/** * This method return GLPI status (same as status.php) * * @param $params array of option : ignored * @param $protocol the communication protocol used * * @return an response ready to be encode **/ static function methodStatus($params, $protocol) { global $DB; if (isset($params['help'])) { return array('help' => 'bool,optional'); } $resp = array(); $ok_master = true; $ok_slave = true; $ok = true; // Check slave server connection if (DBConnection::isDBSlaveActive()) { $DBslave = DBConnection::getDBSlaveConf(); if (is_array($DBslave->dbhost)) { $hosts = $DBslave->dbhost; } else { $hosts = array($DBslave->dbhost); } foreach ($hosts as $num => $name) { $diff = DBConnection::getReplicateDelay($num); if ($diff > 1000000000) { $resp['slavedb_' . $num] = "offline"; $ok_slave = false; } else { if ($diff) { $resp['slavedb_' . $num] = $diff; if ($diff > HOUR_TIMESTAMP) { $ok_slave = false; } } else { $resp['slavedb_' . $num] = "ok"; } } } } else { $resp['slavedb'] = "not configured"; } // Check main server connection if (DBConnection::establishDBConnection(false, true, false)) { $resp['maindb'] = "ok"; } else { $resp['slavedb'] = "offline"; $ok_master = false; } // Slave and master ok; $ok = $ok_slave && $ok_master; // Check session dir (usefull when NFS mounted)) if (is_dir(GLPI_SESSION_DIR) && is_writable(GLPI_SESSION_DIR)) { $resp['sessiondir'] = "ok"; } else { $resp['sessiondir'] = "not writable"; $ok = false; } // Reestablished DB connection if (($ok_master || $ok_slave) && DBConnection::establishDBConnection(false, false, false)) { // Check Auth connections $auth = new Auth(); $auth->getAuthMethods(); $ldap_methods = $auth->authtypes["ldap"]; if (count($ldap_methods)) { foreach ($ldap_methods as $method) { if ($method['is_active']) { if (AuthLdap::tryToConnectToServer($method, $method["rootdn"], Toolbox::decrypt($method["rootdn_passwd"], GLPIKEY))) { $resp['LDAP_' . $method['name']] = "ok"; } else { $resp['LDAP_' . $method['name']] = "offline"; $ok = false; } } } } } if ($ok) { $resp['glpi'] = "ok"; } else { $resp['glpi'] = "error"; } return $resp; }
/** * Find a user in a LDAP and return is BaseDN * Based on GRR auth system * * @param $ldap_method ldap_method array to use * @param $login User Login * @param $password User Password * * @return String : basedn of the user / false if not founded **/ function connection_ldap($ldap_method, $login, $password) { // we prevent some delay... if (empty($ldap_method['host'])) { return false; } $this->ldap_connection = AuthLdap::tryToConnectToServer($ldap_method, $login, $password); $this->user_deleted_ldap = false; if ($this->ldap_connection) { $params['method'] = AuthLDAP::IDENTIFIER_LOGIN; $params['fields'][AuthLDAP::IDENTIFIER_LOGIN] = $ldap_method['login_field']; $infos = AuthLdap::searchUserDn($this->ldap_connection, array('basedn' => $ldap_method['basedn'], 'login_field' => $ldap_method['login_field'], 'search_parameters' => $params, 'user_params' => array('method' => AuthLDAP::IDENTIFIER_LOGIN, 'value' => $login), 'condition' => $ldap_method['condition'], 'user_dn' => $this->user_dn)); $dn = $infos['dn']; if (!empty($dn) && @ldap_bind($this->ldap_connection, $dn, $password)) { //Hook to implement to restrict access by checking the ldap directory if (Plugin::doHookFunction("restrict_ldap_auth", $dn)) { return $dn; } $this->addToError(__('User not authorized to connect in GLPI')); //Use is present by has no right to connect because of a plugin return false; } else { // Incorrect login $this->addToError(__('Incorrect username or password')); //Use is not present anymore in the directory! if ($dn == '') { $this->user_deleted_ldap = true; } return false; } } else { $this->addToError(__('Unable to connect to the LDAP directory')); //Directory is not available return false; } }
} echo "\n"; } } else { echo "No OCS server\n"; } } // Check Auth connections $auth = new Auth(); $auth->getAuthMethods(); $ldap_methods = $auth->authtypes["ldap"]; if (count($ldap_methods)) { echo "Check LDAP servers:"; foreach ($ldap_methods as $method) { echo " " . $method['name']; if (AuthLdap::tryToConnectToServer($method, $method["rootdn"], decrypt($method["rootdn_passwd"], GLPIKEY))) { echo "_OK"; } else { echo "_PROBLEM"; $ok = false; } echo "\n"; } } else { echo "No LDAP server\n"; } // TODO Check mail server : cannot open a mail connexion / only ping server ? // TODO check CAS url / check url using socket ? } echo "\n"; if ($ok) {