Exemplo n.º 1
0
 function __construct($index)
 {
     parent::__construct($index);
     $this->default->appearance['password_hash'] = array('desc' => 'Default HASH to use for passwords', 'default' => 'md5');
     $this->default->appearance['show_create'] = array('desc' => 'Whether to show the "Create new Entry here" in the tree browser', 'default' => true);
     $this->default->appearance['open_tree'] = array('desc' => 'Whether to initially open each tree', 'default' => false);
     $this->default->login['fallback_dn'] = array('desc' => 'If the attribute base login fails, see if a DN was entered', 'default' => false);
     $this->default->query['disable_default'] = array('desc' => 'Configuration to disable the default query template', 'default' => false);
     $this->default->query['custom_only'] = array('desc' => 'Configuration to force the usage of custom query templates', 'default' => false);
     $this->default->server['branch_rename'] = array('desc' => 'Enable renaming of branches', 'default' => false);
     $this->default->server['custom_attrs'] = array('desc' => 'Custom operational attributes to be treated as regular attributes', 'default' => array(''));
     $this->default->server['custom_sys_attrs'] = array('desc' => 'Custom operational attributes to be treated as internal attributes', 'default' => array('+'));
     $this->default->server['jpeg_attributes'] = array('desc' => 'Additional attributes to treat as Jpeg Attributes', 'default' => array());
     # This was added in case the LDAP server doesnt provide them with a base +,* query.
     $this->default->server['root_dse_attributes'] = array('desc' => 'RootDSE attributes for use when displaying server info', 'default' => array('namingContexts', 'subschemaSubentry', 'altServer', 'supportedExtension', 'supportedControl', 'supportedSASLMechanisms', 'supportedLDAPVersion', 'currentTime', 'dsServiceName', 'defaultNamingContext', 'schemaNamingContext', 'configurationNamingContext', 'rootDomainNamingContext', 'supportedLDAPPolicies', 'highestCommittedUSN', 'dnsHostName', 'ldapServiceName', 'serverName', 'supportedCapabilities', 'changeLog', 'tlsAvailableCipherSuites', 'tlsImplementationVersion', 'supportedSASLMechanisms', 'dsaVersion', 'myAccessPoint', 'dseType', '+', '*'));
     $this->default->server['force_may'] = array('desc' => 'Force server MUST attributes as MAY attributes', 'default' => array());
     # Settings for auto_number
     $this->default->auto_number['enable'] = array('desc' => 'Enable the AUTO UID feature', 'default' => true);
     $this->default->auto_number['mechanism'] = array('desc' => 'Mechanism to use to search for automatic numbers', 'default' => 'search');
     $this->default->auto_number['search_base'] = array('desc' => 'Base DN to use for search mechanisms', 'default' => null);
     $this->default->auto_number['min'] = array('desc' => 'Minimum number to start with', 'default' => array('uidNumber' => 1000, 'gidNumber' => 500));
     $this->default->auto_number['dn'] = array('desc' => 'DN to use when evaluating numbers', 'default' => null);
     $this->default->auto_number['pass'] = array('desc' => 'Password for DN to use when evaluating numbers', 'default' => null);
     $this->default->unique['attrs'] = array('desc' => 'Attributes to check for uniqueness before allowing updates', 'default' => array('mail', 'uid', 'uidNumber'));
     $this->default->unique['dn'] = array('desc' => 'DN to use when evaluating attribute uniqueness', 'default' => null);
     $this->default->unique['pass'] = array('desc' => 'Password for DN to use when evaluating attribute uniqueness', 'default' => null);
 }
 /**
  * Prueft ob der User im LDAP angelegt ist
  * @param $username UID des Users
  * @return boolean true wenn vorhanden, sonst false
  */
 public function UserExternalExists($username)
 {
     // Alle vorhandenen LDAP Server nacheinander durchlaufen
     // bis einer passt.
     foreach ($this->ldap_config as $ldap) {
         $ldap_obj = new ldap();
         // Verbindung zum Server
         if ($ldap_obj->connect($ldap['LDAP_SERVER'], $ldap['LDAP_PORT'], $ldap['LDAP_BIND_USER'], $ldap['LDAP_BIND_PASSWORD'], $ldap['LDAP_STARTTLS'])) {
             // User suchen
             if ($userdn = $ldap_obj->GetUserDN($username, $ldap['LDAP_BASE_DN'], $ldap['LDAP_USER_SEARCH_FILTER'])) {
                 $ldap_obj->unbind();
                 return true;
             }
         }
         $ldap_obj->unbind();
     }
     return false;
 }
<?php

