From d857e2d8b8a279e3f0510e11c148d110791103f1 Mon Sep 17 00:00:00 2001 From: nuxsmin Date: Wed, 4 May 2016 00:50:35 +0200 Subject: [PATCH] * [FIX] Closes #204. Fixed LDAP group search when ADS is set. Thanks to @vplanas --- inc/Auth.class.php | 21 +++++++++++---------- inc/Ldap.class.php | 16 ++++++++++++---- inc/LdapADS.class.php | 2 +- 3 files changed, 24 insertions(+), 15 deletions(-) diff --git a/inc/Auth.class.php b/inc/Auth.class.php index 1a7518e3..28498b56 100644 --- a/inc/Auth.class.php +++ b/inc/Auth.class.php @@ -96,7 +96,7 @@ class Auth } // Comprobamos que el usuario está en el grupo indicado buscando en los atributos del grupo } else { - $ldapGroupAccess = (Ldap::searchUserInGroup($userDN) || LdapADS::searchADUserInGroup($userLogin)); + $ldapGroupAccess = (Ldap::isADS()) ? LdapADS::searchADUserInGroup($userLogin) : Ldap::searchUserInGroup($userDN); } } else { $ldapGroupAccess = true; @@ -236,15 +236,6 @@ class Auth return true; } - /** - * Devuelve el typo de autentificación del servidor web - * @return string - */ - public static function getServerAuthType() - { - return strtoupper($_SERVER['AUTH_TYPE']); - } - /** * Devolver el nombre del usuario autentificado por el servidor web * @@ -260,4 +251,14 @@ class Auth return ''; } + + /** + * Devuelve el typo de autentificación del servidor web + * + * @return string + */ + public static function getServerAuthType() + { + return strtoupper($_SERVER['AUTH_TYPE']); + } } diff --git a/inc/Ldap.class.php b/inc/Ldap.class.php index eb480047..8a1f085c 100644 --- a/inc/Ldap.class.php +++ b/inc/Ldap.class.php @@ -36,7 +36,7 @@ class Ldap // Variabla que contiene los datos de una búsqueda public static $ldapSearchData; // Variable para determinar si conecta con Active Directory - protected static $_isADS = false; + protected static $_ADS = false; // Variables de conexión con LDAP protected static $_ldapConn; @@ -253,9 +253,9 @@ class Ldap */ public static function checkLDAPParams() { - self::$_isADS = Config::getValue('ldap_ads', false); + self::$_ADS = Config::getValue('ldap_ads', false); self::$_searchBase = Config::getValue('ldap_base'); - self::$_ldapServer = (!self::$_isADS) ? Config::getValue('ldap_server') : LdapADS::getADServer(Config::getValue('ldap_server')); + self::$_ldapServer = (!self::$_ADS) ? Config::getValue('ldap_server') : LdapADS::getADServer(Config::getValue('ldap_server')); self::$_bindDN = Config::getValue('ldap_binduser'); self::$_bindPass = Config::getValue('ldap_bindpass'); self::$_ldapGroup = Config::getValue('ldap_group', '*'); @@ -280,7 +280,7 @@ class Ldap { $log = new Log(__FUNCTION__); - if (self::$_isADS === true) { + if (self::$_ADS === true) { $filter = '(&(|(samaccountname=' . $userLogin . ')(cn=' . $userLogin . ')(uid=' . $userLogin . '))(|(objectClass=inetOrgPerson)(objectClass=person)(objectClass=simpleSecurityObject))(objectCategory=person))'; } else { $filter = '(&(|(samaccountname=' . $userLogin . ')(cn=' . $userLogin . ')(uid=' . $userLogin . '))(|(objectClass=inetOrgPerson)(objectClass=person)(objectClass=simpleSecurityObject)))'; @@ -431,4 +431,12 @@ class Ldap return preg_replace($chars, '\\\$1', $dn); } + /** + * @return boolean + */ + public static function isADS() + { + return self::$_ADS; + } + } diff --git a/inc/LdapADS.class.php b/inc/LdapADS.class.php index 9acedb5b..47972860 100644 --- a/inc/LdapADS.class.php +++ b/inc/LdapADS.class.php @@ -76,7 +76,7 @@ class LdapADS extends Ldap */ public static function searchADUserInGroup($userLogin) { - if (Ldap::$_isADS === false) { + if (Ldap::$_ADS === false) { return false; }