$user->load($token->user_id);
self::$instance->auth_method = "token";
} elseif (self::$auth_info && self::$auth_info->user_id) {
$auth = self::$auth_info;
$user->load($auth->user_id);
self::$instance->auth_method = $auth->auth_method;
} else {
if (!$username) {
self::setMsg("Auth-failed-nousername", UI_MSG_ERROR);
return false;
}
if (!$password) {
self::setMsg("Auth-failed-nopassword", UI_MSG_ERROR);
return false;
}
$user->user_username = $username;
$user->_user_password = $password;
self::$instance->weak_password = self::checkPasswordWeakness($user);
}
if (!$user->_id) {
$user->loadMatchingObject();
self::$instance->auth_method = "basic";
}
// User template case
if ($user->template) {
self::setMsg("Auth-failed-template", UI_MSG_ERROR);
return false;
}
// LDAP case (when not using a ldap_guid), we check is the user in the LDAP directory is still allowed
// TODO we shoud check it when using ldap_guid too
if ($ldap_connection && $username) {
$user_ldap = new CUser();
$user_ldap->user_username = $username;
$user_ldap->loadMatchingObject();
$idex = $user_ldap->loadLastId400(CAppUI::conf("admin LDAP ldap_tag"));
// The user in linked to the LDAP
if ($idex->_id) {
$ldap_guid = $idex->id400;
$user_ldap->_user_password = $password;
$user_ldap->_bound = false;
try {
$user = CLDAP::login($user_ldap, $ldap_guid);
if (!$user->_bound) {
self::setMsg("Auth-failed-combination", UI_MSG_ERROR);
return false;
}
} catch (CMbInvalidCredentialsException $e) {
self::setMsg($e->getMessage(), UI_MSG_WARNING);
return false;
} catch (CMbException $e) {
// No UI_MSG_ERROR nor $e->stepAjax as it needs to run through!
self::setMsg($e->getMessage(), UI_MSG_WARNING);
}
}
}
if (!$user->_bound && !self::checkPasswordAttempt($user)) {
return false;
}
$user->user_login_errors = 0;
$user->store();
// Put user_group in AppUI
self::$instance->user_remote = 1;
$ds = CSQLDataSource::get("std");
// We get the user's group if the Mediusers module is installed
if ($ds->loadTable("users_mediboard") && $ds->loadTable("groups_mediboard")) {
$sql = "SELECT `remote` FROM `users_mediboard` WHERE `user_id` = '{$user->_id}'";
self::$instance->user_remote = $ds->loadResult($sql);
$sql = "SELECT `groups_mediboard`.`group_id`\n FROM `groups_mediboard`, `functions_mediboard`, `users_mediboard`\n WHERE `groups_mediboard`.`group_id` = `functions_mediboard`.`group_id`\n AND `functions_mediboard`.`function_id` = `users_mediboard`.`function_id`\n AND `users_mediboard`.`user_id` = '{$user->_id}'";
self::$instance->user_group = $ds->loadResult($sql);
}
// Test if remote connection is allowed
// Get the client and the proxy IP
$adress = get_remote_address();
self::$instance->ip = $adress["client"];
self::$instance->proxy = $adress["proxy"];
self::$instance->_is_intranet = is_intranet_ip(self::$instance->ip) && self::$instance->ip != self::conf("system reverse_proxy");
if (!self::$instance->_is_intranet && self::$instance->user_remote == 1 && $user->user_type != 1) {
self::setMsg("Auth-failed-user-noremoteaccess", UI_MSG_ERROR);
return false;
}
self::$instance->user_id = $user->_id;
// save the last_login dateTime
CUserAuthentication::logAuth($user);
// <DEPRECATED>
self::$instance->user_first_name = $user->user_first_name;
self::$instance->user_last_name = $user->user_last_name;
self::$instance->user_email = $user->user_email;
