Commit 8cb94e92 authored by Carsten  Rose's avatar Carsten Rose
Browse files

#3456 / LDAP: with Credentials to access 'webpass'

Manual.rst: Updated doc for a) config.qfq.ini: LDAP_1_RDN, LDAP_1_PASSWORD, b) Form.parameter|FormElement.parameter: ldapUseBindCredentials
ErrorHandler.php: removed details - the end user should not too many details.
FormAction.php, Ldap.php, QuickFormQuery.php: implement 'ldapUseBindCredentials'
Ldap.php: set_error_handler() to catch ldap_bind() problems. Always set LDAP_OPT_PROTOCOL_VERSION=3 - this might cause problems with som LDAP Servers - we will see.
parent 05d5c676
This diff is collapsed.
......@@ -49,4 +49,7 @@ DATE_FORMAT = yyyy-mm-dd
BASE_URL_PRINT = http://example.com/
WKHTMLTOPDF = /opt/wkhtmltox/bin/wkhtmltopdf
;EDIT_FORM_PAGE = form
\ No newline at end of file
;EDIT_FORM_PAGE = form
;LDAP_1_RDN =
;LDAP_1_PASSWORD =
......@@ -511,7 +511,7 @@ abstract class AbstractBuildForm {
if (isset($formElement[FE_FILL_STORE_LDAP]) || isset($formElement[FE_TYPEAHEAD_LDAP])) {
$keyNames = [F_LDAP_SERVER, F_LDAP_BASE_DN, F_LDAP_ATTRIBUTES, F_LDAP_SEARCH, F_TYPEAHEAD_LDAP_SEARCH, F_TYPEAHEAD_LIMIT,
F_TYPEAHEAD_MINLENGTH, F_TYPEAHEAD_LDAP_VALUE_PRINTF, F_TYPEAHEAD_LDAP_ID_PRINTF, F_LDAP_TIME_LIMIT];
F_TYPEAHEAD_MINLENGTH, F_TYPEAHEAD_LDAP_VALUE_PRINTF, F_TYPEAHEAD_LDAP_ID_PRINTF, F_LDAP_TIME_LIMIT, F_LDAP_USE_BIND_CREDENTIALS];
$formElement = OnArray::copyArrayItemsIfNotAlreadyExist($this->formSpec, $formElement, $keyNames);
} else {
return $formElement; // nothing to do.
......@@ -523,6 +523,11 @@ abstract class AbstractBuildForm {
$config = OnArray::getArrayItems($formElement, [FE_LDAP_SERVER, FE_LDAP_BASE_DN, FE_LDAP_SEARCH, FE_LDAP_ATTRIBUTES]);
$config = $this->evaluate->parseArray($config);
if($formElement[FE_LDAP_USE_BIND_CREDENTIALS]==1) {
$config[SYSTEM_LDAP_1_RDN] = $this->store->getVar(SYSTEM_LDAP_1_RDN, STORE_SYSTEM);
$config[SYSTEM_LDAP_1_PASSWORD] = $this->store->getVar(SYSTEM_LDAP_1_PASSWORD, STORE_SYSTEM);
}
$ldap = new Ldap();
$arr = $ldap->process($config, '', MODE_LDAP_SINGLE);
$this->store->setStore($arr, STORE_LDAP, true);
......@@ -900,6 +905,7 @@ abstract class AbstractBuildForm {
$formElement[FE_TYPEAHEAD_LDAP_SEARCH] = Support::setIfNotSet($formElement, FE_TYPEAHEAD_LDAP_SEARCH);
$formElement[FE_TYPEAHEAD_LDAP_VALUE_PRINTF] = Support::setIfNotSet($formElement, FE_TYPEAHEAD_LDAP_VALUE_PRINTF);
$formElement[FE_TYPEAHEAD_LDAP_KEY_PRINTF] = Support::setIfNotSet($formElement, FE_TYPEAHEAD_LDAP_KEY_PRINTF);
$formElement[FE_LDAP_USE_BIND_CREDENTIALS] = Support::setIfNotSet($formElement, FE_LDAP_USE_BIND_CREDENTIALS);
foreach ([FE_LDAP_SERVER, FE_LDAP_BASE_DN, FE_TYPEAHEAD_LDAP_SEARCH] as $key) {
if ($formElement[$key] == '') {
......@@ -920,6 +926,11 @@ abstract class AbstractBuildForm {
FE_TYPEAHEAD_LIMIT => $formElement[FE_TYPEAHEAD_LIMIT],
];
if($formElement[FE_LDAP_USE_BIND_CREDENTIALS]=='1') {
$arr[SYSTEM_LDAP_1_RDN] = $this->store->getVar(SYSTEM_LDAP_1_RDN, STORE_SYSTEM);
$arr[SYSTEM_LDAP_1_PASSWORD] = $this->store->getVar(SYSTEM_LDAP_1_PASSWORD, STORE_SYSTEM);
}
$urlParam = OnArray::toString($arr);
}
......
