forked from Wavyzz/dolibarr
NEW: ldap: filter search on usergroups
This commit is contained in:
Marc de Lima Lucio
@@ -57,7 +57,9 @@ if ($action == 'setvalue' && $user->admin) {
|
|||||||
if (!dolibarr_set_const($db, 'LDAP_GROUP_OBJECT_CLASS', GETPOST("objectclass", 'alphanohtml'), 'chaine', 0, '', $conf->entity)) {
|
if (!dolibarr_set_const($db, 'LDAP_GROUP_OBJECT_CLASS', GETPOST("objectclass", 'alphanohtml'), 'chaine', 0, '', $conf->entity)) {
|
||||||
$error++;
|
$error++;
|
||||||
}
|
}
|
||||||
|
if (!dolibarr_set_const($db, 'LDAP_GROUP_FILTER', GETPOST("filter"), 'chaine', 0, '', $conf->entity)) {
|
||||||
|
$error++;
|
||||||
|
}
|
||||||
if (!dolibarr_set_const($db, 'LDAP_GROUP_FIELD_FULLNAME', GETPOST("fieldfullname", 'alphanohtml'), 'chaine', 0, '', $conf->entity)) {
|
if (!dolibarr_set_const($db, 'LDAP_GROUP_FIELD_FULLNAME', GETPOST("fieldfullname", 'alphanohtml'), 'chaine', 0, '', $conf->entity)) {
|
||||||
$error++;
|
$error++;
|
||||||
}
|
}
|
||||||
@@ -141,6 +143,13 @@ print '</td><td>'.$langs->trans("LDAPGroupObjectClassListExample").'</td>';
|
|||||||
print '<td> </td>';
|
print '<td> </td>';
|
||||||
print '</tr>';
|
print '</tr>';
|
||||||
|
|
||||||
|
// Filter, used to filter search
|
||||||
|
print '<tr class="oddeven"><td>'.$langs->trans("LDAPFilterConnection").'</td><td>';
|
||||||
|
print '<input size="48" type="text" name="filter" value="'.$conf->global->LDAP_GROUP_FILTER.'">';
|
||||||
|
print '</td><td>'.$langs->trans("LDAPGroupFilterExample").'</td>';
|
||||||
|
print '<td></td>';
|
||||||
|
print '</tr>';
|
||||||
|
|
||||||
print '</table>';
|
print '</table>';
|
||||||
print '<br>';
|
print '<br>';
|
||||||
print '<table class="noborder centpercent">';
|
print '<table class="noborder centpercent">';
|
||||||
@@ -211,11 +220,18 @@ if ($conf->global->LDAP_SYNCHRO_ACTIVE == 'dolibarr2ldap') {
|
|||||||
$dn = $conf->global->LDAP_GROUP_DN;
|
$dn = $conf->global->LDAP_GROUP_DN;
|
||||||
$objectclass = $conf->global->LDAP_GROUP_OBJECT_CLASS;
|
$objectclass = $conf->global->LDAP_GROUP_OBJECT_CLASS;
|
||||||
|
|
||||||
|
show_ldap_test_button($butlabel, $testlabel, $key, $dn, $objectclass);
|
||||||
|
} elseif ($conf->global->LDAP_SYNCHRO_ACTIVE == 'ldap2dolibarr') {
|
||||||
|
$butlabel = $langs->trans("LDAPTestSearch");
|
||||||
|
$testlabel = 'testsearchgroup';
|
||||||
|
$key = $conf->global->LDAP_KEY_GROUPS;
|
||||||
|
$dn = $conf->global->LDAP_GROUP_DN;
|
||||||
|
$objectclass = $conf->global->LDAP_GROUP_OBJECT_CLASS;
|
||||||
show_ldap_test_button($butlabel, $testlabel, $key, $dn, $objectclass);
|
show_ldap_test_button($butlabel, $testlabel, $key, $dn, $objectclass);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (function_exists("ldap_connect")) {
|
if (function_exists("ldap_connect")) {
|
||||||
if ($_GET["action"] == 'testgroup') {
|
if ($action == 'testgroup') {
|
||||||
// Creation objet
|
// Creation objet
|
||||||
$object = new UserGroup($db);
|
$object = new UserGroup($db);
