ldapbaseauthenticationprovider.inc.php
来自「PHP 知识管理系统(基于树结构的知识管理系统), 英文原版的PHP源码。」· PHP 代码 · 共 1,049 行 · 第 1/3 页
PHP
1,049 行
<?php
/**
* $Id: ldapbaseauthenticationprovider.inc.php 9419 2008-09-30 13:21:33Z kevin_fourie $
*
* KnowledgeTree Community Edition
* Document Management Made Simple
* Copyright (C) 2008 KnowledgeTree Inc.
* Portions copyright The Jam Warehouse Software (Pty) Limited
*
* This program is free software; you can redistribute it and/or modify it under
* the terms of the GNU General Public License version 3 as published by the
* Free Software Foundation.
*
* This program is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* You can contact KnowledgeTree Inc., PO Box 7775 #87847, San Francisco,
* California 94120-7775, or email info@knowledgetree.com.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU General Public License version 3.
*
* In accordance with Section 7(b) of the GNU General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "Powered by
* KnowledgeTree" logo and retain the original copyright notice. If the display of the
* logo is not reasonably feasible for technical reasons, the Appropriate Legal Notices
* must display the words "Powered by KnowledgeTree" and retain the original
* copyright notice.
* Contributor( s): ______________________________________
*
*/
require_once(KT_LIB_DIR . '/authentication/authenticationprovider.inc.php');
require_once(KT_LIB_DIR . '/authentication/Authenticator.inc');
class KTLDAPBaseAuthenticationProvider extends KTAuthenticationProvider {
var $sName = 'LDAP authentication provider';
var $sNamespace = 'ktstandard.authentication.ldapprovider';
var $aAttributes = array ('cn', 'samaccountname', 'givenname', 'sn', 'mail', 'mobile', 'userprincipalname', 'uid');
var $aMembershipAttributes = array ('memberOf');
// {{{ KTLDAPBaseAuthenticationProvider
function KTLDAPBaseAuthenticationProvider() {
parent::KTAuthenticationProvider();
$this->aConfigMap = array(
'servername' => _kt('LDAP Server'),
'serverport' => _kt('The LDAP server port'),
'basedn' => _kt('Base DN'),
'searchuser' => _kt('LDAP Search User'),
'searchpassword' => _kt('LDAP Search Password'),
'searchattributes' => _kt('Search Attributes'),
'objectclasses' => _kt('Object Classes'),
'tls' => _kt('Use Transaction Layer Security (TLS)'),
);
}
// }}}
// {{{ showSource
function showSource($oSource) {
$aConfig = unserialize($oSource->getConfig());
if (empty($aConfig)) {
$aConfig = array();
}
$sRet = "<dl>\n";
foreach ($this->aConfigMap as $sSettingName => $sName) {
$sRet .= " <dt>$sName</dt>\n";
$sValue = KTUtil::arrayGet($aConfig, $sSettingName, _kt("Unset"), false);
if (is_array($sValue)) {
$sRet .= " <dd>" . join("<br />", $sValue) . "</dd>\n";
} else if (is_bool($sValue)) {
if ($sValue === true) {
$sRet .= " <dd>" . _kt('True') . "</dd>\n";
} else {
$sRet .= " <dd>" . _kt('False') . "</dd>\n";
}
} else if ($sSettingName == 'searchpassword') {
$sRet .= " <dd><em>*** Hidden ***</em></dd>\n";
} else {
$sRet .= " <dd>" . $sValue . "</dd>\n";
}
}
$sRet .= "</dl>\n";
return $sRet;
}
// }}}
// {{{ showUserSource
function showUserSource($oUser, $oSource) {
return '<a href="' . KTUtil::addQueryStringSelf('action=editUserSource&user_id=' . $oUser->getId()) . '">' . _kt('Edit LDAP info') . '</a>';
}
// }}}
// {{{ do_editUserSource
function do_editUserSource() {
$submit = KTUtil::arrayGet($_REQUEST, 'submit');
if (KTUtil::arrayGet($submit, 'save')) {
return $this->_do_saveUserSource();
}
$user_id = KTUtil::arrayGet($_REQUEST, 'user_id');
$oUser =& $this->oValidator->validateUser($user_id);
$this->oPage->setBreadcrumbDetails(_kt("editing LDAP details"));
