-
Notifications
You must be signed in to change notification settings - Fork 71
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Adapt vars name for consistency Add a light CSS design
- Loading branch information
1 parent
8fddce2
commit 0c1eaf3
Showing
18 changed files
with
302 additions
and
205 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,16 +1,16 @@ | ||
| <?php | ||
| // LDAP parameters | ||
| $hostname = getenv('ldap_host') ?: "ldap://ldap.company.com/"; | ||
| $port = intval(getenv('ldap_port')) ?: 389; | ||
| $ldap_host = getenv('ldap_host') ?: "ldap://ldap.company.com/"; | ||
| $ldap_port = intval(getenv('ldap_port')) ?: 389; | ||
| $ldap_version = intval(getenv('ldap_version')) ?: 3; | ||
|
|
||
| // Attribute use to identify user on LDAP - ex : uid, mail, sAMAccountName | ||
| $search_attribute = getenv('ldap_search_attribute') ?: "uid"; | ||
| $ldap_search_attribute = getenv('ldap_search_attribute') ?: "uid"; | ||
|
|
||
| // variable use in resource.php | ||
| $base = getenv('ldap_base_dn') ?: "ou=People,o=Company"; | ||
| $filter = getenv('ldap_filter') ?: "objectClass=*"; | ||
| $ldap_base_dn = getenv('ldap_base_dn') ?: "ou=People,o=Company"; | ||
| $ldap_filter = getenv('ldap_filter') ?: "objectClass=*"; | ||
|
|
||
| // ldap service user to allow search in ldap | ||
| $bind_dn = getenv('ldap_bind_dn') ?: ""; | ||
| $bind_pass = getenv('ldap_bind_pass') ?: ""; | ||
| $ldap_bind_dn = getenv('ldap_bind_dn') ?: ""; | ||
| $ldap_bind_pass = getenv('ldap_bind_pass') ?: ""; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,17 +1,17 @@ | ||
| <?php | ||
| // LDAP server | ||
| $hostname = "<%= @ldap_uri %>"; | ||
| $port = <%= @ldap_port %>; | ||
| $ldap_host = "<%= @ldap_uri %>"; | ||
| $ldap_port = <%= @ldap_port %>; | ||
|
|
||
| // Attribute use to identify user on LDAP (used in connexion.php, replace $rdn_suffix) - ex : uid, mail, sAMAccountName | ||
| $search_attribute = "<%= @ldap_attribute %>"; | ||
| $ldap_search_attribute = "<%= @ldap_attribute %>"; | ||
|
|
||
| // Base directory name of the LDAP | ||
| $base = "<%= @ldap_base %>"; | ||
| $ldap_base_dn = "<%= @ldap_base %>"; | ||
|
|
||
| // An optional filter to search in LDAP - ex : objectClass=person | ||
| $filter = "<%= @ldap_filter %>"; | ||
| $ldap_filter = "<%= @ldap_filter %>"; | ||
|
|
||
| // ldap service user to allow search in ldap | ||
| $bind_dn = "<%= @ldap_bind_dn %>"; | ||
| $bind_pass = "<%= @ldap_bind_pass %>"; | ||
| $ldap_bind_dn = "<%= @ldap_bind_dn %>"; | ||
| $ldap_bind_pass = "<%= @ldap_bind_pass %>"; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -16,28 +16,28 @@ class LDAP implements LDAPInterface | |
| /** | ||
| * LDAP Resource | ||
| * | ||
| * @param string @hostname | ||
| * @param string @ldap_host | ||
| * Either a hostname or, with OpenLDAP 2.x.x and later, a full LDAP URI | ||
| * @param int @port | ||
| * @param int @ldap_port | ||
| * An optional int to specify ldap server port, by default : 389 | ||
| * @param int @ldap_version | ||
| * An optional int to specify ldap version, by default LDAP V3 protocol is used | ||
| * | ||
| * Initiate LDAP connection by creating an associated resource | ||
| */ | ||
| public function __construct($hostname, $port = 389, $ldap_version = 3) | ||
| public function __construct($ldap_host, $ldap_port = 389, $ldap_version = 3) | ||
| { | ||
| if (!is_string($hostname)) | ||
| if (!is_string($ldap_host)) | ||
