Sincronizacion ldap
This commit is contained in:
parent
0b28f71e0d
commit
b6bd44c98f
|
@ -1,4 +1,4 @@
|
|||
hedera-web (1.405.17) stable; urgency=low
|
||||
hedera-web (1.405.18) stable; urgency=low
|
||||
|
||||
* Initial Release.
|
||||
|
||||
|
|
|
@ -2,45 +2,45 @@
|
|||
|
||||
class Account
|
||||
{
|
||||
static function trySync ($db, $user, $password = NULL)
|
||||
static function trySync ($db, $userName, $password = NULL)
|
||||
{
|
||||
$isSync = $db->getValue (
|
||||
'SELECT sync FROM account.user WHERE name = #',
|
||||
[$user]
|
||||
[$userName]
|
||||
);
|
||||
|
||||
if ($isSync)
|
||||
return;
|
||||
|
||||
self::sync ($db, $user, $password);
|
||||
self::sync ($db, $userName, $password);
|
||||
}
|
||||
|
||||
static function sync ($db, $user, $password = NULL, $force = TRUE)
|
||||
static function sync ($db, $userName, $password = NULL, $force = TRUE)
|
||||
{
|
||||
$hasAccount = $db->getValue (
|
||||
'SELECT COUNT(*) > 0
|
||||
FROM account.user u
|
||||
JOIN account.account a ON u.id = a.id
|
||||
WHERE u.name = #',
|
||||
[$user]
|
||||
[$userName]
|
||||
);
|
||||
|
||||
if ($hasAccount)
|
||||
{
|
||||
self::ldapSync ($db, $user, $password);
|
||||
self::sambaSync ($db, $user, $password);
|
||||
self::ldapSync ($db, $userName, $password);
|
||||
self::sambaSync ($db, $userName, $password);
|
||||
}
|
||||
|
||||
$db->query (
|
||||
'UPDATE account.user SET sync = TRUE WHERE name = #',
|
||||
[$user]
|
||||
[$userName]
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Synchronizes the user credentials in the LDAP server.
|
||||
*/
|
||||
static function ldapSync ($db, $user, $password)
|
||||
static function ldapSync ($db, $userName, $password)
|
||||
{
|
||||
if (empty ($password))
|
||||
return;
|
||||
|
@ -64,43 +64,79 @@ class Account
|
|||
if (!$bind)
|
||||
throw new Exception ("Authentication failed on LDAP server: ". ldapError ($ds));
|
||||
|
||||
// Prepares the data
|
||||
|
||||
$domain = $db->getValue ('SELECT domain FROM account.mailConfig');
|
||||
|
||||
$user = $db->getObject (
|
||||
'SELECT id, nickname, lang
|
||||
FROM account.user
|
||||
WHERE name = #',
|
||||
[$userName]
|
||||
);
|
||||
|
||||
$info = [
|
||||
'cn' => $userName,
|
||||
'sn' => $userName,
|
||||
'displayName' => $user->nickname,
|
||||
'mail' => "$userName@{$domain}",
|
||||
'userPassword' => sshaEncode ($password),
|
||||
'preferredLanguage' => $user->lang
|
||||
];
|
||||
|
||||
// Search the user entry
|
||||
|
||||
$res = ldap_search ($ds, $conf->baseDn, "(&(uid=$user)($conf->filter))");
|
||||
$filter = "uid=$userName";
|
||||
|
||||
if (!empty($conf->filter))
|
||||
$filter = "(&($filter)($conf->filter))";
|
||||
|
||||
$res = ldap_search ($ds, $conf->baseDn, $filter);
|
||||
|
||||
if (!$res)
|
||||
throw new Exception ("Can't get the LDAP entry: ". ldapError ($ds));
|
||||
|
||||
$dn = "uid=$user,{$conf->baseDn}";
|
||||
$dn = "uid=$userName,{$conf->baseDn}";
|
||||
$entry = ldap_first_entry ($ds, $res);
|
||||
|
||||
$classes = ldap_get_values ($ds, $entry, 'objectClass');
|
||||
|
||||
if (!in_array ('inetOrgPerson', $classes))
|
||||
{
|
||||
ldap_delete ($ds, $dn);
|
||||
$entry = NULL;
|
||||
}
|
||||
|
||||
if ($entry)
|
||||
{
|
||||
$info = ['userPassword' => sshaEncode ($password)];
|
||||
ldap_modify ($ds, $dn, $info);
|
||||
$updated = ldap_modify ($ds, $dn, $info);
|
||||
}
|
||||
else
|
||||
{
|
||||
$info = [
|
||||
'objectClass' => ['account', 'simpleSecurityObject', 'top'],
|
||||
'uid' => $user,
|
||||
'userPassword' => sshaEncode ($password)
|
||||
];
|
||||
ldap_add ($ds, $dn, $info);
|
||||
$info = array_merge ($info, [
|
||||
'objectClass' => ['inetOrgPerson'],
|
||||
'uid' => $userName
|
||||
]);
|
||||
$updated = ldap_add ($ds, $dn, $info);
|
||||
}
|
||||
|
||||
if (!$updated)
|
||||
throw new Exception ("Can't update the LDAP entry: ". ldapError ($ds));
|
||||
|
||||
ldap_unbind ($ds);
|
||||
}
|
||||
|
||||
/**
|
||||
* Synchronizes the user credentials in the Samba server.
|
||||
*/
|
||||
static function sambaSync ($db, $user, $password)
|
||||
static function sambaSync ($db, $userName, $password)
|
||||
{
|
||||
$conf = $db->getObject (
|
||||
'SELECT host, sshUser, sshPass, domain, uidBase
|
||||
'SELECT host, sshUser, sshPass, uidBase
|
||||
FROM account.sambaConfig'
|
||||
);
|
||||
|
||||
$domain = $db->getValue ('SELECT domain FROM account.mailConfig');
|
||||
|
||||
$samba = new SshConnection ($conf->host
|
||||
,$conf->sshUser
|
||||
|
@ -112,12 +148,12 @@ class Account
|
|||
// Creates the Samba user and initializes it's home directory
|
||||
|
||||
$userId = $db->getValue (
|
||||
'SELECT id FROM account.user WHERE name = #', [$user]);
|
||||
'SELECT id FROM account.user WHERE name = #', [$userName]);
|
||||
|
||||
$samba->exec ("$scriptDir/create-user.sh %s %s %s"
|
||||
,$user
|
||||
,$userName
|
||||
,$conf->uidBase + $userId
|
||||
,"$user@{$conf->domain}"
|
||||
,"$userName@{$domain}"
|
||||
);
|
||||
|
||||
// Syncronizes the Samba password
|
||||
|
@ -126,7 +162,7 @@ class Account
|
|||
return;
|
||||
|
||||
$samba->exec ("$scriptDir/set-password.sh %s %s"
|
||||
,$user
|
||||
,$userName
|
||||
,$password
|
||||
);
|
||||
}
|
||||
|
|
|
@ -12,7 +12,10 @@ class Login extends Vn\Web\JsonRequest
|
|||
,$_POST['password']
|
||||
);
|
||||
}
|
||||
catch (Exception $e) {}
|
||||
catch (Exception $e)
|
||||
{
|
||||
error_log ($e->getMessage());
|
||||
}
|
||||
|
||||
$token = $this->service->createToken (
|
||||
$_SESSION['user'],
|
||||
|
|
Loading…
Reference in New Issue