if ($result) {
            // reset all sessions
            if ($isAuthenticationTypeChanged) {
                $result &= DBexecute('UPDATE sessions SET status=' . ZBX_SESSION_PASSIVE . ' WHERE sessionid<>' . zbx_dbstr(CWebUser::$data['sessionid']));
            }
            $isAuthenticationTypeChanged = false;
            add_audit(AUDIT_ACTION_UPDATE, AUDIT_RESOURCE_ZABBIX_CONFIG, $messageSuccess);
        }
        $result = DBend($result);
        show_messages($result, $messageSuccess, $messageFailed);
    }
} elseif ($config['authentication_type'] == ZBX_AUTH_LDAP) {
    if (hasRequest('update') || hasRequest('test')) {
        // check LDAP login/password
        $ldapValidator = new CLdapAuthValidator(array('conf' => array('host' => $config['ldap_host'], 'port' => $config['ldap_port'], 'base_dn' => $config['ldap_base_dn'], 'bind_dn' => $config['ldap_bind_dn'], 'bind_password' => $config['ldap_bind_password'], 'search_attribute' => $config['ldap_search_attribute'])));
        $login = $ldapValidator->validate(array('user' => getRequest('user', CWebUser::$data['alias']), 'password' => getRequest('user_password', '')));
        if (!$login) {
            error(_('Login name or password is incorrect!'));
        }
        if (hasRequest('update')) {
            if (!$login) {
                show_error_message(_('Cannot change authentication method to LDAP'));
            } else {
                $messageSuccess = $isAuthenticationTypeChanged ? _('Authentication method changed to LDAP') : _('LDAP authentication changed');
                $messageFailed = $isAuthenticationTypeChanged ? _('Cannot change authentication method to LDAP') : _('Cannot change authentication');
                DBstart();
                $result = update_config($config);
                if ($result) {
                    unset($_REQUEST['change_bind_password']);
                    // reset all sessions
                    if ($isAuthenticationTypeChanged) {
Exemple #2
0
 /**
  * Authenticate a user using LDAP.
  *
  * The $user array must have the following attributes:
  * - user       - user name
  * - password   - user password
  *
  * @param array $user
  *
  * @return bool
  */
 protected function ldapLogin(array $user)
 {
     $config = select_config();
     $cnf = array();
     foreach ($config as $id => $value) {
         if (zbx_strpos($id, 'ldap_') !== false) {
             $cnf[str_replace('ldap_', '', $id)] = $config[$id];
         }
     }
     if (!function_exists('ldap_connect')) {
         self::exception(ZBX_API_ERROR_PARAMETERS, _('Probably php-ldap module is missing.'));
     }
     $ldapValidator = new CLdapAuthValidator(array('conf' => $cnf));
     if ($ldapValidator->validate($user)) {
         return true;
     } else {
         self::exception(ZBX_API_ERROR_PARAMETERS, _('Login name or password is incorrect.'));
     }
 }