| { | ||
| throw new InvalidArgumentException('First argument to LDAP must be the hostname of a ldap server (string). Ex: ldap//example.com/ '); | ||
| } | ||
|
|
||
| if (!is_int($port)) | ||
| if (!is_int($ldap_port)) | ||
| { | ||
| throw new InvalidArgumentException('Second argument to LDAP must be the ldap server port (int). Ex : 389'); | ||
| } | ||
|
|
||
| $ldap = ldap_connect($hostname, $port) | ||
| $ldap = ldap_connect($ldap_host, $ldap_port) | ||
| or die("Unable to connect to the ldap server : $ldaphost ! Please check your configuration."); | ||
|
|
||
| // Support LDAP V3 since many users have encountered difficulties with LDAP V3. | ||
|
|
@@ -58,22 +58,22 @@ public function __construct($hostname, $port = 389, $ldap_version = 3) | |
| * A ldap username or email or sAMAccountName | ||
| * @param string @password | ||
| * An optional password linked to the user, if not provided an anonymous bind is attempted | ||
| * @param string @search_attribute | ||
| * @param string @ldap_search_attribute | ||
| * The attribute used on your LDAP to identify user (uid, email, cn, sAMAccountName) | ||
| * @param string @filter | ||
| * @param string @ldap_filter | ||
| * An optional filter to search in LDAP (ex : objectClass = person). | ||
| * @param string @base_dn | ||
| * @param string @ldap_base_dn | ||
| * The LDAP base DN. | ||
| * @param string @bind_dn | ||
| * @param string @ldap_bind_dn | ||
| * The directory name of a service user to bind before search. Must be a user with read permission on LDAP. | ||
| * @param string @bind_pass | ||
| * @param string @ldap_bind_pass | ||
| * The password associated to the service user to bind before search. | ||
| * | ||
| * @return | ||
| * TRUE if the user is identified and can access to the LDAP server | ||
| * and FALSE if it isn't | ||
| */ | ||
| public function checkLogin($user, $password = null, $search_attribute, $filter = null, $base_dn,$bind_dn, $bind_pass) { | ||
| public function checkLogin($user, $password = null, $ldap_search_attribute, $ldap_filter = null, $ldap_base_dn,$ldap_bind_dn, $ldap_bind_pass) { | ||
| if (!is_string($user)) | ||
| { | ||
| throw new InvalidArgumentException('First argument to LDAP/checkLogin must be the username or email of a ldap user (string). Ex: jdupont or [email protected]'); | ||
|
|
@@ -82,49 +82,49 @@ public function checkLogin($user, $password = null, $search_attribute, $filter = | |
| { | ||
| throw new InvalidArgumentException('Second argument to LDAP/checkLogin must be the password associated to the relative directory name (string).'); | ||
| } | ||
| if (!is_string($search_attribute)) | ||
| if (!is_string($ldap_search_attribute)) | ||
| { | ||
| throw new InvalidArgumentException('Third argument to LDAP/checkLogin must be the attribute to identify users (ex : uid, email, sAMAccountName) (string).'); | ||
| } | ||
| if (!is_string($filter) && $filter != null) | ||
| if (!is_string($ldap_filter) && $ldap_filter != null) | ||
| { | ||
| throw new InvalidArgumentException('Fourth argument to LDAP/checkLogin must be an optional filter to search in LDAP (string).'); | ||
| } | ||
| if (!is_string($base_dn)) | ||
| if (!is_string($ldap_base_dn)) | ||
| { | ||
| throw new InvalidArgumentException('Fifth argument to LDAP/checkLogin must be the ldap base directory name (string). Ex: o=Company'); | ||
| } | ||
| if (!is_string($bind_dn) && $bind_dn != null) | ||
