ldapbaseauthenticationprovider.inc.php
来自「PHP 知识管理系统(基于树结构的知识管理系统), 英文原版的PHP源码。」· PHP 代码 · 共 1,049 行 · 第 1/3 页
PHP
1,049 行
$this->errorRedirectToMain(_kt("failed to create user") . ": " . $oUser->message);
exit(0);
}
$this->successRedirectToMain(_kt('Created new user') . ': ' . $oUser->getUsername());
exit(0);
}
// }}}
// {{{ _do_massCreateUsers
function _do_massCreateUsers() {
$aIds = KTUtil::arrayGet($_REQUEST, 'id');
$oSource =& KTAuthenticationSource::get($_REQUEST['source_id']);
$oAuthenticator = $this->getAuthenticator($oSource);
$aNames = array();
foreach ($aIds as $sId) {
$aResults = $oAuthenticator->getUser($sId);
$dn = $sId;
$sUserName = $aResults[$this->aAttributes[1]];
// With LDAP, if the 'uid' is null then try using the 'givenname' instead.
// See activedirectoryauthenticationprovider.inc.php and ldapauthenticationprovider.inc.php for details.
if($this->sAuthenticatorClass == "KTLDAPAuthenticator" && empty($sUserName)) {
$sUserName = strtolower($aResults[$this->aAttributes[2]]);
}
$sName = $aResults[$this->aAttributes[0]];
$sEmailAddress = $aResults[$this->aAttributes[4]];
$sMobileNumber = $aResults[$this->aAttributes[5]];
// If the user already exists append some text so the admin can see the duplicates.
$appending = true;
while($appending) {
if(!PEAR::isError(User::getByUserName($sUserName))) {
$sUserName = $sUserName . "_DUPLICATE";
$appending = true;
} else $appending = false;
}
$oUser = User::createFromArray(array(
"Username" => $sUserName,
"Name" => $sName,
"Email" => $sEmailAddress,
"EmailNotification" => true,
"SmsNotification" => false, // FIXME do we auto-act if the user has a mobile?
"MaxSessions" => 3,
"authenticationsourceid" => $oSource->getId(),
"authenticationdetails" => $dn,
"authenticationdetails2" => $sUserName,
"password" => "",
));
$aNames[] = $sName;
}
$this->successRedirectToMain(_kt("Added users") . ": " . join(', ', $aNames));
}
// }}}
// {{{ do_addUserFromSource
function do_addUserFromSource() {
$submit = KTUtil::arrayGet($_REQUEST, 'submit');
if (!is_array($submit)) {
$submit = array();
}
// Check if its a mass import
$massimport = KTUtil::arrayGet($_REQUEST, 'massimport');
$isMassImport = ($massimport == 'on') ? true : false;
if (KTUtil::arrayGet($submit, 'chosen')) {
$id = KTUtil::arrayGet($_REQUEST, 'id');
if (!empty($id)) {
if ($isMassImport) {
return $this->_do_massCreateUsers();
} else {
return $this->_do_editUserFromSource();
}
} else {
$this->oPage->addError(_kt("No valid LDAP user chosen"));
}
}
if (KTUtil::arrayGet($submit, 'create')) {
return $this->_do_createUserFromSource();
}
$oSource =& KTAuthenticationSource::get($_REQUEST['source_id']);
$oTemplate = $this->oValidator->validateTemplate('ktstandard/authentication/ldapsearchuser');
$fields = array();
$fields[] = new KTStringWidget(_kt("User's name"), _kt("The user's name, or part thereof, to find the user that you wish to add"), 'ldap_name', '', $this->oPage, true);
$fields[] = new KTCheckboxWidget(_kt("Mass import"),
_kt("Allow for multiple users to be selected to be added (will not get to manually verify the details if selected)").'.<br>'.
_kt('The list may be long and take some time to load if the search is not filtered and there are a number of users in the system.')
