canUseLdap() static public method

Determine if Ldap is usable checking ldap extension existence
static public canUseLdap ( ) : boolean
return boolean
Exemplo n.º 1
0
}
if ($options['before-days'] && $options['after-days']) {
    echo "You cannot use options before-days and after-days at the same time.";
    exit(1);
}
if ($options['before-days']) {
    $options['begin_date'] = date('Y-m-d H:i:s', time() - $options['before-days'] * DAY_TIMESTAMP);
    $options['end_date'] = '';
    unset($options['before-days']);
}
if ($options['after-days']) {
    $options['begin_date'] = '';
    $options['end_date'] = date('Y-m-d H:i:s', time() - $options['after-days'] * DAY_TIMESTAMP);
    unset($options['after-days']);
}
if (!Toolbox::canUseLdap() || !countElementsInTable('glpi_authldaps')) {
    echo "LDAP extension is not active or no LDAP directory defined";
}
$sql = "SELECT `id`, `name`\n        FROM `glpi_authldaps`\n        WHERE `is_active` = '1'";
//Get the ldap server's id by his name
if ($options['ldapservers_id'] != NOT_AVAILABLE) {
    $sql .= " AND `id` = '" . $options['ldapservers_id'] . "'";
}
$result = $DB->query($sql);
if ($DB->numrows($result) == 0 && $_GET["ldapservers_id"] != NOT_AVAILABLE) {
    echo "LDAP Server not found";
} else {
    foreach ($DB->request($sql) as $data) {
        echo "Processing LDAP Server: " . $data['name'] . ", ID: " . $data['id'] . " \n";
        $options['ldapservers_id'] = $data['id'];
        import($options);
Exemplo n.º 2
0
 /**
  * Manage use authentication and initialize the session
  *
  * @param $login_name      string
  * @param $login_password  string
  * @param $noauto          boolean (false by default)
  *
  * @return boolean (success)
  */
 function Login($login_name, $login_password, $noauto = false)
 {
     global $DB, $CFG_GLPI;
     $this->getAuthMethods();
     $this->user_present = 1;
     $this->auth_succeded = false;
     //In case the user was deleted in the LDAP directory
     $user_deleted_ldap = false;
     // Trim login_name : avoid LDAP search errors
     $login_name = trim($login_name);
     if (!$noauto && ($authtype = self::checkAlternateAuthSystems())) {
         if ($this->getAlternateAuthSystemsUserLogin($authtype) && !empty($this->user->fields['name'])) {
             // Used for log when login process failed
             $login_name = $this->user->fields['name'];
             $this->auth_succeded = true;
             $this->extauth = 1;
             $this->user_present = $this->user->getFromDBbyName(addslashes($login_name));
             $this->user->fields['authtype'] = $authtype;
             $user_dn = false;
             $ldapservers = '';
             //if LDAP enabled too, get user's infos from LDAP
             if (Toolbox::canUseLdap()) {
                 $ldapservers = array();
                 //User has already authenticate, at least once : it's ldap server if filled
                 if (isset($this->user->fields["auths_id"]) && $this->user->fields["auths_id"] > 0) {
                     $authldap = new AuthLdap();
                     //If ldap server is enabled
                     if ($authldap->getFromDB($this->user->fields["auths_id"]) && $authldap->fields['is_active']) {
                         $ldapservers[] = $authldap->fields;
                     }
                     //User has never beeen authenticated : try all active ldap server to find the right one
                 } else {
                     foreach (getAllDatasFromTable('glpi_authldaps', "`is_active`='1'") as $ldap_config) {
                         $ldapservers[] = $ldap_config;
                     }
                 }
                 foreach ($ldapservers as $ldap_method) {
                     $ds = AuthLdap::connectToServer($ldap_method["host"], $ldap_method["port"], $ldap_method["rootdn"], Toolbox::decrypt($ldap_method["rootdn_passwd"], GLPIKEY), $ldap_method["use_tls"], $ldap_method["deref_option"]);
                     if ($ds) {
                         $params['method'] = AuthLdap::IDENTIFIER_LOGIN;
                         $params['fields'][AuthLdap::IDENTIFIER_LOGIN] = $ldap_method["login_field"];
                         $user_dn = AuthLdap::searchUserDn($ds, array('basedn' => $ldap_method["basedn"], 'login_field' => $ldap_method['login_field'], 'search_parameters' => $params, 'user_params' => array('method' => AuthLDAP::IDENTIFIER_LOGIN, 'value' => $login_name), 'condition' => $ldap_method["condition"]));
                         if ($user_dn) {
                             $this->user->fields['auths_id'] = $ldap_method['id'];
                             $this->user->getFromLDAP($ds, $ldap_method, $user_dn['dn'], $login_name, !$this->user_present);
                             break;
