LDAP配置在testlink中(mark一下) ldap testlink
程序员文章站
2024-03-20 15:52:16
...
was able to add this feature by making the following changes:
in user.class.php I eliminated the self::isPasswordMgmtExternal test in comparePassword and encryptPassword
in doAuthorize.php I changed the auth_does_password_match function
function auth_does_password_match(&$user,$cleartext_password)
{
$authCfg = config_get('authentication');
$ret = new stdClass();
$ret->status_ok = true;
$ret->msg = 'ok';
if ('LDAP' == $authCfg['method'])
{
$msg[ERROR_LDAP_AUTH_FAILED] = lang_get('error_ldap_auth_failed');
$msg[ERROR_LDAP_SERVER_CONNECT_FAILED] = lang_get('error_ldap_server_connect_failed');
$msg[ERROR_LDAP_UPDATE_FAILED] = lang_get('error_ldap_update_failed');
$msg[ERROR_LDAP_USER_NOT_FOUND] = lang_get('error_ldap_user_not_found');
$msg[ERROR_LDAP_BIND_FAILED] = lang_get('error_ldap_bind_failed');
$xx = ldap_authenticate($user->login, $cleartext_password);
// if the LDAP fails for any reason then check the local
if($xx->status_ok)
{
// LDAP authenticated
$ret->status_ok = $xx->status_ok;
$ret->msg = $msg[$xx->status_code];
}
else
{
//LDAP failed - try the local DB
if ($user->comparePassword($cleartext_password) != tl::OK)
{
// LDAP pass back the original LDAP error if the local db does not authenticate
$ret->status_ok = $xx->status_ok;
$ret->msg = $msg[$xx->status_code];
}
}
}
else // normal database password compare
{
if ($user->comparePassword($cleartext_password) != tl::OK)
$ret->status_ok = false;
}
return $ret;
}
//////////////////////////////////////////////////////
In our environment we use LDAP for our general users and we create special administrative users using local ids. I have noticed a few requests for this in the forums.
I have updated the code below to support checking only when the LDAP user is not found.
function auth_does_password_match(&$user,$cleartext_password)
{
$authCfg = config_get('authentication');
$ret = new stdClass();
$ret->status_ok = true;
$ret->msg = 'ok';
if ('LDAP' == $authCfg['method'])
{
$msg[ERROR_LDAP_AUTH_FAILED] = lang_get('error_ldap_auth_failed');
$msg[ERROR_LDAP_SERVER_CONNECT_FAILED] = lang_get('error_ldap_server_connect_failed');
$msg[ERROR_LDAP_UPDATE_FAILED] = lang_get('error_ldap_update_failed');
$msg[ERROR_LDAP_USER_NOT_FOUND] = lang_get('error_ldap_user_not_found');
$msg[ERROR_LDAP_BIND_FAILED] = lang_get('error_ldap_bind_failed');
$xx = ldap_authenticate($user->login, $cleartext_password);
// if the LDAP fails for any reason then check the local
if($xx->status_ok)
{
// LDAP authenticated
$ret->status_ok = $xx->status_ok;
$ret->msg = $msg[$xx->status_code];
}
else
{
// user not found in LDAP - try the local DB
if($xx->status_code == ERROR_LDAP_USER_NOT_FOUND)
{
if ($user->comparePassword($cleartext_password) != tl::OK)
{
// LDAP pass back the original LDAP error if the local db does not authenticate
$ret->status_ok = $xx->status_ok;
$ret->msg = $msg[$xx->status_code];
}
}
else
{
// LDAP pass back the original LDAP error if the local db does not authenticate
$ret->status_ok = $xx->status_ok;
$ret->msg = $msg[$xx->status_code];
}
}
}
else // normal database password compare
{
if ($user->comparePassword($cleartext_password) != tl::OK)
$ret->status_ok = false;
}
return $ret;
}
in user.class.php I eliminated the self::isPasswordMgmtExternal test in comparePassword and encryptPassword
in doAuthorize.php I changed the auth_does_password_match function
function auth_does_password_match(&$user,$cleartext_password)
{
$authCfg = config_get('authentication');
$ret = new stdClass();
$ret->status_ok = true;
$ret->msg = 'ok';
if ('LDAP' == $authCfg['method'])
{
$msg[ERROR_LDAP_AUTH_FAILED] = lang_get('error_ldap_auth_failed');
$msg[ERROR_LDAP_SERVER_CONNECT_FAILED] = lang_get('error_ldap_server_connect_failed');
$msg[ERROR_LDAP_UPDATE_FAILED] = lang_get('error_ldap_update_failed');
$msg[ERROR_LDAP_USER_NOT_FOUND] = lang_get('error_ldap_user_not_found');
$msg[ERROR_LDAP_BIND_FAILED] = lang_get('error_ldap_bind_failed');
$xx = ldap_authenticate($user->login, $cleartext_password);
// if the LDAP fails for any reason then check the local
if($xx->status_ok)
{
// LDAP authenticated
$ret->status_ok = $xx->status_ok;
$ret->msg = $msg[$xx->status_code];
}
else
{
//LDAP failed - try the local DB
if ($user->comparePassword($cleartext_password) != tl::OK)
{
// LDAP pass back the original LDAP error if the local db does not authenticate
$ret->status_ok = $xx->status_ok;
$ret->msg = $msg[$xx->status_code];
}
}
}
else // normal database password compare
{
if ($user->comparePassword($cleartext_password) != tl::OK)
$ret->status_ok = false;
}
return $ret;
}
//////////////////////////////////////////////////////
In our environment we use LDAP for our general users and we create special administrative users using local ids. I have noticed a few requests for this in the forums.
I have updated the code below to support checking only when the LDAP user is not found.
function auth_does_password_match(&$user,$cleartext_password)
{
$authCfg = config_get('authentication');
$ret = new stdClass();
$ret->status_ok = true;
$ret->msg = 'ok';
if ('LDAP' == $authCfg['method'])
{
$msg[ERROR_LDAP_AUTH_FAILED] = lang_get('error_ldap_auth_failed');
$msg[ERROR_LDAP_SERVER_CONNECT_FAILED] = lang_get('error_ldap_server_connect_failed');
$msg[ERROR_LDAP_UPDATE_FAILED] = lang_get('error_ldap_update_failed');
$msg[ERROR_LDAP_USER_NOT_FOUND] = lang_get('error_ldap_user_not_found');
$msg[ERROR_LDAP_BIND_FAILED] = lang_get('error_ldap_bind_failed');
$xx = ldap_authenticate($user->login, $cleartext_password);
// if the LDAP fails for any reason then check the local
if($xx->status_ok)
{
// LDAP authenticated
$ret->status_ok = $xx->status_ok;
$ret->msg = $msg[$xx->status_code];
}
else
{
// user not found in LDAP - try the local DB
if($xx->status_code == ERROR_LDAP_USER_NOT_FOUND)
{
if ($user->comparePassword($cleartext_password) != tl::OK)
{
// LDAP pass back the original LDAP error if the local db does not authenticate
$ret->status_ok = $xx->status_ok;
$ret->msg = $msg[$xx->status_code];
}
}
else
{
// LDAP pass back the original LDAP error if the local db does not authenticate
$ret->status_ok = $xx->status_ok;
$ret->msg = $msg[$xx->status_code];
}
}
}
else // normal database password compare
{
if ($user->comparePassword($cleartext_password) != tl::OK)
$ret->status_ok = false;
}
return $ret;
}