function __construct($index)
{
parent::__construct($index);
$this->default->appearance['password_hash'] = array('desc' => 'Default HASH to use for passwords', 'default' => 'md5');
$this->default->appearance['show_create'] = array('desc' => 'Whether to show the "Create new Entry here" in the tree browser', 'default' => true);
$this->default->appearance['open_tree'] = array('desc' => 'Whether to initially open each tree', 'default' => false);
$this->default->login['fallback_dn'] = array('desc' => 'If the attribute base login fails, see if a DN was entered', 'default' => false);
$this->default->query['disable_default'] = array('desc' => 'Configuration to disable the default query template', 'default' => false);
$this->default->query['custom_only'] = array('desc' => 'Configuration to force the usage of custom query templates', 'default' => false);
$this->default->server['branch_rename'] = array('desc' => 'Enable renaming of branches', 'default' => false);
$this->default->server['custom_attrs'] = array('desc' => 'Custom operational attributes to be treated as regular attributes', 'default' => array(''));
$this->default->server['custom_sys_attrs'] = array('desc' => 'Custom operational attributes to be treated as internal attributes', 'default' => array('+'));
$this->default->server['jpeg_attributes'] = array('desc' => 'Additional attributes to treat as Jpeg Attributes', 'default' => array());
# This was added in case the LDAP server doesnt provide them with a base +,* query.
$this->default->server['root_dse_attributes'] = array('desc' => 'RootDSE attributes for use when displaying server info', 'default' => array('namingContexts', 'subschemaSubentry', 'altServer', 'supportedExtension', 'supportedControl', 'supportedSASLMechanisms', 'supportedLDAPVersion', 'currentTime', 'dsServiceName', 'defaultNamingContext', 'schemaNamingContext', 'configurationNamingContext', 'rootDomainNamingContext', 'supportedLDAPPolicies', 'highestCommittedUSN', 'dnsHostName', 'ldapServiceName', 'serverName', 'supportedCapabilities', 'changeLog', 'tlsAvailableCipherSuites', 'tlsImplementationVersion', 'supportedSASLMechanisms', 'dsaVersion', 'myAccessPoint', 'dseType', '+', '*'));
$this->default->server['force_may'] = array('desc' => 'Force server MUST attributes as MAY attributes', 'default' => array());
# Settings for auto_number
$this->default->auto_number['enable'] = array('desc' => 'Enable the AUTO UID feature', 'default' => true);
$this->default->auto_number['mechanism'] = array('desc' => 'Mechanism to use to search for automatic numbers', 'default' => 'search');
$this->default->auto_number['search_base'] = array('desc' => 'Base DN to use for search mechanisms', 'default' => null);
$this->default->auto_number['min'] = array('desc' => 'Minimum number to start with', 'default' => array('uidNumber' => 1000, 'gidNumber' => 500));
$this->default->auto_number['dn'] = array('desc' => 'DN to use when evaluating numbers', 'default' => null);
$this->default->auto_number['pass'] = array('desc' => 'Password for DN to use when evaluating numbers', 'default' => null);
$this->default->unique['attrs'] = array('desc' => 'Attributes to check for uniqueness before allowing updates', 'default' => array('mail', 'uid', 'uidNumber'));
$this->default->unique['dn'] = array('desc' => 'DN to use when evaluating attribute uniqueness', 'default' => null);
$this->default->unique['pass'] = array('desc' => 'Password for DN to use when evaluating attribute uniqueness', 'default' => null);
}
/**
* Prueft ob der User im LDAP angelegt ist
* @param $username UID des Users
* @return boolean true wenn vorhanden, sonst false
*/
public function UserExternalExists($username)
{
// Alle vorhandenen LDAP Server nacheinander durchlaufen
// bis einer passt.