, 'massimport', $isMassImport, $this->oPage, true);
$oAuthenticator = $this->getAuthenticator($oSource);
$name = KTUtil::arrayGet($_REQUEST, 'ldap_name');
if (!empty($name) || $isMassImport) {
$aSearchResults = $oAuthenticator->searchUsers($name, array('cn', 'dn', $sIdentifierField));
if (PEAR::isError($aSearchResults)) {
$this->oPage->addError($aSearchResults->getMessage());
$aSearchResults = null;
}
if (is_array($aSearchResults)) {
$aSearchResultsKeys = array_keys($aSearchResults);
$aSearchDNs = array();
foreach ($aSearchResultsKeys as $k) {
if (is_array($aSearchResults[$k]['cn'])) {
$aSearchResults[$k]['cn'] = $aSearchResults[$k]['cn'][0];
}
$aSearchDNs[$k] = "'".$aSearchResults[$k]['dn']."'";
}
$sDNs = implode(',', $aSearchDNs);
$query = "SELECT id, authentication_details_s1 AS dn FROM users
WHERE authentication_details_s1 IN ($sDNs)";
$aCurUsers = DBUtil::getResultArray($query);
// If the user has already been added, then remove from the list
if(!PEAR::isError($aCurUsers) && !empty($aCurUsers)){
foreach($aCurUsers as $item){
$key = array_search("'".$item['dn']."'", $aSearchDNs);
$aKeys[] = $key;
unset($aSearchResults[$key]);
}
}
}
}
$aTemplateData = array(
'context' => &$this,
'fields' => $fields,
'source' => $oSource,
'search_results' => $aSearchResults,
'identifier_field' => $sIdentifierField,
'massimport' => $massimport,
);
return $oTemplate->render($aTemplateData);
}
// }}}
// {{{ do_addGroupFromSource
function do_addGroupFromSource() {
$submit = KTUtil::arrayGet($_REQUEST, 'submit');
if (!is_array($submit)) {
$submit = array();
}
if (KTUtil::arrayGet($submit, 'chosen')) {
$id = KTUtil::arrayGet($_REQUEST, 'id');
if (!empty($id)) {
return $this->_do_editGroupFromSource();
} else {
$this->oPage->addError(_kt("No valid LDAP group chosen"));
}
}
if (KTUtil::arrayGet($submit, 'create')) {
return $this->_do_createGroupFromSource();
}
$oSource =& KTAuthenticationSource::get($_REQUEST['source_id']);
$oTemplate = $this->oValidator->validateTemplate('ktstandard/authentication/ldapsearchgroup');
$fields = array();
$fields[] = new KTStringWidget(_kt("Group's name"), _kt("The group's name, or part thereof, to find the group that you wish to add"), 'name', '', $this->oPage, true);
$name = KTUtil::arrayGet($_REQUEST, 'name');
if (!empty($name)) {
$oAuthenticator = $this->getAuthenticator($oSource);
$aSearchResults = $oAuthenticator->searchGroups($name);
if(PEAR::isError($aSearchResults)){
$this->addErrorMessage($aSearchResults->getMessage());
$aSearchResults = array();
}
}
$aTemplateData = array(
'context' => &$this,
'fields' => $fields,
'source' => $oSource,
'search_results' => $aSearchResults,
'identifier_field' => 'displayName',
);
return $oTemplate->render($aTemplateData);
}
// }}}
// {{{ _do_editGroupFromSource
function _do_editGroupFromSource() {
$oTemplate = $this->oValidator->validateTemplate('ktstandard/authentication/ldapaddgroup');
$oSource =& KTAuthenticationSource::get($_REQUEST['source_id']);
$id = KTUtil::arrayGet($_REQUEST, 'id');
$aConfig = unserialize($oSource->getConfig());
$oAuthenticator = $this->getAuthenticator($oSource);
$aAttributes = $oAuthenticator->getGroup($id);
$fields = array();
$fields[] = new KTStaticTextWidget(_kt('LDAP DN'), _kt('The location of the group within the LDAP directory.'), 'dn', $aAttributes['dn'], $this->oPage);
$fields[] = new KTStringWidget(_kt('Group Name'), sprintf(_kt('The name the group will enter to gain access to %s. e.g. <strong>accountants</strong>'), APP_NAME), 'ldap_groupname', $aAttributes['cn'], $this->oPage, true);
$fields[] = new KTCheckboxWidget(_kt('Unit Administrators'), _kt('Should all the members of this group be given <strong>unit</strong> administration privileges?'), 'is_unitadmin', false, $this->oPage, false);