$oTemplate = $this->oValidator->validateTemplate('ktstandard/authentication/ldapedituser');
$oAuthenticationSource = KTAuthenticationSource::getForUser($oUser);
$dn = $oUser->getAuthenticationDetails();
$fields = array();
$fields[] = new KTStringWidget(_kt('Distinguished name'), _kt('The location of this user in the LDAP tree'), 'dn', $dn, $this->oPage, true);
$aTemplateData = array(
'context' => &$this,
'fields' => $fields,
'user' => $oUser,
);
return $oTemplate->render($aTemplateData);
}
// }}}
// {{{ _do_saveUserSource
function _do_saveUserSource() {
$user_id = KTUtil::arrayGet($_REQUEST, 'user_id');
$oUser =& $this->oValidator->validateUser($user_id);
$dn = KTUtil::arrayGet($_REQUEST, 'dn', "");
if (empty($dn)) {
$this->errorRedirecToMain("Failed to validate LDAP details");
}
$oUser->setAuthenticationDetails($dn);
$oUser->update();
$this->successRedirectTo("editUser", _kt("Details updated"),
sprintf('user_id=%d', $oUser->getId()));
}
// }}}
// {{{ do_editSourceProvider
function do_editSourceProvider() {
require_once(KT_LIB_DIR . '/widgets/fieldWidgets.php');
$this->oPage->setBreadcrumbDetails(_kt("editing LDAP settings"));
$oTemplate = $this->oValidator->validateTemplate('ktstandard/authentication/ldapeditsource');
$iSourceId = KTUtil::arrayGet($_REQUEST, 'source_id');
$oSource = KTAuthenticationSource::get($iSourceId);
$aConfig = unserialize($oSource->getConfig());
if (empty($aConfig)) {
$aConfig = array('serverport'=>389);
}
$aConfig['searchattributes'] = KTUtil::arrayGet($aConfig, 'searchattributes', split(',', 'cn,mail,sAMAccountName'));
$aConfig['objectclasses'] = KTUtil::arrayGet($aConfig, 'objectclasses', split(',', 'user,inetOrgPerson,posixAccount'));
$fields = array();
$fields[] = new KTStringWidget(_kt('Server name'), _kt('The host name or IP address of the LDAP server'), 'servername', $aConfig['servername'], $this->oPage, true);
$fields[] = new KTIntegerWidget(_kt('Server Port'), _kt('The port of the LDAP server (default: 389)'), 'serverport', $aConfig['serverport'], $this->oPage, true);
$fields[] = new KTCheckboxWidget(_kt('Use Transaction Layer Security (TLS)'), _kt('Whether to use Transaction Layer Security (TLS), which encrypts traffic to and from the LDAP server'), 'tls_bool', $aConfig['tls'], $this->oPage, true);
$fields[] = new KTStringWidget(_kt('Base DN'), _kt('The location in the LDAP directory to start searching from (CN=Users,DC=mycorp,DC=com)'), 'basedn', $aConfig['basedn'], $this->oPage, true);
$fields[] = new KTStringWidget(_kt('Search User'), _kt('The user account in the LDAP directory to perform searches in the LDAP directory as (such as CN=searchUser,CN=Users,DC=mycorp,DC=com or searchUser@mycorp.com)'), 'searchuser', $aConfig['searchuser'], $this->oPage, true);
$fields[] = new KTPasswordWidget(_kt('Search Password'), _kt('The password for the user account in the LDAP directory that performs searches'), 'searchpassword', $aConfig['searchpassword'], $this->oPage, true);
$aOptions = array(
'rows' => 7,
'cols' => 25,
);
$fields[] = new KTTextWidget(_kt('Search Attributes'), _kt('The LDAP attributes to use to search for users when given their name (one per line, examples: <strong>cn</strong>, <strong>mail</strong>)'), 'searchattributes_nls', join("\n", $aConfig['searchattributes']), $this->oPage, true, null, null, $aOptions);
$fields[] = new KTTextWidget(_kt('Object Classes'), _kt('The LDAP object classes to search for users (one per line, example: <strong>user</strong>, <strong>inetOrgPerson</strong>, <strong>posixAccount</strong>)'), 'objectclasses_nls', join("\n", $aConfig['objectclasses']), $this->oPage, true, null, null, $aOptions);
$aTemplateData = array(
'context' => &$this,