......@@ -207,6 +207,7 @@ const ERROR_NO_TARGET_PATH_FILE_NAME = 1503;
const ERROR_LDAP_CONNECT = 1600;
const ERROR_MISSING_TYPE_AHEAD_LDAP_SEARCH = 1601;
const ERROR_LDAP_BIND = 1602;
// KeyValueParser
const ERROR_KVP_VALUE_HAS_NO_KEY = 1900;
......@@ -358,6 +359,9 @@ const SYSTEM_REPORT_COLUMN_NAME = 'reportColumnName'; // Keyname of SQL-column p
const SYSTEM_REPORT_COLUMN_VALUE = 'reportColumnValue'; // Keyname of SQL-column processed at the moment.
const SYSTEM_REPORT_FULL_LEVEL = 'reportFullLevel'; // Keyname of SQL-column processed at the moment.
const SYSTEM_LDAP_1_RDN = 'LDAP_1_RDN'; // Credentials to access LDAP
const SYSTEM_LDAP_1_PASSWORD = 'LDAP_1_PASSWORD'; // Credentials to access LDAP
// die folgenden Elemente sind vermutlich nicht noetig, wenn Store Klassen gloable Vars benutzt.
//const SYSTEM_FORM_DEF = 'formDefinition'; // Type: SANITIZE_ALNUMX / AssocArray. Final form to process. Useful for error reporting.
//const SYSTEM_FORM_ELEMENT_DEF = 'formElementDefinition'; // Type: SANITIZE_ALL / AssocArray. Formelement which are processed at the moment. Useful for error reporting.
......@@ -564,6 +568,7 @@ const F_LDAP_BASE_DN = 'ldapBaseDn';
const F_LDAP_SEARCH = 'ldapSearch';
const F_LDAP_ATTRIBUTES = 'ldapAttributes';
const F_LDAP_TIME_LIMIT = 'ldapTimeLimit';
const F_LDAP_USE_BIND_CREDENTIALS = 'ldapUseBindCredentials';
const F_TYPEAHEAD_LIMIT = 'typeAheadLimit';
const F_TYPEAHEAD_MINLENGTH = 'typeAheadMinLength';
const F_TYPEAHEAD_LDAP_VALUE_PRINTF = 'typeAheadLdapValuePrintf';
......@@ -655,6 +660,7 @@ const FE_LDAP_BASE_DN = F_LDAP_BASE_DN;
const FE_LDAP_SEARCH = F_LDAP_SEARCH;
const FE_LDAP_ATTRIBUTES = F_LDAP_ATTRIBUTES;
const FE_LDAP_TIME_LIMIT = F_LDAP_TIME_LIMIT;
const FE_LDAP_USE_BIND_CREDENTIALS = F_LDAP_USE_BIND_CREDENTIALS;
const FE_TYPEAHEAD_LIMIT = F_TYPEAHEAD_LIMIT;
const FE_TYPEAHEAD_MINLENGTH = F_TYPEAHEAD_MINLENGTH;
const FE_TYPEAHEAD_SQL = 'typeAheadSql';
......