                         }
                     }
                 }
             }
             if (count($ldapservers) == 0 && $authtype == self::EXTERNAL) {
                 // Case of using external auth and no LDAP servers, so get data from external auth
                 $this->user->getFromSSO();
             } else {
                 //If user is set as present in GLPI but no LDAP DN found : it means that the user
                 //is not present in an ldap directory anymore
                 if (!$user_dn && $this->user_present) {
                     $user_deleted_ldap = true;
                     $this->user_deleted_ldap = true;
                 }
             }
             // Reset to secure it
             $this->user->fields['name'] = $login_name;
             $this->user->fields["last_login"] = $_SESSION["glpi_currenttime"];
         } else {
             $this->addToError(__('Empty login or password'));
         }
     }
     // If not already auth
     if (!$this->auth_succeded) {
         if (empty($login_name) || strstr($login_name, "") || empty($login_password) || strstr($login_password, "")) {
             $this->addToError(__('Empty login or password'));
         } else {
             // exists=0 -> user doesn't yet exist
             // exists=1 -> user is present in DB with password
             // exists=2 -> user is present in DB but without password
             $exists = $this->userExists(array('name' => addslashes($login_name)));
             // Pas en premier car sinon on ne fait pas le blankpassword
             // First try to connect via le DATABASE
             if ($exists == 1) {
                 // Without UTF8 decoding
                 if (!$this->auth_succeded) {
                     $this->auth_succeded = $this->connection_db(addslashes($login_name), $login_password);
                     if ($this->auth_succeded) {
                         $this->extauth = 0;
                         $this->user_present = $this->user->getFromDBbyName(addslashes($login_name));
                         $this->user->fields["authtype"] = self::DB_GLPI;
                         $this->user->fields["password"] = $login_password;
                     }
                 }
             } else {
                 if ($exists == 2) {
                     //The user is not authenticated on the GLPI DB, but we need to get information about him
                     //to find out his authentication method
                     $this->user->getFromDBbyName(addslashes($login_name));
                     //If the user has already been logged, the method_auth and auths_id are already set
                     //so we test this connection first
                     switch ($this->user->fields["authtype"]) {
                         case self::CAS:
                         case self::EXTERNAL:
                         case self::LDAP:
                             if (Toolbox::canUseLdap()) {
                                 AuthLdap::tryLdapAuth($this, $login_name, $login_password, $this->user->fields["auths_id"], $this->user->fields["user_dn"]);
                                 if (!$this->auth_succeded && $this->user_deleted_ldap) {
                                     $user_deleted_ldap = true;
                                 }
                             }
                             break;
                         case self::MAIL:
                             if (Toolbox::canUseImapPop()) {
                                 AuthMail::tryMailAuth($this, $login_name, $login_password, $this->user->fields["auths_id"]);
                             }
                             break;
                         case self::NOT_YET_AUTHENTIFIED:
                             break;
                     }
                 } else {
                     if (!$exists) {
                         //test all ldap servers only is user is not present in glpi's DB
                         if (!$this->auth_succeded && Toolbox::canUseLdap()) {
                             AuthLdap::tryLdapAuth($this, $login_name, $login_password, 0, false, false);
                         }
                         //test all imap/pop servers
                         if (!$this->auth_succeded && Toolbox::canUseImapPop()) {
                             AuthMail::tryMailAuth($this, $login_name, $login_password, 0, false);
                         }
                     }
                 }
             }
             // Fin des tests de connexion
         }
     }
     if ($user_deleted_ldap) {
         User::manageDeletedUserInLdap($this->user->fields["id"]);
     }
     // Ok, we have gathered sufficient data, if the first return false the user
     // is not present on the DB, so we add him.