foreach ($this->ldap_config as $ldap) {
$ldap_obj = new ldap();
// Verbindung zum Server
if ($ldap_obj->connect($ldap['LDAP_SERVER'], $ldap['LDAP_PORT'], $ldap['LDAP_BIND_USER'], $ldap['LDAP_BIND_PASSWORD'], $ldap['LDAP_STARTTLS'])) {
// User suchen
if ($userdn = $ldap_obj->GetUserDN($username, $ldap['LDAP_BASE_DN'], $ldap['LDAP_USER_SEARCH_FILTER'])) {
$ldap_obj->unbind();
return true;
}
}
$ldap_obj->unbind();
}
return false;
}
<?php
session_start();
include "./includes/templates/configuration.php";
include "includes/classes/auth.php";
$account = $_POST["account"];
$password = $_POST["password"];
$login_result = true;
if ($account != "") {
$ldap = new ldap($GLOBALS['config']['ldap_host'], $GLOBALS['config']['ldap_user_domain'], $GLOBALS['config']['ldap_dn']);
$login_result = $ldap->authenticate($account, $password);
if ($login_result == "ok") {
$_SESSION['login'] = true;
$_SESSION['name'] = $ldap->getFullName($account);
header("Location: index.php");
} else {
session_destroy();
}
}
?>
<!doctype html>
<html lang="en-US">
<head>
<meta http-equiv="X-UA-Compatible" content="IE=11"/>
<meta http-equiv="X-UA-Compatible" content="IE=edge"/>
<meta charset="utf-8">
<title>Login</title>
<link rel="stylesheet" href="css/login.css" type="text/css">
<?php
/**
* Created by PhpStorm.
* User: roessler
* Date: 16/09/15
* Time: 1:32 PM
*/
require_once dirname(dirname(__FILE__)) . DIRECTORY_SEPARATOR . 'config/config.php';
if (isset($_POST['hdnAction'])) {
if ($_POST['hdnAction'] == 'login') {
$ldap = new ldap();
$result = $ldap->authenticate($_POST['txtUsername'], $_POST['txtPassword']);
if ($result) {
$_SESSION['authenticated'] = true;
$_SESSION['username'] = $_POST['txtUsername'];
if ($_POST['hdnRedirect'] != '') {
header('location:' . $_POST['hdnRedirect']);
} else {
header('location:./admin/index.php');
}
} else {
echo "wrong credentials";
}
}
} else {
if (isset($_GET['r'])) {
$redirect = $_GET['r'];
} else {
$redirect = '';
}
/**
* Aendert das Passwort im LDAP
* @param $passwort_alt Altes (aktuelles) Passwort
* @param $passwort_neu neues Passwort
* @param $uid UID
* @return true wenn erfolgreich sonst false
*/
function change_password($passwort_alt, $passwort_neu, $uid)
{
$ldap = new ldap();
// Normalen Bind zum LDAP Server
if ($ldap->connect()) {
// DN des Users holen
if ($user_dn = $ldap->GetUserDN($uid)) {
$ldap->unbind();
$ldap = new ldap();
// Bind des User mit alten Passwort
if ($ldap->connect(LDAP_SERVER_MASTER, LDAP_PORT, $user_dn, $passwort_alt, LDAP_STARTTLS)) {
// Passwort verschlüsseln
//SSHA
$salt = substr(pack('H*', hash('sha1', substr(pack('h*', hash('md5', mt_rand())), 0, 8) . $passwort_neu)), 0, 4);
$encrypted = base64_encode(pack('H*', hash('sha1', $passwort_neu . $salt)) . $salt);
$ssha_password = '******' . $encrypted;
// LM und NT
//$hash = new Crypt_CHAP_MSv2();
//$hash->password = $passwort_neu;
// $lm_password = strtoupper(bin2hex($hash->lmPasswordHash()));
//$nt_password = strtoupper(bin2hex($hash->ntPasswordHash()));
// Neues Passwort setzen
$data = array();
$data['userPassword'] = $ssha_password;
// $data['sambaLMPassword']=$lm_password;
//$data['sambaNTPassword']=$nt_password;
//$data['sambaPwdLastSet']=time();
//$data['sambaPwdMustChange']=2147483647; // 2038-01-19 04:14:07
if ($ldap->Modify($user_dn, $data)) {
return true;
} else {
return false;
}
} else {
return $ldap->errormsg;
}
} else {
return $ldap->errormsg;
}
} else {
return $ldap->errormsg;
}
}