self::$instance->user_type = $user->user_type;
self::$instance->user_last_login = $user->getLastLogin();
// </DEPRECATED>
// load the user preferences
self::buildPrefs();
return true;
}
* @author SARL OpenXtrem <*****@*****.**>
* @license GNU General Public License, see http://www.gnu.org/licenses/gpl.html
* @version $Revision: 18997 $
* @link http://www.mediboard.org
*/
CCanDo::checkRead();
$mediuser_id = CValue::get("mediuser_id");
$samaccountname = CValue::get("samaccountname");
$mediuser = new CMediusers();
$mediuser->load($mediuser_id);
$user = $mediuser->_ref_user;
if (!$user) {
$user = new CUser();
}
$ldaprdn = CAppUI::conf("admin LDAP ldap_user");
$ldappass = CAppUI::conf("admin LDAP ldap_password");
$force_create = false;
if (!$mediuser->_id) {
$force_create = true;
}
try {
$source_ldap = CLDAP::bind($user, $ldaprdn, $ldappass);
$user = CLDAP::searchAndMap($user, $source_ldap, $source_ldap->_ldapconn, $samaccountname, null, true);
} catch (CMbException $e) {
$e->stepAjax(UI_MSG_ERROR);
}
// Création du template
$smarty = new CSmartyDP();
$smarty->assign("user", $user);
$smarty->assign("association", $mediuser_id ? 0 : 1);
$smarty->display("inc_create_user_ldap.tpl");
try {
$source_ldap = CLDAP::bind($user, $ldaprdn, $ldappass);
$results = $source_ldap->ldap_search($source_ldap->_ldapconn, $filter);
} catch (CMbException $e) {
$e->stepAjax(UI_MSG_ERROR);
}
$nb_users = $results["count"];
unset($results["count"]);
$users = array();
foreach ($results as $key => $_result) {
$objectguid = CLDAP::getObjectGUID($_result);
$users[$key]["objectguid"] = $objectguid;
$users[$key]["user_username"] = CLDAP::getValue($_result, "samaccountname");
$users[$key]["user_first_name"] = CLDAP::getValue($_result, "givenname");
$users[$key]["user_last_name"] = CLDAP::getValue($_result, "sn");
$users[$key]["actif"] = CLDAP::getValue($_result, "useraccountcontrol") == 66048 ? 1 : 0;
$idex = new CIdSante400();
$idex->tag = CAppUI::conf("admin LDAP ldap_tag");
$idex->id400 = $objectguid;
$idex->object_class = "CUser";
$idex->loadMatchingObject();
$users[$key]["associate"] = $idex->_id ? $idex->object_id : null;
}
$smarty = new CSmartyDP();
$smarty->assign("users", $users);
$smarty->assign("mediuser", $mediuser);
$smarty->assign("nb_users", $nb_users);
$smarty->assign("givenname", CMbString::capitalize($mediuser->_user_first_name));
$smarty->assign("sn", strtoupper($mediuser->_user_last_name));
$smarty->assign("samaccountname", strtolower($mediuser->_user_username));
$smarty->display("inc_search_user_ldap.tpl");
<?php
/**
* $Id$
*
* @category Admin
* @package Mediboard
* @author SARL OpenXtrem <*****@*****.**>
* @license GNU General Public License, see http://www.gnu.org/licenses/gpl.html
* @version $Revision$
* @link http://www.mediboard.org
*/
CCanDo::checkEdit();
$mediuser_id = CValue::get("user_id");
$action = CValue::get("action", "update");
$mediuser = new CMediusers();
$mediuser->load($mediuser_id);
if ($mediuser->_id) {
$user = $mediuser->_ref_user;
if ($user->_id && $user->isLDAPLinked()) {
$ldap_idex = $user->loadLastId400(CAppUI::conf("admin LDAP ldap_tag"));
if ($action == "update") {
CLDAP::login($user, $ldap_idex->id400);
CAppUI::stepAjax("user-updated-from-ldap");
} elseif ($action == "unlink") {
$ldap_idex->delete();
CAppUI::stepAjax("user-unlink_from_ldap");
}
}
}
CApp::rip();