     // if not, we update him.
     if ($this->auth_succeded) {
         //Set user an not deleted from LDAP
         $this->user->fields['is_deleted_ldap'] = 0;
         // Prepare data
         $this->user->fields["last_login"] = $_SESSION["glpi_currenttime"];
         if ($this->extauth) {
             $this->user->fields["_extauth"] = 1;
         }
         if ($DB->isSlave()) {
             if (!$this->user_present) {
                 // Can't add in slave mode
                 $this->addToError(__('User not authorized to connect in GLPI'));
                 $this->auth_succeded = false;
             }
         } else {
             if ($this->user_present) {
                 // First stripslashes to avoid double slashes
                 $input = Toolbox::stripslashes_deep($this->user->fields);
                 // Then ensure addslashes
                 $input = Toolbox::addslashes_deep($input);
                 // update user and Blank PWD to clean old database for the external auth
                 $this->user->update($input);
                 if ($this->extauth) {
                     $this->user->blankPassword();
                 }
             } else {
                 if ($CFG_GLPI["is_users_auto_add"]) {
                     // Auto add user
                     // First stripslashes to avoid double slashes
                     $input = Toolbox::stripslashes_deep($this->user->fields);
                     // Then ensure addslashes
                     $input = Toolbox::addslashes_deep($input);
                     unset($this->user->fields);
                     $this->user->add($input);
                 } else {
                     // Auto add not enable so auth failed
                     $this->addToError(__('User not authorized to connect in GLPI'));
                     $this->auth_succeded = false;
                 }
             }
         }
     }
     // Log Event (if possible)
     if (!$DB->isSlave()) {
         // GET THE IP OF THE CLIENT
         $ip = getenv("HTTP_X_FORWARDED_FOR") ? getenv("HTTP_X_FORWARDED_FOR") : getenv("REMOTE_ADDR");
         if ($this->auth_succeded) {
             if (GLPI_DEMO_MODE) {
                 // not translation in GLPI_DEMO_MODE
                 Event::log(-1, "system", 3, "login", $login_name . " log in from " . $ip);
             } else {
                 //TRANS: %1$s is the login of the user and %2$s its IP address
                 Event::log(-1, "system", 3, "login", sprintf(__('%1$s log in from IP %2$s'), $login_name, $ip));
             }
         } else {
             if (GLPI_DEMO_MODE) {
                 Event::log(-1, "system", 1, "login", "login", "Connection failed for " . $login_name . " ({$ip})");
             } else {
                 //TRANS: %1$s is the login of the user and %2$s its IP address
                 Event::log(-1, "system", 1, "login", sprintf(__('Failed login for %1$s from IP %2$s'), $login_name, $ip));
             }
         }
     }
     Session::init($this);
     if ($noauto) {
         $_SESSION["noAUTO"] = 1;
     }
     return $this->auth_succeded;
 }
Exemplo n.º 3
0
 /**
  * @since version 0.84 (before in entitydata.class)
  *
  * @param $entity Entity object
  **/
 static function showAdvancedOptions(Entity $entity)
 {
     global $DB;
     $con_spotted = false;
     $ID = $entity->getField('id');
     if (!$entity->can($ID, READ)) {
         return false;
     }
     // Entity right applied (could be User::UPDATEAUTHENT)
     $canedit = $entity->can($ID, UPDATE);
     if ($canedit) {
         echo "<form method='post' name=form action='" . Toolbox::getItemTypeFormURL(__CLASS__) . "'>";
     }
     echo "<table class='tab_cadre_fixe'>";
     echo "<tr><th colspan='2'>" . __('Values for the generic rules for assignment to entities') . "</th></tr>";
     echo "<tr class='tab_bg_1'><td colspan='2' class='center'>" . __('These parameters are used as actions in generic rules for assignment to entities') . "</td></tr>";
     echo "<tr class='tab_bg_1'>";
     echo "<td>" . __('Information in inventory tool (TAG) representing the entity') . "</td>";
     echo "<td>";
     Html::autocompletionTextField($entity, "tag", array('size' => 100));