|
||||||
$object->initAsSpecimen();
|
$object->initAsSpecimen();
|
||||||
@@ -260,6 +276,66 @@ if (function_exists("ldap_connect")) {
|
|||||||
print $langs->trans("ErrorLDAPMakeManualTest", $conf->ldap->dir_temp).'<br>';
|
print $langs->trans("ErrorLDAPMakeManualTest", $conf->ldap->dir_temp).'<br>';
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if ($action == 'testsearchgroup') {
|
||||||
|
// Creation objet
|
||||||
|
$object = new UserGroup($db);
|
||||||
|
$object->initAsSpecimen();
|
||||||
|
|
||||||
|
// TODO Mutualize code following with other ldap_xxxx.php pages
|
||||||
|
|
||||||
|
// Test synchro
|
||||||
|
$ldap = new Ldap();
|
||||||
|
$result = $ldap->connect_bind();
|
||||||
|
|
||||||
|
if ($result > 0) {
|
||||||
|
$required_fields = array(
|
||||||
|
$conf->global->LDAP_KEY_GROUPS,
|
||||||
|
// $conf->global->LDAP_GROUP_FIELD_NAME,
|
||||||
|
$conf->global->LDAP_GROUP_FIELD_DESCRIPTION,
|
||||||
|
$conf->global->LDAP_GROUP_FIELD_GROUPMEMBERS,
|
||||||
|
$conf->global->LDAP_GROUP_FIELD_GROUPID
|
||||||
|
);
|
||||||
|
|
||||||
|
// Remove from required_fields all entries not configured in LDAP (empty) and duplicated
|
||||||
|
$required_fields = array_unique(array_values(array_filter($required_fields, "dol_validElement")));
|
||||||
|
|
||||||
|
// Get from LDAP database an array of results
|
||||||
|
$ldapgroups = $ldap->getRecords('*', $conf->global->LDAP_GROUP_DN, $conf->global->LDAP_KEY_USERS, $required_fields, 'group');
|
||||||
|
//$ldapgroups = $ldap->getRecords('*', $conf->global->LDAP_GROUP_DN, $conf->global->LDAP_KEY_USERS, '', 'group');
|
||||||
|
|
||||||
|
if (is_array($ldapgroups)) {
|
||||||
|
$liste = array();
|
||||||
|
foreach ($ldapgroups as $key => $ldapgroup) {
|
||||||
|
// Define the label string for this user
|
||||||
|
$label = '';
|
||||||
|
foreach ($required_fields as $value) {
|
||||||
|
if ($value) {
|
||||||
|
$label .= $value."=".$ldapgroup[$value]." ";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
$liste[$key] = $label;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
setEventMessages($ldap->error, $ldap->errors, 'errors');
|
||||||
|
}
|
||||||
|
|
||||||
|
print "<br>\n";
|
||||||
|
print "LDAP search for user:<br>\n";
|
||||||
|
print "search: *<br>\n";
|
||||||
|
print "userDN: ".$conf->global->LDAP_GROUP_DN."<br>\n";
|
||||||
|
print "useridentifier: ".$conf->global->LDAP_KEY_GROUPS."<br>\n";
|
||||||
|
print "required_fields: ".implode(',', $required_fields)."<br>\n";
|
||||||
|
print "=> ".count($liste)." records<br>\n";
|
||||||
|
print "\n<br>";
|
||||||
|
} else {
|
||||||
|
print img_picto('', 'error').' ';
|
||||||
|
print '<font class="error">'.$langs->trans("LDAPSynchroKO");
|
||||||
|
print ': '.$ldap->error;
|
||||||
|
print '</font><br>';
|
||||||
|
print $langs->trans("ErrorLDAPMakeManualTest", $conf->ldap->dir_temp).'<br>';
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// End of page
|
// End of page
|
||||||
|
