wbuezas
/
hedera-web-mindshore
forked from verdnatura/hedera-web
0
1
Fork 0
Code Pull Requests Activity

Sincronizacion ldap

This commit is contained in:
Juan Ferrer Toribio 2017-11-28 16:07:21 +01:00
parent 0b28f71e0d
commit b6bd44c98f
3 changed files with 66 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
debian/changelog vendored
View File

@ -1,4 +1,4 @@
hedera-web (1.405.17) stable; urgency=low hedera-web (1.405.18) stable; urgency=low
* Initial Release. * Initial Release.

86
rest/core/account.php
View File

@ -2,45 +2,45 @@
class Account class Account
{ {
static function trySync ($db, $user, $password = NULL) static function trySync ($db, $userName, $password = NULL)
{ {
$isSync = $db->getValue ( $isSync = $db->getValue (
'SELECT sync FROM account.user WHERE name = #', 'SELECT sync FROM account.user WHERE name = #',
[$user] [$userName]
); );
if ($isSync) if ($isSync)
return; return;
self::sync ($db, $user, $password); self::sync ($db, $userName, $password);
} }
static function sync ($db, $user, $password = NULL, $force = TRUE) static function sync ($db, $userName, $password = NULL, $force = TRUE)
{ {
$hasAccount = $db->getValue ( $hasAccount = $db->getValue (
'SELECT COUNT(*) > 0 'SELECT COUNT(*) > 0
FROM account.user u FROM account.user u
JOIN account.account a ON u.id = a.id JOIN account.account a ON u.id = a.id
WHERE u.name = #', WHERE u.name = #',
[$user] [$userName]
); );
if ($hasAccount) if ($hasAccount)
{ {
self::ldapSync ($db, $user, $password); self::ldapSync ($db, $userName, $password);
self::sambaSync ($db, $user, $password); self::sambaSync ($db, $userName, $password);
} }
$db->query ( $db->query (
'UPDATE account.user SET sync = TRUE WHERE name = #', 'UPDATE account.user SET sync = TRUE WHERE name = #',
[$user] [$userName]
); );
} }
/** /**
* Synchronizes the user credentials in the LDAP server. * Synchronizes the user credentials in the LDAP server.
*/ */
static function ldapSync ($db, $user, $password) static function ldapSync ($db, $userName, $password)
{ {
if (empty ($password)) if (empty ($password))
return; return;
@ -64,44 +64,80 @@ class Account
if (!$bind) if (!$bind)
throw new Exception ("Authentication failed on LDAP server: ". ldapError ($ds)); throw new Exception ("Authentication failed on LDAP server: ". ldapError ($ds));
// Prepares the data
$domain = $db->getValue ('SELECT domain FROM account.mailConfig');
$user = $db->getObject (
'SELECT id, nickname, lang
FROM account.user
WHERE name = #',
[$userName]
);
$info = [
'cn' => $userName,
'sn' => $userName,
'displayName' => $user->nickname,
'mail' => "$userName@{$domain}",
'userPassword' => sshaEncode ($password),
'preferredLanguage' => $user->lang
];
// Search the user entry // Search the user entry
$res = ldap_search ($ds, $conf->baseDn, "(&(uid=$user)($conf->filter))"); $filter = "uid=$userName";
if (!empty($conf->filter))
$filter = "(&($filter)($conf->filter))";
$res = ldap_search ($ds, $conf->baseDn, $filter);
if (!$res) if (!$res)
throw new Exception ("Can't get the LDAP entry: ". ldapError ($ds)); throw new Exception ("Can't get the LDAP entry: ". ldapError ($ds));
$dn = "uid=$user,{$conf->baseDn}"; $dn = "uid=$userName,{$conf->baseDn}";
$entry = ldap_first_entry ($ds, $res); $entry = ldap_first_entry ($ds, $res);
$classes = ldap_get_values ($ds, $entry, 'objectClass');
if (!in_array ('inetOrgPerson', $classes))
{
ldap_delete ($ds, $dn);
$entry = NULL;
}
if ($entry) if ($entry)
{ {
$info = ['userPassword' => sshaEncode ($password)]; $updated = ldap_modify ($ds, $dn, $info);
ldap_modify ($ds, $dn, $info);
} }
else else
{ {
$info = [ $info = array_merge ($info, [
'objectClass' => ['account', 'simpleSecurityObject', 'top'], 'objectClass' => ['inetOrgPerson'],
'uid' => $user, 'uid' => $userName
'userPassword' => sshaEncode ($password) ]);
]; $updated = ldap_add ($ds, $dn, $info);
ldap_add ($ds, $dn, $info);
} }
if (!$updated)
throw new Exception ("Can't update the LDAP entry: ". ldapError ($ds));
ldap_unbind ($ds); ldap_unbind ($ds);
} }
/** /**
* Synchronizes the user credentials in the Samba server. * Synchronizes the user credentials in the Samba server.
*/ */
static function sambaSync ($db, $user, $password) static function sambaSync ($db, $userName, $password)
{ {
$conf = $db->getObject ( $conf = $db->getObject (
'SELECT host, sshUser, sshPass, domain, uidBase 'SELECT host, sshUser, sshPass, uidBase
FROM account.sambaConfig' FROM account.sambaConfig'
); );
$domain = $db->getValue ('SELECT domain FROM account.mailConfig');
$samba = new SshConnection ($conf->host $samba = new SshConnection ($conf->host
,$conf->sshUser ,$conf->sshUser
,base64_decode ($conf->sshPass) ,base64_decode ($conf->sshPass)
@ -112,12 +148,12 @@ class Account
// Creates the Samba user and initializes it's home directory // Creates the Samba user and initializes it's home directory
$userId = $db->getValue ( $userId = $db->getValue (
'SELECT id FROM account.user WHERE name = #', [$user]); 'SELECT id FROM account.user WHERE name = #', [$userName]);
$samba->exec ("$scriptDir/create-user.sh %s %s %s" $samba->exec ("$scriptDir/create-user.sh %s %s %s"
,$user ,$userName
,$conf->uidBase + $userId ,$conf->uidBase + $userId
,"$user@{$conf->domain}" ,"$userName@{$domain}"
); );
// Syncronizes the Samba password // Syncronizes the Samba password
@ -126,7 +162,7 @@ class Account
return; return;
$samba->exec ("$scriptDir/set-password.sh %s %s" $samba->exec ("$scriptDir/set-password.sh %s %s"
,$user ,$userName
,$password ,$password
); );
} }

5
rest/core/login.php
View File

@ -12,7 +12,10 @@ class Login extends Vn\Web\JsonRequest
,$_POST['password'] ,$_POST['password']
); );
} }
catch (Exception $e) {} catch (Exception $e)
{
error_log ($e->getMessage());
}
$token = $this->service->createToken ( $token = $this->service->createToken (
$_SESSION['user'], $_SESSION['user'],