| if (!is_string($ldap_bind_dn) && $ldap_bind_dn != null) | ||
| { | ||
| throw new InvalidArgumentException('Sixth argument to LDAP/checkLogin must be an optional service account on restrictive LDAP (string).'); | ||
| } | ||
| if (!is_string($bind_pass) && $bind_pass != null) | ||
| if (!is_string($ldap_bind_pass) && $ldap_bind_pass != null) | ||
| { | ||
| throw new InvalidArgumentException('Seventh argument to LDAP/checkLogin must be an optional password for the service account on restrictive LDAP (string).'); | ||
| } | ||
|
|
||
| // If LDAP service account for search is specified, do an ldap_bind with this account | ||
| if ($bind_dn != '' && $bind_dn != null) | ||
| if ($ldap_bind_dn != '' && $ldap_bind_dn != null) | ||
| { | ||
| $bind_result=ldap_bind($this->ldap_server,$bind_dn,$bind_pass); | ||
| $bind_result=ldap_bind($this->ldap_server,$ldap_bind_dn,$ldap_bind_pass); | ||
|
|
||
| // If authentification failed, throw an exception | ||
| if (!$bind_result) | ||
| { | ||
| throw new Exception('An error has occured during ldap_bind execution. Please check parameter of LDAP/checkLogin, and make sure that user provided have read permission on LDAP.'); | ||
| } | ||
| } | ||
| if ($filter!="" && $filter != null) | ||
| if ($ldap_filter!="" && $ldap_filter != null) | ||
| { | ||
| $search_filter = '(&(' . $search_attribute . '=' . $user . ')(' . $filter .'))'; | ||
| $search_filter = '(&(' . $ldap_search_attribute . '=' . $user . ')(' . $ldap_filter .'))'; | ||
| } | ||
| else | ||
| { | ||
| $search_filter = $search_attribute . '=' . $user; | ||
| $search_filter = $ldap_search_attribute . '=' . $user; | ||
| } | ||
|
|
||
|
|
||
| $result = ldap_search($this->ldap_server, $base_dn, $search_filter, array(), 0, 1, 500); | ||
| $result = ldap_search($this->ldap_server, $ldap_base_dn, $search_filter, array(), 0, 1, 500); | ||
|
|
||
| if (!$result) | ||
| { | ||
|
|
@@ -146,43 +146,43 @@ public function checkLogin($user, $password = null, $search_attribute, $filter = | |
| } | ||
|
|
||
| /** | ||
| * @param string @base_dn | ||
| * @param string @ldap_base_dn | ||
| * The LDAP base DN. | ||
| * @param string @filter | ||
| * @param string @ldap_filter | ||
| * A filter to get relevant data. Often the user id in ldap (uid or sAMAccountName). | ||
| * @param string @bind_dn | ||
| * @param string @ldap_bind_dn | ||
| * The directory name of a service user to bind before search. Must be a user with read permission on LDAP. | ||
| * @param string @bind_pass | ||
| * @param string @ldap_bind_pass | ||
| * The password associated to the service user to bind before search. | ||
| * @param string @search_attribute | ||
| * @param string @ldap_search_attribute | ||
| * The attribute used on your LDAP to identify user (uid, email, cn, sAMAccountName) | ||
| * @param string @user | ||
| * A ldap username or email or sAMAccountName | ||
| * | ||
| * @return | ||
| * An array with the user's mail, complete name and directory name. | ||
| */ | ||
| public function getDataForMattermost($base_dn, $filter, $bind_dn, $bind_pass, $search_attribute, $user) { | ||
| public function getDataForMattermost($ldap_base_dn, $ldap_filter, $ldap_bind_dn, $ldap_bind_pass, $ldap_search_attribute, $user) { | ||
|
|
||
| $attribute=array("cn","mail"); | ||
|
|
||
| if (!is_string($base_dn)) | ||
| if (!is_string($ldap_base_dn)) | ||
| { | ||
