Some syntax adjustments to make ldap_bind work
This commit is contained in:
parent
5d85267e0f
commit
fd049a8928
61
plugin.php
61
plugin.php
@ -4,20 +4,18 @@ Plugin Name: Simple LDAP Auth
|
||||
Plugin URI:
|
||||
Description: This plugin enables use of LDAP provider for authentication
|
||||
Version: 1.1
|
||||
Author: k3a
|
||||
Author URI: http://k3a.me
|
||||
Author: vmario
|
||||
Author URI: https://gitea.fablabchemnitz.de/vmario/yourls-ldap-auth
|
||||
*/
|
||||
// Thanks to nicwaller (https://github.com/nicwaller) for cas plugin I used as a reference!
|
||||
|
||||
// No direct call
|
||||
if( !defined( 'YOURLS_ABSPATH' ) ) die();
|
||||
|
||||
|
||||
// returns true if the environment is set up right
|
||||
function ldapauth_environment_check() {
|
||||
$required_params = array(
|
||||
'LDAPAUTH_HOST', // ldap host
|
||||
//'LDAPAUTH_PORT', // ldap port
|
||||
'LDAPAUTH_BASE', // base ldap path
|
||||
//'LDAPAUTH_USERNAME_FIELD', // field to check the username against
|
||||
);
|
||||
@ -30,9 +28,6 @@ function ldapauth_environment_check() {
|
||||
}
|
||||
}
|
||||
|
||||
if ( !defined( 'LDAPAUTH_PORT' ) )
|
||||
define( 'LDAPAUTH_PORT', 389 );
|
||||
|
||||
if ( !defined( 'LDAPAUTH_USERNAME_FIELD' ) )
|
||||
define( 'LDAPAUTH_USERNAME_FIELD', 'uid' );
|
||||
|
||||
@ -73,53 +68,9 @@ function ldapauth_shuffle_assoc($list) {
|
||||
return $random;
|
||||
}
|
||||
|
||||
// return list of Active Directory Ldap servers that are associated with a site and service
|
||||
// example for $site = = '_ldap._tcp.corporate._sites.company.com'
|
||||
function ldapauth_get_ad_servers_for_site() {
|
||||
$results = [];
|
||||
$ad_servers = dns_get_record(LDAPAUTH_DNS_SITES_AND_SERVICES, DNS_SRV, $authns, $addtl);
|
||||
foreach ($ad_servers as $ad_server) {
|
||||
array_push($results, $ad_server['target']);
|
||||
}
|
||||
$results = ldapauth_shuffle_assoc($results); #randomize the order
|
||||
return $results;
|
||||
}
|
||||
|
||||
// returns ldap connection
|
||||
function ldapauth_get_ldap_connection() {
|
||||
if (defined('LDAPAUTH_DNS_SITES_AND_SERVICES')) {
|
||||
$connection = NULL;
|
||||
$ldap_servers = ldapauth_get_ad_servers_for_site();
|
||||
foreach ($ldap_servers as $ldap_server) {
|
||||
$ldap_address = LDAPAUTH_HOST . $ldap_server;
|
||||
try {
|
||||
$temp_conn = ldap_connect($ldap_address, LDAPAUTH_PORT); # ldap_connect doesn't actually connect it just checks for plausiable parameters. Only ldap_bind connects
|
||||
if ($temp_conn) {
|
||||
$connection = $temp_conn;
|
||||
break;
|
||||
} else {
|
||||
error_log('Warning, unable to connect to: ' . $ldap_address . ' on port ' . LDAPAUTH_PORT . '. ' . ldap_error($temp_conn));
|
||||
}
|
||||
} catch (Exception $e) {
|
||||
error_log('Warning, unable to connect to: ' . $ldap_address . ' on port ' . LDAPAUTH_PORT . '. ' . __FILE__, __FUNCTION__,$e->getMessage());
|
||||
}
|
||||
}
|
||||
|
||||
if ($connection) {
|
||||
return $connection;
|
||||
} else {
|
||||
die("Cannot connect to LDAP for site and service " . LDAPAUTH_DNS_SITES_AND_SERVICES);
|
||||
}
|
||||
|
||||
} else {
|
||||
return ldap_connect(LDAPAUTH_HOST, LDAPAUTH_PORT);
|
||||
}
|
||||
}
|
||||
|
||||
// returns true/false
|
||||
function ldapauth_is_valid_user( $value ) {
|
||||
global $yourls_user_passwords;
|
||||
|
||||
// Always check & set early
|
||||
if ( !ldapauth_environment_check() ) {
|
||||
die( 'Invalid configuration for YOURLS LDAP plugin. Check PHP error log.' );
|
||||
@ -139,7 +90,6 @@ function ldapauth_is_valid_user( $value ) {
|
||||
if (!defined(LDAPAUTH_USERCACHE_TYPE)) {
|
||||
@session_start();
|
||||
}
|
||||
|
||||
if (!defined(LDAPAUTH_USERCACHE_TYPE) && isset( $_SESSION['LDAPAUTH_AUTH_USER'] ) ) {
|
||||
// already authenticated...
|
||||
$username = $_SESSION['LDAPAUTH_AUTH_USER'];
|
||||
@ -163,7 +113,7 @@ function ldapauth_is_valid_user( $value ) {
|
||||
&& !empty( $_REQUEST['username'] ) && !empty( $_REQUEST['password'] ) ) {
|
||||
|
||||
// try to authenticate
|
||||
$ldapConnection = ldapauth_get_ldap_connection();
|
||||
$ldapConnection = ldap_connect(LDAPAUTH_HOST);
|
||||
if (!$ldapConnection) die("Cannot connect to LDAP " . LDAPAUTH_HOST);
|
||||
ldap_set_option($ldapConnection, LDAP_OPT_PROTOCOL_VERSION, 3);
|
||||
//ldap_set_option($ldapConnection, LDAP_OPT_REFERRALS, 0);
|
||||
@ -176,7 +126,6 @@ function ldapauth_is_valid_user( $value ) {
|
||||
return $value;
|
||||
}
|
||||
}
|
||||
|
||||
// Check if using a privileged user account to search - only if not already bound with current user
|
||||
if (defined('LDAPAUTH_SEARCH_USER') && defined('LDAPAUTH_SEARCH_PASS') && empty($ldapSuccess)) {
|
||||
if (!@ldap_bind($ldapConnection, LDAPAUTH_SEARCH_USER, LDAPAUTH_SEARCH_PASS)) {
|
||||
@ -230,7 +179,6 @@ function ldapauth_is_valid_user( $value ) {
|
||||
if (LDAPAUTH_ADD_NEW && !array_key_exists($username, $yourls_user_passwords)) {
|
||||
ldapauth_create_user( $username, $_REQUEST['password'] );
|
||||
}
|
||||
|
||||
if (LDAPAUTH_USERCACHE_TYPE == 1) {
|
||||
// store the current user credentials in our cache. This cuts down calls to the LDAP
|
||||
// server, and allows API keys to work with LDAP users
|
||||
@ -353,6 +301,3 @@ function ldapauth_debug ($msg) {
|
||||
error_log("yourls_ldap_auth: " . $msg);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user