'fields' => $fields,
'source' => $oSource,
);
return $oTemplate->render($aTemplateData);
}
// }}}
// {{{ do_performEditSourceProvider
function do_performEditSourceProvider() {
$iSourceId = KTUtil::arrayGet($_REQUEST, 'source_id');
$oSource = KTAuthenticationSource::get($iSourceId);
$aConfig = unserialize($oSource->getConfig());
$aConfig['searchattributes'] = KTUtil::arrayGet($aConfig, 'searchattributes', split(',', 'cn,mail,sAMAccountName'));
$aConfig['objectclasses'] = KTUtil::arrayGet($aConfig, 'objectclasses', split(',', 'user,inetOrgPerson,posixAccount'));
$aConfig['tls'] = false;
$aConfig['serverport'] =389;
foreach ($this->aConfigMap as $k => $v) {
$sValue = KTUtil::arrayGet($_REQUEST, $k . '_nls');
if ($sValue) {
$nls_array = split("\n", $sValue);
$final_array = array();
foreach ($nls_array as $nls_item) {
$nls_item = trim($nls_item);
if (empty($nls_item)) {
continue;
}
$final_array[] = $nls_item;
}
$aConfig[$k] = $final_array;
continue;
}
if (array_key_exists($k . '_bool', $_REQUEST)) {
if ($_REQUEST[$k . '_bool']) {
$aConfig[$k] = true;
} else {
$aConfig[$k] = false;
}
continue;
}
$sValue = KTUtil::arrayGet($_REQUEST, $k);
if ($sValue) {
$aConfig[$k] = $sValue;
}
}
$oSource->setConfig(serialize($aConfig));
$res = $oSource->update();
//force a commit here to keep any data entered into the fields
//when redirected to the do_editSourceProvider function above the $oSource object will
//now contain the information entered by the user.
if ($this->bTransactionStarted) {
$this->commitTransaction();
}
$aErrorOptions = array(
'redirect_to' => array('editSourceProvider', sprintf('source_id=%d', $oSource->getId())),
);
$aErrorOptions['message'] = _kt("No server name provided");
$sName = KTUtil::arrayGet($_REQUEST, 'servername');
$sName = $this->oValidator->validateString($sName, $aErrorOptions);
$aErrorOptions['message'] = _kt("No Base DN provided");
$sName = KTUtil::arrayGet($_REQUEST, 'basedn');
$sName = $this->oValidator->validateString($sName, $aErrorOptions);
$aErrorOptions['message'] = _kt("No Search User provided");
$sName = KTUtil::arrayGet($_REQUEST, 'searchuser');
$sName = $this->oValidator->validateString($sName, $aErrorOptions);
$aErrorOptions['message'] = _kt("No Search Password provided");
$sName = KTUtil::arrayGet($_REQUEST, 'searchpassword');
$sName = $this->oValidator->validateString($sName, $aErrorOptions);
$aErrorOptions['message'] = _kt("No Search Attributes provided");
$sName = KTUtil::arrayGet($_REQUEST, 'searchattributes_nls');
$sName = $this->oValidator->validateString($sName, $aErrorOptions);
$aErrorOptions['message'] = _kt("No Object Classes provided");
$sName = KTUtil::arrayGet($_REQUEST, 'objectclasses_nls');
$sName = $this->oValidator->validateString($sName, $aErrorOptions);
$this->successRedirectTo('viewsource', _kt("Configuration updated"), 'source_id=' . $oSource->getId());
}
// }}}
// {{{ getAuthenticator
function &getAuthenticator($oSource) {
return new $this->sAuthenticatorClass($oSource);
}
// }}}
// {{{ _do_editUserFromSource
function _do_editUserFromSource() {
$oTemplate = $this->oValidator->validateTemplate('ktstandard/authentication/ldapadduser');
$oSource =& KTAuthenticationSource::get($_REQUEST['source_id']);
$id = KTUtil::arrayGet($_REQUEST, 'id');
$aConfig = unserialize($oSource->getConfig());
$oAuthenticator = $this->getAuthenticator($oSource);
$aResults = $oAuthenticator->getUser($id);
$aErrorOptions = array(
'message' => _kt('Could not find user in LDAP server'),
);
$this->oValidator->notError($aResults);
$sUserName = $aResults[$this->aAttributes[1]];
// If the SAMAccountName is empty then use the UserPrincipalName (UPN) to find the username.