|||||||
@@ -139,6 +139,7 @@ class Ldap
|
|||||||
$this->groups = $conf->global->LDAP_GROUP_DN;
|
$this->groups = $conf->global->LDAP_GROUP_DN;
|
||||||
|
|
||||||
$this->filter = $conf->global->LDAP_FILTER_CONNECTION; // Filter on user
|
$this->filter = $conf->global->LDAP_FILTER_CONNECTION; // Filter on user
|
||||||
|
$this->filtergroup = $conf->global->LDAP_GROUP_FILTER; // Filter on groups
|
||||||
$this->filtermember = $conf->global->LDAP_MEMBER_FILTER; // Filter on member
|
$this->filtermember = $conf->global->LDAP_MEMBER_FILTER; // Filter on member
|
||||||
|
|
||||||
// Users
|
// Users
|
||||||
@@ -935,7 +936,7 @@ class Ldap
|
|||||||
* @param string $userDn DN (Ex: ou=adherents,ou=people,dc=parinux,dc=org)
|
* @param string $userDn DN (Ex: ou=adherents,ou=people,dc=parinux,dc=org)
|
||||||
* @param string $useridentifier Name of key field (Ex: uid)
|
* @param string $useridentifier Name of key field (Ex: uid)
|
||||||
* @param array $attributeArray Array of fields required. Note this array must also contains field $useridentifier (Ex: sn,userPassword)
|
* @param array $attributeArray Array of fields required. Note this array must also contains field $useridentifier (Ex: sn,userPassword)
|
||||||
* @param int $activefilter '1' or 'user'=use field this->filter as filter instead of parameter $search, 'member'=use field this->filtermember as filter
|
* @param int $activefilter '1' or 'user'=use field this->filter as filter instead of parameter $search, 'group'=user field this->filtergroup as filter, 'member'=use field this->filtermember as filter
|
||||||
* @param array $attributeAsArray Array of fields wanted as an array not a string
|
* @param array $attributeAsArray Array of fields wanted as an array not a string
|
||||||
* @return array Array of [id_record][ldap_field]=value
|
* @return array Array of [id_record][ldap_field]=value
|
||||||
*/
|
*/
|
||||||
@@ -955,6 +956,8 @@ class Ldap
|
|||||||
if (!empty($activefilter)) {
|
if (!empty($activefilter)) {
|
||||||
if (((string) $activefilter == '1' || (string) $activefilter == 'user') && $this->filter) {
|
if (((string) $activefilter == '1' || (string) $activefilter == 'user') && $this->filter) {
|
||||||
$filter = '('.$this->filter.')';
|
$filter = '('.$this->filter.')';
|
||||||
|
} elseif (((string) $activefilter == 'group') && $this->filtergroup ) {
|
||||||
|
$filter = '('.$this->filtergroup.')';
|
||||||
} elseif (((string) $activefilter == 'member') && $this->filter) {
|
} elseif (((string) $activefilter == 'member') && $this->filter) {
|
||||||
$filter = '('.$this->filtermember.')';
|
$filter = '('.$this->filtermember.')';
|
||||||
} else {
|
} else {
|
||||||
|
|||||||
@@ -85,6 +85,7 @@ class modLdap extends DolibarrModules
|
|||||||
11=>array('LDAP_FIELD_PHONE', 'chaine', 'telephonenumber', '', 0),
|
11=>array('LDAP_FIELD_PHONE', 'chaine', 'telephonenumber', '', 0),
|
||||||
12=>array('LDAP_FIELD_FAX', 'chaine', 'facsimiletelephonenumber', '', 0),