session_start();
include "./includes/templates/configuration.php";
include "includes/classes/auth.php";
$account = $_POST["account"];
$password = $_POST["password"];
$login_result = true;
if ($account != "") {
    $ldap = new ldap($GLOBALS['config']['ldap_host'], $GLOBALS['config']['ldap_user_domain'], $GLOBALS['config']['ldap_dn']);
    $login_result = $ldap->authenticate($account, $password);
    if ($login_result == "ok") {
        $_SESSION['login'] = true;
        $_SESSION['name'] = $ldap->getFullName($account);
        header("Location: index.php");
    } else {
        session_destroy();
    }
}
?>


<!doctype html>
<html lang="en-US">
<head>
	<meta http-equiv="X-UA-Compatible" content="IE=11"/> 
	<meta http-equiv="X-UA-Compatible" content="IE=edge"/> 
	<meta charset="utf-8">

	<title>Login</title>
	<link rel="stylesheet" href="css/login.css" type="text/css">
Exemplo n.º 4
0
<?php

/**
 * Created by PhpStorm.
 * User: roessler
 * Date: 16/09/15
 * Time: 1:32 PM
 */
require_once dirname(dirname(__FILE__)) . DIRECTORY_SEPARATOR . 'config/config.php';
if (isset($_POST['hdnAction'])) {
    if ($_POST['hdnAction'] == 'login') {
        $ldap = new ldap();
        $result = $ldap->authenticate($_POST['txtUsername'], $_POST['txtPassword']);
        if ($result) {
            $_SESSION['authenticated'] = true;
            $_SESSION['username'] = $_POST['txtUsername'];
            if ($_POST['hdnRedirect'] != '') {
                header('location:' . $_POST['hdnRedirect']);
            } else {
                header('location:./admin/index.php');
            }
        } else {
            echo "wrong credentials";
        }
    }
} else {
    if (isset($_GET['r'])) {
        $redirect = $_GET['r'];
    } else {
        $redirect = '';
    }
Exemplo n.º 5
0
 /**
  * Aendert das Passwort im LDAP
  * @param $passwort_alt Altes (aktuelles) Passwort
  * @param $passwort_neu neues Passwort
  * @param $uid UID
  * @return true wenn erfolgreich sonst false
  */
 function change_password($passwort_alt, $passwort_neu, $uid)
 {
     $ldap = new ldap();
     // Normalen Bind zum LDAP Server
     if ($ldap->connect()) {
         // DN des Users holen
         if ($user_dn = $ldap->GetUserDN($uid)) {
             $ldap->unbind();
             $ldap = new ldap();
             // Bind des User mit alten Passwort
             if ($ldap->connect(LDAP_SERVER_MASTER, LDAP_PORT, $user_dn, $passwort_alt, LDAP_STARTTLS)) {
                 // Passwort verschlüsseln
                 //SSHA
                 $salt = substr(pack('H*', hash('sha1', substr(pack('h*', hash('md5', mt_rand())), 0, 8) . $passwort_neu)), 0, 4);
                 $encrypted = base64_encode(pack('H*', hash('sha1', $passwort_neu . $salt)) . $salt);
                 $ssha_password = '******' . $encrypted;
                 // LM und NT
                 //$hash = new Crypt_CHAP_MSv2();
                 //$hash->password = $passwort_neu;
                 // $lm_password = strtoupper(bin2hex($hash->lmPasswordHash()));
                 //$nt_password = strtoupper(bin2hex($hash->ntPasswordHash()));
                 // Neues Passwort setzen
                 $data = array();
                 $data['userPassword'] = $ssha_password;
                 // $data['sambaLMPassword']=$lm_password;
                 //$data['sambaNTPassword']=$nt_password;
                 //$data['sambaPwdLastSet']=time();
                 //$data['sambaPwdMustChange']=2147483647; // 2038-01-19 04:14:07
                 if ($ldap->Modify($user_dn, $data)) {
                     return true;
                 } else {
                     return false;
                 }
             } else {
                 return $ldap->errormsg;
             }
         } else {
             return $ldap->errormsg;
         }
     } else {
         return $ldap->errormsg;
     }
 }