欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页

LDAP配置在testlink中(mark一下) ldap testlink 

程序员文章站 2024-03-20 15:52:16
...
was able to add this feature by making the following changes:

in user.class.php I eliminated the self::isPasswordMgmtExternal test in comparePassword and encryptPassword

in doAuthorize.php I changed the auth_does_password_match function

function auth_does_password_match(&$user,$cleartext_password)
{
    $authCfg = config_get('authentication');
      $ret = new stdClass();
    $ret->status_ok = true;
    $ret->msg = 'ok';

    if ('LDAP' == $authCfg['method'])
    {
        $msg[ERROR_LDAP_AUTH_FAILED] = lang_get('error_ldap_auth_failed');
        $msg[ERROR_LDAP_SERVER_CONNECT_FAILED] = lang_get('error_ldap_server_connect_failed');
        $msg[ERROR_LDAP_UPDATE_FAILED] = lang_get('error_ldap_update_failed');
        $msg[ERROR_LDAP_USER_NOT_FOUND] = lang_get('error_ldap_user_not_found');
        $msg[ERROR_LDAP_BIND_FAILED] = lang_get('error_ldap_bind_failed');
       
        $xx = ldap_authenticate($user->login, $cleartext_password);
        // if the LDAP fails for any reason then check the local
        if($xx->status_ok)
        {
            // LDAP authenticated
            $ret->status_ok = $xx->status_ok;
            $ret->msg = $msg[$xx->status_code];
        }
        else
        {
            //LDAP failed - try the local DB
            if ($user->comparePassword($cleartext_password) != tl::OK)
            {
                // LDAP pass back the original LDAP error if the local db does not authenticate
                $ret->status_ok = $xx->status_ok;
                $ret->msg = $msg[$xx->status_code];
            }
        }

    }

    else // normal database password compare
    {
        if ($user->comparePassword($cleartext_password) != tl::OK)
            $ret->status_ok = false;
    }
   
    return $ret;
}


//////////////////////////////////////////////////////
In our environment we use LDAP for our general users and we create special administrative users using local ids. I have noticed a few requests for this in the forums.

I have updated the code below to support checking only when the LDAP user is not found.

function auth_does_password_match(&$user,$cleartext_password)
{
    $authCfg = config_get('authentication');
      $ret = new stdClass();
    $ret->status_ok = true;
    $ret->msg = 'ok';

    if ('LDAP' == $authCfg['method'])
    {
        $msg[ERROR_LDAP_AUTH_FAILED] = lang_get('error_ldap_auth_failed');
        $msg[ERROR_LDAP_SERVER_CONNECT_FAILED] = lang_get('error_ldap_server_connect_failed');
        $msg[ERROR_LDAP_UPDATE_FAILED] = lang_get('error_ldap_update_failed');
        $msg[ERROR_LDAP_USER_NOT_FOUND] = lang_get('error_ldap_user_not_found');
        $msg[ERROR_LDAP_BIND_FAILED] = lang_get('error_ldap_bind_failed');
       
        $xx = ldap_authenticate($user->login, $cleartext_password);
        // if the LDAP fails for any reason then check the local
        if($xx->status_ok)
        {
            // LDAP authenticated
            $ret->status_ok = $xx->status_ok;
            $ret->msg = $msg[$xx->status_code];
        }
        else
        {
            // user not found in LDAP - try the local DB
        if($xx->status_code == ERROR_LDAP_USER_NOT_FOUND)
        {
                if ($user->comparePassword($cleartext_password) != tl::OK)
                {
                    // LDAP pass back the original LDAP error if the local db does not authenticate
                    $ret->status_ok = $xx->status_ok;
                    $ret->msg = $msg[$xx->status_code];
                }
        }
        else
        {
                // LDAP pass back the original LDAP error if the local db does not authenticate
                $ret->status_ok = $xx->status_ok;
                $ret->msg = $msg[$xx->status_code];
        }
        }

    }
    else // normal database password compare
    {
        if ($user->comparePassword($cleartext_password) != tl::OK)
            $ret->status_ok = false;
    }
   
    return $ret;
}
相关标签: ldap testlink