// The UPN is normally the username @ the internet domain
if(empty($sUserName)) {
$sUpn = $aResults[$this->aAttributes[6]];
$aUpn = explode('@', $sUpn);
$sUserName = $aUpn[0];
}
$fields = array();
$fields[] = new KTStaticTextWidget(_kt('LDAP DN'), _kt('The location of the user within the LDAP directory.'), 'dn', $id, $this->oPage);
$fields[] = new KTStringWidget(_kt('Username'), sprintf(_kt('The username the user will enter to gain access to %s. e.g. <strong>jsmith</strong>'), APP_NAME), 'ldap_username', $sUserName, $this->oPage, true);
$fields[] = new KTStringWidget(_kt('Name'), _kt('The full name of the user. This is shown in reports and listings. e.g. <strong>John Smith</strong>'), 'name', $aResults[$this->aAttributes[0]], $this->oPage, true);
$fields[] = new KTStringWidget(_kt('Email Address'), _kt('The email address of the user. Notifications and alerts are mailed to this address if <strong>email notifications</strong> is set below. e.g. <strong>jsmith@acme.com</strong>'), 'email_address', $aResults[$this->aAttributes[4]], $this->oPage, false);
$fields[] = new KTCheckboxWidget(_kt('Email Notifications'), _kt('If this is specified then the user will have notifications sent to the email address entered above. If it is not set, then the user will only see notifications on the <strong>Dashboard</strong>'), 'email_notifications', true, $this->oPage, false);
$fields[] = new KTStringWidget(_kt('Mobile Number'), _kt('The mobile phone number of the user. e.g. <strong>999 9999 999</strong>'), 'mobile_number', $aResults[$this->aAttributes[5]], $this->oPage, false);
$fields[] = new KTStringWidget(_kt('Maximum Sessions'), _kt('As a safety precaution, it is useful to limit the number of times a given account can log in, before logging out. This prevents a single account being used by many different people.'), 'max_sessions', '3', $this->oPage, true);
$aTemplateData = array(
'context' => &$this,
'fields' => $fields,
'source' => $oSource,
'search_results' => $aSearchResults,
'dn' => $id,
'samaccountname' => $aResults['samaccountname'],
);
return $oTemplate->render($aTemplateData);
}
// }}}
// {{{ _do_createUserFromSource
function _do_createUserFromSource() {
$oSource =& KTAuthenticationSource::get($_REQUEST['source_id']);
$dn = KTUtil::arrayGet($_REQUEST, 'dn');
$samaccountname = KTUtil::arrayGet($_REQUEST, 'samaccountname');
$name = KTUtil::arrayGet($_REQUEST, 'name');
if (empty($name)) { $this->errorRedirectToMain(_kt('You must specify a name for the user.')); }
$username = KTUtil::arrayGet($_REQUEST, 'ldap_username');
if (empty($username)) { $this->errorRedirectToMain(_kt('You must specify a new username.')); }
$dupUser =& User::getByUserName($username);
if(!PEAR::isError($dupUser)) {
$this->errorRedirectToMain(_kt("A user with that username already exists"));
}
$email_address = KTUtil::arrayGet($_REQUEST, 'email_address');
$email_notifications = KTUtil::arrayGet($_REQUEST, 'email_notifications', false);
if ($email_notifications !== false) $email_notifications = true;
$mobile_number = KTUtil::arrayGet($_REQUEST, 'mobile_number');
$max_sessions = KTUtil::arrayGet($_REQUEST, 'max_sessions', '3');
// FIXME check for numeric max_sessions... db-error else?
$oUser =& User::createFromArray(array(
"Username" => $username,
"Name" => $name,
"Email" => $email_address,
"EmailNotification" => $email_notifications,
"SmsNotification" => false, // FIXME do we auto-act if the user has a mobile?
"MaxSessions" => $max_sessions,
"authenticationsourceid" => $oSource->getId(),
"authenticationdetails" => $dn,
"authenticationdetails2" => $samaccountname,
"password" => "",
));
if (PEAR::isError($oUser) || ($oUser == false)) {
⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?