Sincronizacion ldap

This commit is contained in:
Juan Ferrer Toribio 2017-11-28 16:07:21 +01:00
parent 0b28f71e0d
commit b6bd44c98f
3 changed files with 66 additions and 27 deletions

2
debian/changelog vendored
View File

@ -1,4 +1,4 @@
hedera-web (1.405.17) stable; urgency=low
hedera-web (1.405.18) stable; urgency=low
* Initial Release.

View File

@ -2,45 +2,45 @@
class Account
{
static function trySync ($db, $user, $password = NULL)
static function trySync ($db, $userName, $password = NULL)
{
$isSync = $db->getValue (
'SELECT sync FROM account.user WHERE name = #',
[$user]
[$userName]
);
if ($isSync)
return;
self::sync ($db, $user, $password);
self::sync ($db, $userName, $password);
}
static function sync ($db, $user, $password = NULL, $force = TRUE)
static function sync ($db, $userName, $password = NULL, $force = TRUE)
{
$hasAccount = $db->getValue (
'SELECT COUNT(*) > 0
FROM account.user u
JOIN account.account a ON u.id = a.id
WHERE u.name = #',
[$user]
[$userName]
);
if ($hasAccount)
{
self::ldapSync ($db, $user, $password);
self::sambaSync ($db, $user, $password);
self::ldapSync ($db, $userName, $password);
self::sambaSync ($db, $userName, $password);
}
$db->query (
'UPDATE account.user SET sync = TRUE WHERE name = #',
[$user]
[$userName]
);
}
/**
* Synchronizes the user credentials in the LDAP server.
*/
static function ldapSync ($db, $user, $password)
static function ldapSync ($db, $userName, $password)
{
if (empty ($password))
return;
@ -64,43 +64,79 @@ class Account
if (!$bind)
throw new Exception ("Authentication failed on LDAP server: ". ldapError ($ds));
// Prepares the data
$domain = $db->getValue ('SELECT domain FROM account.mailConfig');
$user = $db->getObject (
'SELECT id, nickname, lang
FROM account.user
WHERE name = #',
[$userName]
);
$info = [
'cn' => $userName,
'sn' => $userName,
'displayName' => $user->nickname,
'mail' => "$userName@{$domain}",
'userPassword' => sshaEncode ($password),
'preferredLanguage' => $user->lang
];
// Search the user entry
$res = ldap_search ($ds, $conf->baseDn, "(&(uid=$user)($conf->filter))");
$filter = "uid=$userName";
if (!empty($conf->filter))
$filter = "(&($filter)($conf->filter))";
$res = ldap_search ($ds, $conf->baseDn, $filter);
if (!$res)
throw new Exception ("Can't get the LDAP entry: ". ldapError ($ds));
$dn = "uid=$user,{$conf->baseDn}";
$dn = "uid=$userName,{$conf->baseDn}";
$entry = ldap_first_entry ($ds, $res);
$classes = ldap_get_values ($ds, $entry, 'objectClass');
if (!in_array ('inetOrgPerson', $classes))
{
ldap_delete ($ds, $dn);
$entry = NULL;
}
if ($entry)
{
$info = ['userPassword' => sshaEncode ($password)];
ldap_modify ($ds, $dn, $info);
$updated = ldap_modify ($ds, $dn, $info);
}
else
{
$info = [
'objectClass' => ['account', 'simpleSecurityObject', 'top'],
'uid' => $user,
'userPassword' => sshaEncode ($password)
];
ldap_add ($ds, $dn, $info);
$info = array_merge ($info, [
'objectClass' => ['inetOrgPerson'],
'uid' => $userName
]);
$updated = ldap_add ($ds, $dn, $info);
}
if (!$updated)
throw new Exception ("Can't update the LDAP entry: ". ldapError ($ds));
ldap_unbind ($ds);
}
/**
* Synchronizes the user credentials in the Samba server.
*/
static function sambaSync ($db, $user, $password)
static function sambaSync ($db, $userName, $password)
{
$conf = $db->getObject (
'SELECT host, sshUser, sshPass, domain, uidBase
'SELECT host, sshUser, sshPass, uidBase
FROM account.sambaConfig'
);
$domain = $db->getValue ('SELECT domain FROM account.mailConfig');
$samba = new SshConnection ($conf->host
,$conf->sshUser
@ -112,12 +148,12 @@ class Account
// Creates the Samba user and initializes it's home directory
$userId = $db->getValue (
'SELECT id FROM account.user WHERE name = #', [$user]);
'SELECT id FROM account.user WHERE name = #', [$userName]);
$samba->exec ("$scriptDir/create-user.sh %s %s %s"
,$user
,$userName
,$conf->uidBase + $userId
,"$user@{$conf->domain}"
,"$userName@{$domain}"
);
// Syncronizes the Samba password
@ -126,7 +162,7 @@ class Account
return;
$samba->exec ("$scriptDir/set-password.sh %s %s"
,$user
,$userName
,$password
);
}

View File

@ -12,7 +12,10 @@ class Login extends Vn\Web\JsonRequest
,$_POST['password']
);
}
catch (Exception $e) {}
catch (Exception $e)
{
error_log ($e->getMessage());
}
$token = $this->service->createToken (
$_SESSION['user'],