Subversion Repositories ALCASAR

Rev

Rev 2710 | Rev 2718 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 2710 Rev 2714
Line 1... Line 1...
1
<?php
1
<?php
2
# $Id: ldap.php 2710 2019-03-05 23:37:17Z tom.houdayer $
2
# $Id: ldap.php 2714 2019-03-10 23:43:22Z tom.houdayer $
3
 
3
 
4
/* written by steweb57, Rexy & Tom HOUDAYER */
4
/* written by steweb57, Rexy & Tom HOUDAYER */
5
/****************************************************************
5
/****************************************************************
6
*			GLOBAL FILE PATHS			*
6
*			GLOBAL FILE PATHS			*
7
*****************************************************************/
7
*****************************************************************/
Line 126... Line 126...
126
	$l_ldap_entries			= "entries in the base";
126
	$l_ldap_entries			= "entries in the base";
127
	$l_check			= "Check this config";
127
	$l_check			= "Check this config";
128
	$l_checkingConf			= "Checking this configuration...";
128
	$l_checkingConf			= "Checking this configuration...";
129
}
129
}
130
 
130
 
131
function ldap_checkServerConfig($f_ldap_server, $f_ldap_identity, $f_ldap_password, $f_ldap_basedn, $f_ldap_uid, $f_ldap_ssl, $f_ldap_cert, $f_ldap_cert_required) {
131
function ldap_checkServerConfig($f_ldap_server, $f_ldap_identity, $f_ldap_password, $f_ldap_basedn, $f_ldap_base_filter, $f_ldap_uid, $f_ldap_ssl, $f_ldap_cert, $f_ldap_cert_required) {
132
	// Socket to the LDAP port of the server
132
	// Socket to the LDAP port of the server
133
	if (!$sock = @fsockopen($f_ldap_server, (($f_ldap_ssl) ? 636 : 389), $num, $error, 2)) {
133
	if (!$sock = @fsockopen($f_ldap_server, (($f_ldap_ssl) ? 636 : 389), $num, $error, 2)) {
134
		// no network connection
134
		// no network connection
135
		return -2;
135
		return -2;
136
	}
136
	}
Line 169... Line 169...
169
			return 0;
169
			return 0;
170
		}
170
		}
171
	}
171
	}
172
 
172
 
173
	// if ok, try to query the directory of users
173
	// if ok, try to query the directory of users
-
 
174
	$filter = ((!empty($f_ldap_base_filter)) ? $f_ldap_base_filter : '&');
174
	$query = $f_ldap_uid.'=*';
175
	$query = "(&($f_ldap_uid=*)($filter))";
175
	$ldap_result = @ldap_search($ldapconn, $f_ldap_basedn, $query);
176
	$ldap_result = @ldap_search($ldapconn, $f_ldap_basedn, $query);
176
	if ($ldap_result) {
177
	if ($ldap_result) {
177
		$ldap_users_count = ldap_count_entries($ldapconn, $ldap_result);
178
		$ldap_users_count = ldap_count_entries($ldapconn, $ldap_result);
178
		return ($ldap_users_count + 2);
179
		return ($ldap_users_count + 2);
179
	} else {
180
	} else {
Line 298... Line 299...
298
		}
299
		}
299
 
300
 
300
		if (!empty($varErrors)) {
301
		if (!empty($varErrors)) {
301
			$response['errors'] = $varErrors;
302
			$response['errors'] = $varErrors;
302
		} else {
303
		} else {
303
			$result = ldap_checkServerConfig($ldap_server, $ldap_user, $ldap_password, $ldap_base_dn, $ldap_uid, $ldap_ssl, $ldap_cert_tmpFilename, $ldap_cert_required);
304
			$result = ldap_checkServerConfig($ldap_server, $ldap_user, $ldap_password, $ldap_base_dn, $ldap_base_filter, $ldap_uid, $ldap_ssl, $ldap_cert_tmpFilename, $ldap_cert_required);
304
 
305
 
305
			if (($result === 0) && ($ldap_ssl && $ldap_cert_required && ((isset($ldap_cert) && ($ldap_cert['error'] === UPLOAD_ERR_OK)) || (file_exists($LDAPS_CERT_LOC))))) {
306
			if (($result === 0) && ($ldap_ssl && $ldap_cert_required && ((isset($ldap_cert) && ($ldap_cert['error'] === UPLOAD_ERR_OK)) || (file_exists($LDAPS_CERT_LOC))))) {
306
				if (filter_var($ldap_server, FILTER_VALIDATE_IP) !== false) {
307
				if (filter_var($ldap_server, FILTER_VALIDATE_IP) !== false) {
307
					if (isset($ldap_cert) && ($ldap_cert['error'] === UPLOAD_ERR_OK)) {
308
					if (isset($ldap_cert) && ($ldap_cert['error'] === UPLOAD_ERR_OK)) {
308
						$certificateInfos = openssl_x509_parse(file_get_contents($ldap_cert['tmp_name']));
309
						$certificateInfos = openssl_x509_parse(file_get_contents($ldap_cert['tmp_name']));
Line 313... Line 314...
313
						$cert_domainName = implode('.', array_reverse($matches[1]));
314
						$cert_domainName = implode('.', array_reverse($matches[1]));
314
						if ($cert_domainName !== $ldap_server) {
315
						if ($cert_domainName !== $ldap_server) {
315
							$response['warnings'][] = str_replace("§cert_domainName§", $cert_domainName, $l_ldap_cert_cn_diff_dn);
316
							$response['warnings'][] = str_replace("§cert_domainName§", $cert_domainName, $l_ldap_cert_cn_diff_dn);
316
						}
317
						}
317
					}
318
					}
318
					$res = ldap_checkServerConfig($cert_domainName, $ldap_user, $ldap_password, $ldap_base_dn, $ldap_uid, $ldap_ssl, $ldap_cert_tmpFilename, $ldap_cert_required);
319
					$res = ldap_checkServerConfig($cert_domainName, $ldap_user, $ldap_password, $ldap_base_dn, $ldap_base_filter, $ldap_uid, $ldap_ssl, $ldap_cert_tmpFilename, $ldap_cert_required);
319
					if ($res > 1) {
320
					if ($res > 1) {
320
						$result = $res;
321
						$result = $res;
321
					}
322
					}
322
					$result = max($result, $res);
323
					$result = max($result, $res);
323
				}
324
				}