     echo "</td></tr>";
     if (Toolbox::canUseLdap()) {
         echo "<tr class='tab_bg_1'>";
         echo "<td>" . __('LDAP directory information attribute representing the entity') . "</td>";
         echo "<td>";
         Html::autocompletionTextField($entity, "ldap_dn", array('size' => 100));
         echo "</td></tr>";
     }
     echo "<tr class='tab_bg_1'>";
     echo "<td>" . __('Mail domain surrogates entity') . "</td>";
     echo "<td>";
     Html::autocompletionTextField($entity, "mail_domain", array('size' => 100));
     echo "</td></tr>";
     if (Toolbox::canUseLdap()) {
         echo "<tr><th colspan='2'>" . __('Values used in the interface to search users from a LDAP directory') . "</th></tr>";
         echo "<tr class='tab_bg_1'>";
         echo "<td>" . __('LDAP directory of an entity') . "</td>";
         echo "<td>";
         AuthLDAP::dropdown(array('value' => $entity->fields['authldaps_id'], 'emptylabel' => __('Default server'), 'condition' => "`is_active` = '1'"));
         echo "</td></tr>";
         echo "<tr class='tab_bg_1'>";
         echo "<td>" . __('LDAP filter associated to the entity (if necessary)') . "</td>";
         echo "<td>";
         Html::autocompletionTextField($entity, 'entity_ldapfilter', array('size' => 100));
         echo "</td></tr>";
     }
     if ($canedit) {
         echo "<tr>";
         echo "<td class='tab_bg_2 center' colspan='2'>";
         echo "<input type='hidden' name='id' value='" . $entity->fields["id"] . "'>";
         echo "<input type='submit' name='update' value=\"" . _sx('button', 'Save') . "\" class='submit'>";
         echo "</td></tr>";
         echo "</table>";
         Html::closeForm();
     } else {
         echo "</table>";
     }
 }
Exemplo n.º 4
0
 /**
  * Print the auth ldap form
  *
  * @param $ID        integer ID of the item
  * @param $options   array
  *     - target for the form
  *
  * @return Nothing (display)
  **/
 function showForm($ID, $options = array())
 {
     if (!Config::canUpdate()) {
         return false;
     }
     $spotted = false;
     if (empty($ID)) {
         if ($this->getEmpty()) {
             $spotted = true;
         }
         if (isset($options['preconfig'])) {
             $this->preconfig($options['preconfig']);
         }
     } else {
         if ($this->getFromDB($ID)) {
             $spotted = true;
         }
     }
     if (Toolbox::canUseLdap()) {
         $this->showFormHeader($options);
         if (empty($ID)) {
             $target = $this->getFormURL();
             echo "<tr class='tab_bg_2'><td>" . __('Preconfiguration') . "</td> ";
             echo "<td colspan='3'>";
             echo "<a href='{$target}?preconfig=AD'>" . __('Active Directory') . "</a>";
             echo "&nbsp;&nbsp;/&nbsp;&nbsp;";
             echo "<a href='{$target}?preconfig=default'>" . __('Default values');
             echo "</a></td></tr>";
         }
         echo "<tr class='tab_bg_1'><td>" . __('Name') . "</td>";
         echo "<td><input type='text' name='name' class='form-control' value='" . $this->fields["name"] . "'></td>";
         if ($ID > 0) {
             echo "<td>" . __('Last update') . "</td><td>" . Html::convDateTime($this->fields["date_mod"]);
         } else {
             echo "<td colspan='2'>&nbsp;";
         }
         echo "</td></tr>";
         echo "<tr class='tab_bg_1'><td>" . __('Default server') . "</td>";
         echo "<td>";
         Dropdown::showYesNo('is_default', $this->fields['is_default']);
         echo "</td>";
         echo "<td>" . __('Active') . "</td>";
         echo "<td>";
         Dropdown::showYesNo('is_active', $this->fields['is_active']);
         echo "</td></tr>";
         echo "<tr class='tab_bg_1'><td>" . __('Server') . "</td>";
         echo "<td><input type='text' name='host' class='form-control' value='" . $this->fields["host"] . "'></td>";
         echo "<td>" . __('Port (default=389)') . "</td>";
         echo "<td><input id='port' type='text' name='port' class='form-control' value='" . $this->fields["port"] . "'>";
         echo "</td></tr>";
         echo "<tr class='tab_bg_1'><td>" . __('Connection filter') . "</td>";
         echo "<td colspan='3'>";