$fields[] = new KTCheckboxWidget(_kt('System Administrators'), _kt('Should all the members of this group be given <strong>system</strong> administration privileges?'), 'is_sysadmin', false, $this->oPage, false);
$aTemplateData = array(
'context' => &$this,
'fields' => $fields,
'source' => $oSource,
'search_results' => $aSearchResults,
'dn' => $aAttributes['dn'],
);
return $oTemplate->render($aTemplateData);
}
// }}}
// {{{ _do_createGroupFromSource
function _do_createGroupFromSource() {
$oSource =& KTAuthenticationSource::get($_REQUEST['source_id']);
$dn = KTUtil::arrayGet($_REQUEST, 'dn');
$name = KTUtil::arrayGet($_REQUEST, 'ldap_groupname');
if (empty($name)) { $this->errorRedirectToMain(_kt('You must specify a name for the group.')); }
$is_unitadmin = KTUtil::arrayGet($_REQUEST, 'is_unitadmin', false);
$is_sysadmin = KTUtil::arrayGet($_REQUEST, 'is_sysadmin', false);
$oGroup =& Group::createFromArray(array(
"name" => $name,
"isunitadmin" => $is_unitadmin,
"issysadmin" => $is_sysadmin,
"authenticationdetails" => $dn,
"authenticationsourceid" => $oSource->getId(),
));
if (PEAR::isError($oGroup) || ($oGroup == false)) {
$this->errorRedirectToMain(_kt("failed to create group."));
exit(0);
}
$oAuthenticator = $this->getAuthenticator($oSource);
$oAuthenticator->synchroniseGroup($oGroup);
$this->successRedirectToMain(_kt('Created new group') . ': ' . $oGroup->getName());
exit(0);
}
// }}}
// {{{ autoSignup
function autoSignup($sUsername, $sPassword, $aExtra, $oSource) {
$oAuthenticator =& $this->getAuthenticator($oSource);
$dn = $oAuthenticator->checkSignupPassword($sUsername, $sPassword);
if (PEAR::isError($dn)) {
return;
}
if (!is_string($dn)) {
return;
}
if (empty($dn)) {
return;
}
$aResults = $oAuthenticator->getUser($dn);
$sUserName = $aResults[$this->aAttributes[1]];
$sName = $aResults[$this->aAttributes[0]];
$sEmailAddress = $aResults[$this->aAttributes[4]];
$sMobileNumber = $aResults[$this->aAttributes[5]];
$oUser = User::createFromArray(array(
"Username" => $sUserName,
"Name" => $sName,
"Email" => $sEmailAddress,
"EmailNotification" => true,
"SmsNotification" => false, // FIXME do we auto-act if the user has a mobile?
"MaxSessions" => 3,
"authenticationsourceid" => $oSource->getId(),
"authenticationdetails" => $dn,
"authenticationdetails2" => $sUserName,
"password" => "",
));
if (PEAR::isError($oUser)) {
return;
}
if (!is_a($oUser, 'User')) {
return;
}
$this->_createSignupGroups($dn, $oSource);
return $oUser;
}
function _createSignupGroups($dn, $oSource) {
$config = KTConfig::getSingleton();
$createGroups = $config->get('ldapAuthentication/autoGroupCreation', true);
if (!$createGroups)
{
return;
}
$oAuthenticator =& $this->getAuthenticator($oSource);
$aGroupDNs = $oAuthenticator->getGroups($dn);
if(PEAR::isError($aGroupDNs) || empty($aGroupDNs)) return;
foreach ($aGroupDNs as $sGroupDN) {
$oGroup = Group::getByAuthenticationSourceAndDetails($oSource, $sGroupDN);
if (PEAR::isError($oGroup)) {
$oGroup = $this->_createGroup($sGroupDN, $oSource);
if (PEAR::isError($oGroup)) {
continue;
}
}
$oAuthenticator->synchroniseGroup($oGroup);
}
}
function _createGroup($dn, $oSource) {
$oAuthenticator =& $this->getAuthenticator($oSource);
$aGroupDetails = $oAuthenticator->getGroup($dn);
$name = $aGroupDetails['cn'];
$oGroup =& Group::createFromArray(array(
"name" => $name,
"isunitadmin" => false,
"issysadmin" => false,
"authenticationdetails" => $dn,
"authenticationsourceid" => $oSource->getId(),
));
return $oGroup;
}
}
class KTLDAPBaseAuthenticator extends Authenticator {
/**
* The LDAP server to connect to
*/
var $sLdapServer;
var $iLdapPort;
/**
* The base LDAP DN to perform authentication against
*/
var $sBaseDN;
/**
* The LDAP accessor class
*/
var $oLdap;
function KTLDAPBaseAuthenticator($oSource) {
$this->oSource =& KTUtil::getObject('KTAuthenticationSource', $oSource);
$aConfig = unserialize($this->oSource->getConfig());
⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?