| Line 1... |
Line 1... |
| 1 |
<?php
|
1 |
<?php
|
| 2 |
# $Id: ldap.php 2710 2019-03-05 23:37:17Z tom.houdayer $
|
2 |
# $Id: ldap.php 2714 2019-03-10 23:43:22Z tom.houdayer $
|
| 3 |
|
3 |
|
| 4 |
/* written by steweb57, Rexy & Tom HOUDAYER */
|
4 |
/* written by steweb57, Rexy & Tom HOUDAYER */
|
| 5 |
/****************************************************************
|
5 |
/****************************************************************
|
| 6 |
* GLOBAL FILE PATHS *
|
6 |
* GLOBAL FILE PATHS *
|
| 7 |
*****************************************************************/
|
7 |
*****************************************************************/
|
| Line 126... |
Line 126... |
| 126 |
$l_ldap_entries = "entries in the base";
|
126 |
$l_ldap_entries = "entries in the base";
|
| 127 |
$l_check = "Check this config";
|
127 |
$l_check = "Check this config";
|
| 128 |
$l_checkingConf = "Checking this configuration...";
|
128 |
$l_checkingConf = "Checking this configuration...";
|
| 129 |
}
|
129 |
}
|
| 130 |
|
130 |
|
| 131 |
function ldap_checkServerConfig($f_ldap_server, $f_ldap_identity, $f_ldap_password, $f_ldap_basedn, $f_ldap_uid, $f_ldap_ssl, $f_ldap_cert, $f_ldap_cert_required) {
|
131 |
function ldap_checkServerConfig($f_ldap_server, $f_ldap_identity, $f_ldap_password, $f_ldap_basedn, $f_ldap_base_filter, $f_ldap_uid, $f_ldap_ssl, $f_ldap_cert, $f_ldap_cert_required) {
|
| 132 |
// Socket to the LDAP port of the server
|
132 |
// Socket to the LDAP port of the server
|
| 133 |
if (!$sock = @fsockopen($f_ldap_server, (($f_ldap_ssl) ? 636 : 389), $num, $error, 2)) {
|
133 |
if (!$sock = @fsockopen($f_ldap_server, (($f_ldap_ssl) ? 636 : 389), $num, $error, 2)) {
|
| 134 |
// no network connection
|
134 |
// no network connection
|
| 135 |
return -2;
|
135 |
return -2;
|
| 136 |
}
|
136 |
}
|
| Line 169... |
Line 169... |
| 169 |
return 0;
|
169 |
return 0;
|
| 170 |
}
|
170 |
}
|
| 171 |
}
|
171 |
}
|
| 172 |
|
172 |
|
| 173 |
// if ok, try to query the directory of users
|
173 |
// if ok, try to query the directory of users
|
| - |
|
174 |
$filter = ((!empty($f_ldap_base_filter)) ? $f_ldap_base_filter : '&');
|
| 174 |
$query = $f_ldap_uid.'=*';
|
175 |
$query = "(&($f_ldap_uid=*)($filter))";
|
| 175 |
$ldap_result = @ldap_search($ldapconn, $f_ldap_basedn, $query);
|
176 |
$ldap_result = @ldap_search($ldapconn, $f_ldap_basedn, $query);
|
| 176 |
if ($ldap_result) {
|
177 |
if ($ldap_result) {
|
| 177 |
$ldap_users_count = ldap_count_entries($ldapconn, $ldap_result);
|
178 |
$ldap_users_count = ldap_count_entries($ldapconn, $ldap_result);
|
| 178 |
return ($ldap_users_count + 2);
|
179 |
return ($ldap_users_count + 2);
|
| 179 |
} else {
|
180 |
} else {
|
| Line 298... |
Line 299... |
| 298 |
}
|
299 |
}
|
| 299 |
|
300 |
|
| 300 |
if (!empty($varErrors)) {
|
301 |
if (!empty($varErrors)) {
|
| 301 |
$response['errors'] = $varErrors;
|
302 |
$response['errors'] = $varErrors;
|
| 302 |
} else {
|
303 |
} else {
|
| 303 |
$result = ldap_checkServerConfig($ldap_server, $ldap_user, $ldap_password, $ldap_base_dn, $ldap_uid, $ldap_ssl, $ldap_cert_tmpFilename, $ldap_cert_required);
|
304 |
$result = ldap_checkServerConfig($ldap_server, $ldap_user, $ldap_password, $ldap_base_dn, $ldap_base_filter, $ldap_uid, $ldap_ssl, $ldap_cert_tmpFilename, $ldap_cert_required);
|
| 304 |
|
305 |
|
| 305 |
if (($result === 0) && ($ldap_ssl && $ldap_cert_required && ((isset($ldap_cert) && ($ldap_cert['error'] === UPLOAD_ERR_OK)) || (file_exists($LDAPS_CERT_LOC))))) {
|
306 |
if (($result === 0) && ($ldap_ssl && $ldap_cert_required && ((isset($ldap_cert) && ($ldap_cert['error'] === UPLOAD_ERR_OK)) || (file_exists($LDAPS_CERT_LOC))))) {
|
| 306 |
if (filter_var($ldap_server, FILTER_VALIDATE_IP) !== false) {
|
307 |
if (filter_var($ldap_server, FILTER_VALIDATE_IP) !== false) {
|
| 307 |
if (isset($ldap_cert) && ($ldap_cert['error'] === UPLOAD_ERR_OK)) {
|
308 |
if (isset($ldap_cert) && ($ldap_cert['error'] === UPLOAD_ERR_OK)) {
|
| 308 |
$certificateInfos = openssl_x509_parse(file_get_contents($ldap_cert['tmp_name']));
|
309 |
$certificateInfos = openssl_x509_parse(file_get_contents($ldap_cert['tmp_name']));
|
| Line 313... |
Line 314... |
| 313 |
$cert_domainName = implode('.', array_reverse($matches[1]));
|
314 |
$cert_domainName = implode('.', array_reverse($matches[1]));
|
| 314 |
if ($cert_domainName !== $ldap_server) {
|
315 |
if ($cert_domainName !== $ldap_server) {
|
| 315 |
$response['warnings'][] = str_replace("§cert_domainName§", $cert_domainName, $l_ldap_cert_cn_diff_dn);
|
316 |
$response['warnings'][] = str_replace("§cert_domainName§", $cert_domainName, $l_ldap_cert_cn_diff_dn);
|
| 316 |
}
|
317 |
}
|
| 317 |
}
|
318 |
}
|
| 318 |
$res = ldap_checkServerConfig($cert_domainName, $ldap_user, $ldap_password, $ldap_base_dn, $ldap_uid, $ldap_ssl, $ldap_cert_tmpFilename, $ldap_cert_required);
|
319 |
$res = ldap_checkServerConfig($cert_domainName, $ldap_user, $ldap_password, $ldap_base_dn, $ldap_base_filter, $ldap_uid, $ldap_ssl, $ldap_cert_tmpFilename, $ldap_cert_required);
|
| 319 |
if ($res > 1) {
|
320 |
if ($res > 1) {
|
| 320 |
$result = $res;
|
321 |
$result = $res;
|
| 321 |
}
|
322 |
}
|
| 322 |
$result = max($result, $res);
|
323 |
$result = max($result, $res);
|
| 323 |
}
|
324 |
}
|