if (update_config($config)) {
// reset all sessions
if ($isAuthenticationTypeChanged) {
DBexecute('UPDATE sessions SET status=' . ZBX_SESSION_PASSIVE . ' WHERE sessionid<>' . zbx_dbstr($USER_DETAILS['sessionid']));
}
$isAuthenticationTypeChanged = false;
add_audit(AUDIT_ACTION_UPDATE, AUDIT_RESOURCE_ZABBIX_CONFIG, _('Authentication method changed to Zabbix internal'));
show_message(_('Authentication method changed to Zabbix internal'));
} else {
show_error_message(_('Cannot change authentication method to Zabbix internal'));
}
}
} elseif ($config['authentication_type'] == ZBX_AUTH_LDAP) {
if (isset($_REQUEST['save']) || isset($_REQUEST['test'])) {
// check LDAP login/password
$ldap = new CLdap(array('host' => $config['ldap_host'], 'port' => $config['ldap_port'], 'base_dn' => $config['ldap_base_dn'], 'bind_dn' => $config['ldap_bind_dn'], 'bind_password' => $config['ldap_bind_password'], 'search_attribute' => $config['ldap_search_attribute']));
$ldap->connect();
$login = $ldap->checkPass(get_request('user', $USER_DETAILS['alias']), get_request('user_password', ''));
if (!$login) {
error(_('Login name or password is incorrect!'));
}
if (isset($_REQUEST['save'])) {
if (!$login) {
show_error_message(_('Cannot change authentication method to LDAP'));
} else {
if (update_config($config)) {
unset($_REQUEST['change_bind_password']);
// reset all sessions
if ($isAuthenticationTypeChanged) {
DBexecute('UPDATE sessions SET status=' . ZBX_SESSION_PASSIVE . ' WHERE sessionid<>' . zbx_dbstr($USER_DETAILS['sessionid']));
}
public static function ldapLogin($user)
{
$name = $user['user'];
$passwd = $user['password'];
$cnf = isset($user['cnf']) ? $user['cnf'] : null;
if (is_null($cnf)) {
$config = select_config();
foreach ($config as $id => $value) {
if (zbx_strpos($id, 'ldap_') !== false) {
$cnf[str_replace('ldap_', '', $id)] = $config[$id];
}
}
}
if (!function_exists('ldap_connect')) {
info(S_CUSER_ERROR_LDAP_MODULE_MISSING);
return false;
}
$ldap = new CLdap($cnf);
$ldap->connect();
$result = $ldap->checkPass($name, $passwd);
return $result;
}
/**
* Checks if the given user name and password are valid.
*
* The $value array must have the following attributes:
* - user - user name
* - password - password
*
* @param array $value
*
* @return bool
*/
public function validate($value)
{
$ldap = new CLdap($this->conf);
$ldap->connect();
return $ldap->checkPass($value['user'], $value['password']);
}
function ldap_authentication($user, $passwd, $cnf = NULL)
{
if (is_null($cnf)) {
$config = select_config();
foreach ($config as $id => $value) {
if (strpos($id, 'ldap_') !== false) {
$cnf[str_replace('ldap_', '', $id)] = $config[$id];
}
}
}
if (!function_exists('ldap_connect')) {
info('Probably php-ldap module is missing.');
return false;
}
$ldap = new CLdap($cnf);
$ldap->connect();
$result = $ldap->checkPass($user, $passwd);
return $result;
}
protected function ldapLogin($user)
{
$config = select_config();
$cnf = array();
foreach ($config as $id => $value) {
if (zbx_strpos($id, 'ldap_') !== false) {
$cnf[str_replace('ldap_', '', $id)] = $config[$id];
}
}
if (!function_exists('ldap_connect')) {
self::exception(ZBX_API_ERROR_PARAMETERS, _('Probably php-ldap module is missing.'));
}
$ldap = new CLdap($cnf);
$ldap->connect();
if ($ldap->checkPass($user['user'], $user['password'])) {
return true;
} else {
self::exception(ZBX_API_ERROR_PARAMETERS, _('Login name or password is incorrect.'));
}
}