......@@ -580,6 +580,7 @@ class QuickFormQuery {
Support::setIfNotSet($config, F_EXTRA_DELETE_FORM, '');
Support::setIfNotSet($config, F_SUBMIT_BUTTON_TEXT, '');
Support::setIfNotSet($config, F_BUTTON_ON_CHANGE_CLASS, '');
Support::setIfNotSet($config, F_LDAP_USE_BIND_CREDENTIALS, '');
return $config;
}
......
......@@ -18,7 +18,9 @@ class ErrorHandler {
// This error code is not included in error_reporting
return false;
}
throw new CodeException(": Catchable Error in '$file' on line $line: " . $message . " - CWD: " . getcwd(), $severity, NULL);
// throw new CodeException(": Catchable Error in '$file' on line $line: " . $message . " - CWD: " . getcwd(), $severity, NULL);
// Do not show too much to the user. E.g. 'ldap_bind()' might have problems, but the user should not see the file and linenumber.
throw new CodeException($message, $severity, NULL);
}
}
\ No newline at end of file
......@@ -121,9 +121,14 @@ class FormAction {
$fe = OnArray::copyArrayItemsIfNotAlreadyExist($this->formSpec, $fe, $keyNames);
// Extract necessary elements
$config = OnArray::getArrayItems($fe, [FE_LDAP_SERVER, FE_LDAP_BASE_DN, FE_LDAP_SEARCH, FE_LDAP_ATTRIBUTES]);
$config = OnArray::getArrayItems($fe, [FE_LDAP_SERVER, FE_LDAP_BASE_DN, FE_LDAP_SEARCH, FE_LDAP_ATTRIBUTES, FE_LDAP_USE_BIND_CREDENTIALS]);
$config = $this->evaluate->parseArray($config);
if($fe[FE_LDAP_USE_BIND_CREDENTIALS]==1) {
$config[SYSTEM_LDAP_1_RDN] = $this->store->getVar(SYSTEM_LDAP_1_RDN, STORE_SYSTEM);
$config[SYSTEM_LDAP_1_PASSWORD] = $this->store->getVar(SYSTEM_LDAP_1_PASSWORD, STORE_SYSTEM);
}
$ldap = new Ldap();
$arr = $ldap->process($config, '', MODE_LDAP_SINGLE);
$this->store->setStore($arr, STORE_LDAP, true);
......
......@@ -12,9 +12,21 @@ use qfq;
require_once(__DIR__ . '/KeyValueStringParser.php');
require_once(__DIR__ . '/OnArray.php');
require_once(__DIR__ . '/../exceptions/ErrorHandler.php');
require_once(__DIR__ . '/../exceptions/UserFormException.php');
class Ldap {
/**
*
*/
public function __construct() {
// This handler is necessary to catch 'ldap_bind()' errors.
set_error_handler("\\qfq\\ErrorHandler::exception_error_handler");
}
/**
* @param $ldapServer
* @return resource
......@@ -26,6 +38,11 @@ class Ldap {
if (!$ds) {
throw new UserFormException("Unable to connect to LDAP server: $ldapServer", ERROR_LDAP_CONNECT);
}
// http://php.net/manual/en/function.ldap-set-option.php >> This function is only available when using OpenLDAP 2.x.x OR Netscape Directory SDK x.x.
// Do not check for success.
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
return $ds;
}
......@@ -113,6 +130,12 @@ class Ldap {
$ds = $this->ldapConnect($config[FE_LDAP_SERVER]); // must be a valid LDAP server!
if (isset($config[SYSTEM_LDAP_1_RDN]) && isset($config[SYSTEM_LDAP_1_PASSWORD])) {
if (false === ldap_bind($ds, $config[SYSTEM_LDAP_1_RDN], $config[SYSTEM_LDAP_1_PASSWORD])) {
throw new UserFormException("LDAP: Error trying to bind: " . ldap_error($ds), ERROR_LDAP_BIND);
}
}
$keyArr = $this->preparePrintf($config, FE_TYPEAHEAD_LDAP_KEY_PRINTF, $keyFormat);
$valueArr = $this->preparePrintf($config, FE_TYPEAHEAD_LDAP_VALUE_PRINTF, $valueFormat);
$specificArr = OnArray::arrayValueToLower(OnArray::trimArray(explode(',', $config[FE_LDAP_ATTRIBUTES])));
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment