Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2026-01-06 00:53:00 +01:00
Code Issues Packages Projects Releases Wiki Activity

Use login from LDAP attribute

Browse Source 
The LDAP authentication function (check_user_password_ldap) returns the login
sting when authentication is successful.

The current implementation always return the provided login to the check function,
instead of LDAP entry login field (as defined in the LDAP_FIELD_LOGIN).

This is problematic when you expect user to log with several login, like mail,
or the LDAP login doesn't match the dolibarr database.

For example, the following filter allows users auth with mail and cn ldap fields:
$dolibarr_main_auth_ldap_filter = '(&(objectClass=person)(|(cn=%1%)(mail=%1%)))';
but, dolibarr will not find the user when mail is provided.

This patch returns the $ldap->login when LDAP_FIELD_LOGIN is configured.
This commit is contained in:
Sébastien Luttringer
2021-01-10 18:15:26 +01:00
parent 53f09e31cc
commit 3f13dacacd
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
htdocs/core/login/functions_ldap.php
View File

@@ -148,8 +148,11 @@ function check_user_password_ldap($usertotest, $passwordtotest, $entitytotest)
{
if ($result == 2) // Connection is ok for user/pass into LDAP
{
dol_syslog("functions_ldap::check_user_password_ldap Authentification ok");
$login = $usertotest;
if (!empty($conf->global->LDAP_FIELD_LOGIN)) {
$login = $ldap->login;
}
dol_syslog("functions_ldap::check_user_password_ldap $login authentication ok");
require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php';