|
12=>array('LDAP_FIELD_FAX', 'chaine', 'facsimiletelephonenumber', '', 0),
|
||||||
13=>array('LDAP_FIELD_MOBILE', 'chaine', 'mobile', '', 0),
|
13=>array('LDAP_FIELD_MOBILE', 'chaine', 'mobile', '', 0),
|
||||||
|
14=>array('LDAP_GROUP_FILTER', 'chaine', '&(objectClass=groupOfNames)', '', 0),
|
||||||
);
|
);
|
||||||
|
|
||||||
// Boxes
|
// Boxes
|
||||||
|
|||||||
@@ -1512,6 +1512,7 @@ LDAPFieldLoginUnix=Login (unix)
|
|||||||
LDAPFieldLoginExample=Example: uid
|
LDAPFieldLoginExample=Example: uid
|
||||||
LDAPFilterConnection=Search filter
|
LDAPFilterConnection=Search filter
|
||||||
LDAPFilterConnectionExample=Example: &(objectClass=inetOrgPerson)
|
LDAPFilterConnectionExample=Example: &(objectClass=inetOrgPerson)
|
||||||
|
LDAPGroupFilterExample=Example: &(objectClass=groupOfUsers)
|
||||||
LDAPFieldLoginSamba=Login (samba, activedirectory)
|
LDAPFieldLoginSamba=Login (samba, activedirectory)
|
||||||
LDAPFieldLoginSambaExample=Example: samaccountname
|
LDAPFieldLoginSambaExample=Example: samaccountname
|
||||||
LDAPFieldFullname=Full name
|
LDAPFieldFullname=Full name
|
||||||
|
|||||||
@@ -97,7 +97,11 @@ print "port=".$conf->global->LDAP_SERVER_PORT."\n";
|
|||||||
print "login=".$conf->global->LDAP_ADMIN_DN."\n";
|
print "login=".$conf->global->LDAP_ADMIN_DN."\n";
|
||||||
print "pass=".preg_replace('/./i', '*', $conf->global->LDAP_ADMIN_PASS)."\n";
|
print "pass=".preg_replace('/./i', '*', $conf->global->LDAP_ADMIN_PASS)."\n";
|
||||||
print "DN to extract=".$conf->global->LDAP_GROUP_DN."\n";
|
print "DN to extract=".$conf->global->LDAP_GROUP_DN."\n";
|
||||||
|
if (!empty($conf->global->LDAP_GROUP_FILTER)) {
|
||||||
|
print 'Filter=('.$conf->global->LDAP_GROUP_FILTER.')'."\n"; // Note: filter is defined into function getRecords
|
||||||
|
} else {
|
||||||
print 'Filter=('.$conf->global->LDAP_KEY_GROUPS.'=*)'."\n";
|
print 'Filter=('.$conf->global->LDAP_KEY_GROUPS.'=*)'."\n";
|
||||||
|
}
|
||||||
print "----- To Dolibarr database:\n";
|
print "----- To Dolibarr database:\n";
|
||||||
print "type=".$conf->db->type."\n";
|
print "type=".$conf->db->type."\n";
|
||||||
print "host=".$conf->db->host."\n";
|
print "host=".$conf->db->host."\n";
|
||||||
@@ -127,7 +131,7 @@ if ($result >= 0) {
|
|||||||
// We disable synchro Dolibarr-LDAP
|
// We disable synchro Dolibarr-LDAP
|
||||||
$conf->global->LDAP_SYNCHRO_ACTIVE = 0;
|
$conf->global->LDAP_SYNCHRO_ACTIVE = 0;
|
||||||
|
|
||||||
$ldaprecords = $ldap->getRecords('*', $conf->global->LDAP_GROUP_DN, $conf->global->LDAP_KEY_GROUPS, $required_fields, 0, array($conf->global->LDAP_GROUP_FIELD_GROUPMEMBERS));
|
$ldaprecords = $ldap->getRecords('*', $conf->global->LDAP_GROUP_DN, $conf->global->LDAP_KEY_GROUPS, $required_fields, 'group', array($conf->global->LDAP_GROUP_FIELD_GROUPMEMBERS));
|
||||||
if (is_array($ldaprecords)) {
|
if (is_array($ldaprecords)) {
|
||||||
$db->begin();
|
$db->begin();
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user