         echo "<textarea cols='100' rows='1' name='condition' class='form-control' >" . $this->fields["condition"];
         echo "</textarea>";
         echo "</td></tr>";
         echo "<tr class='tab_bg_1'><td>" . __('BaseDN') . "</td>";
         echo "<td colspan='3'>";
         echo "<input type='text' name='basedn' size='100' class='form-control' value=\"" . $this->fields["basedn"] . "\">";
         echo "</td></tr>";
         echo "<tr class='tab_bg_1'><td>" . __('RootDN (for non anonymous binds)') . "</td>";
         echo "<td colspan='3'><input type='text' name='rootdn' size='100' class='form-control' value=\"" . $this->fields["rootdn"] . "\">";
         echo "</td></tr>";
         echo "<tr class='tab_bg_1'><td>" . __('Password (for non-anonymous binds)') . "</td>";
         echo "<td><input type='password' name='rootdn_passwd' class='form-control' value='' autocomplete='off'>";
         if ($ID) {
             echo "<input type='checkbox' name='_blank_passwd'>&nbsp;" . __('Clear');
         }
         echo "</td>";
         echo "<td>" . __('Login field') . "</td>";
         echo "<td><input type='text' name='login_field' class='form-control' value='" . $this->fields["login_field"] . "'>";
         echo "</td></tr>";
         echo "<tr class='tab_bg_1'><td>" . __('Comments') . "</td>";
         echo "<td colspan='3'>";
         echo "<textarea cols='40' rows='4' name='comment' class='form-control' >" . $this->fields["comment"] . "</textarea>";
         //Fill fields when using preconfiguration models
         if (!$ID) {
             $hidden_fields = array('comment_field', 'condition', 'email1_field', 'email2_field', 'email3_field', 'email4_field', 'entity_condition', 'entity_field', 'firstname_field', 'group_condition', 'group_field', 'group_member_field', 'group_search_type', 'mobile_field', 'phone_field', 'phone2_field', 'port', 'realname_field', 'registration_number_field', 'title_field', 'use_dn', 'use_tls');
             foreach ($hidden_fields as $hidden_field) {
                 echo "<input type='hidden' name='{$hidden_field}' value='" . $this->fields[$hidden_field] . "'>";
             }
         }
         echo "</td></tr>";
         $this->showFormButtons($options);
     } else {
         echo "<div class='center'>&nbsp;<table class='tab_cadre_fixe'>";
         echo "<tr><th colspan='2'>" . self::getTypeName(1) . "</th></tr>";
         echo "<tr class='tab_bg_2'><td class='center'>";
         echo "<p class='red'>" . __("The LDAP extension of your PHP parser isn't installed") . "</p>";
         echo "<p>" . __('Impossible to use LDAP as external source of connection') . "</p>" . "</td></tr></table></div>";
     }
 }
Exemplo n.º 5
0
along with GLPI. If not, see <http://www.gnu.org/licenses/>.
--------------------------------------------------------------------------
*/
/** @file
* @brief
*/
include '../inc/includes.php';
Session::checkRight("config", READ);
Html::header(__('External authentication sources'), $_SERVER['PHP_SELF'], "config", "auth", -1);
echo "<table class='tab_cadre'>";
echo "<tr><th>&nbsp;" . __('External authentications') . "</th></tr>";
if (Session::haveRight("config", UPDATE)) {
    echo "<tr class='tab_bg_1'><td class='center b'>" . "<a href='auth.settings.php'>" . __('Setup') . "</a></td></tr>";
}
echo "<tr class='tab_bg_1'><td class='center b'>";
if (Toolbox::canUseLdap()) {
    echo "<a href='authldap.php'>" . _n('LDAP directory', 'LDAP directories', 2) . "</a>";
} else {
    echo "<p class='red'>" . __("The LDAP extension of your PHP parser isn't installed") . "</p>";
    echo "<p>" . __('Impossible to use LDAP as external source of connection') . '</p>';
}
echo "</td></tr>";
echo "<tr class='tab_bg_1'><td class='center b'>";
if (Toolbox::canUseImapPop()) {
    echo "<a href='authmail.php'>" . _n('Mail server', 'Mail servers', 2) . "</a>";
} else {
    echo "<p class='red'>" . __('Your PHP parser was compiled without the IMAP functions') . "</p>";
    echo "<p>" . __('Impossible to use email server as external source of connection') . '</p>';
}
echo "</td> </tr>";
echo "<tr class='tab_bg_1'><td class='center'>" . "<a href='auth.others.php'>" . __('Others authentication methods') . "</a></td></tr>";