| throw new InvalidArgumentException('First argument to LDAP/getData must be the ldap base directory name (string). Ex: o=Company'); | ||
| } | ||
| if (!is_string($filter)) | ||
| if (!is_string($ldap_filter)) | ||
| { | ||
| throw new InvalidArgumentException('Second argument to LDAP/getData must be a filter to get relevant data. Often is the user id in ldap (string). Ex : uid=jdupont'); | ||
| } | ||
| if (!is_string($bind_dn) && $bind_dn != null) | ||
| if (!is_string($ldap_bind_dn) && $ldap_bind_dn != null) | ||
| { | ||
| throw new InvalidArgumentException('Third argument to LDAP/getData must be an optional service account on restrictive LDAP (string).'); | ||
| } | ||
| if (!is_string($bind_pass) && $bind_pass != null) | ||
| if (!is_string($ldap_bind_pass) && $ldap_bind_pass != null) | ||
| { | ||
| throw new InvalidArgumentException('Fourth argument to LDAP/getData must be an optional password for the service account on restrictive LDAP (string).'); | ||
| } | ||
| if (!is_string($search_attribute)) | ||
| if (!is_string($ldap_search_attribute)) | ||
| { | ||
| throw new InvalidArgumentException('Fifth argument to LDAP/getData must be the attribute to identify users (ex : uid, email, sAMAccountName) (string).'); | ||
| } | ||
|
|
@@ -192,9 +192,9 @@ public function getDataForMattermost($base_dn, $filter, $bind_dn, $bind_pass, $s | |
| } | ||
|
|
||
| // If LDAP service account for search is specified, do an ldap_bind with this account | ||
| if ($bind_dn != '' && $bind_dn != null) | ||
| if ($ldap_bind_dn != '' && $ldap_bind_dn != null) | ||
| { | ||
| $bind_result=ldap_bind($this->ldap_server,$bind_dn,$bind_pass); | ||
| $bind_result=ldap_bind($this->ldap_server,$ldap_bind_dn,$ldap_bind_pass); | ||
|
|
||
| // If authentification failed, throw an exception | ||
| if (!$bind_result) | ||
|
|
@@ -203,16 +203,16 @@ public function getDataForMattermost($base_dn, $filter, $bind_dn, $bind_pass, $s | |
| } | ||
| } | ||
|
|
||
| if ($filter!="" && $filter != null) | ||
| if ($ldap_filter!="" && $ldap_filter != null) | ||
| { | ||
| $search_filter = '(&(' . $search_attribute . '=' . $user . ')(' . $filter .'))'; | ||
| $search_filter = '(&(' . $ldap_search_attribute . '=' . $user . ')(' . $ldap_filter .'))'; | ||
| } | ||
| else | ||
| { | ||
| $search_filter = $search_attribute . '=' . $user; | ||
| $search_filter = $ldap_search_attribute . '=' . $user; | ||
| } | ||
|
|
||
| $result = ldap_search($this->ldap_server, $base_dn, $search_filter, array(), 0, 1, 500); | ||
| $result = ldap_search($this->ldap_server, $ldap_base_dn, $search_filter, array(), 0, 1, 500); | ||
|
|
||
| if (!$result) | ||
| { | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,16 +1,16 @@ | ||
| <?php | ||
| // LDAP parameters | ||
| $hostname = "ldap://company.com/"; | ||
| $port = 389; | ||
| $ldap_host = "ldap://company.com/"; | ||
| $ldap_port = 389; | ||
| $ldap_version = 3; | ||
|
|
||
| // Attribute use to identify user on LDAP - ex : uid, mail, sAMAccountName | ||
| $search_attribute = "uid"; | ||
| $ldap_search_attribute = "uid"; | ||
|
|
||
| // variable use in resource.php | ||
| $base = "ou=People,o=Company"; | ||
| $filter = "objectClass=*"; | ||
| $ldap_base_dn = "ou=People,o=Company"; | ||
| $ldap_filter = "objectClass=*"; | ||
|
|
||
| // ldap service user to allow search in ldap | ||
| $bind_dn = ""; | ||
| $bind_pass = ""; | ||
| $ldap_bind_dn = ""; | ||
| $ldap_bind_pass = ""; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.