Developers:HOWTO use ldap connexion 1.3.3

From OCS Inventory NG
Jump to: navigation, search

Principle of functioning of the identification LDAP

At first, it is necessary to keep the principle of creation of account in the interface OCS.

In the connection, the user is going to bring in his login and his password LDAP. The interface is going to verify that its password corresponds with the password stored in the base OCS.

If it is not the case, an interrogation LDAP is going to be made to verify that the password is valid in the directory LDAP.

The modification is also going to delete the possibility of modifying the user password

Modification of the code PHP

Update header.php

Lign : 124 after the test: if (($row->passwd != md5( $_POST["pass"])) and ($row->passwd != $_POST["pass"])) {

  • Add the following lines
// DUBREIL - 02/12/10
// LDAP CONNECTION ADD
// ORIGINE 
// $err = "</tr></table><br><center><font color=red><b>".$l->g(216)."</b></font></center>";
// unset($_SESSION["loggeduser"],$_SESSION["lvluser"]);				
		
	
$srvldap="ldap://[ldap server name]:[Port]";				
$ds=ldap_connect($srvldap);
				
// DEBUG  echo "Connection result: ".$ds."<p>";				 
// Test LDAP
if ($ds) 
{
//	LDAPv3 Utilization 
	if (ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3))
	{	
		$dn=$_POST["login"];
		$pw=$_POST["pass"];
									
		// DEBUG print ("<h1>Valeurs : ".$dn."-".$pw."<H1>");
                $r=@ldap_bind($ds,$dn,$pw);     
				
		if (($r !=TRUE) || ($pw==""))
		{
			
		// Account problem 				
			$err = "</tr></table><br><center><font color=red><b>".$l->g(216)."</b></font></center>";
			unset($_SESSION["loggeduser"],$_SESSION["lvluser"],$_SESSION["rc"]);				
	        } 
		elseif ($r == TRUE) 
		{							
			list($compte,$suffixe)=sscanf($dn,"%[^@]@%[^\n]\n");
			$nb=substr_count($suffixe, ".");
							
			// Extraction of the name and search in LDAP information user
			$tpsuffixe=$suffixe;
			$nb++;
			for ($i=0;$i<$nb;$i++)
			{				
			     list($tabsuf[$i],$tpsuffixe)=sscanf($tpsuffixe,"%[^.].%[^\n]\n");		
			}
			if (@ldap_set_option($ds, LDAP_OPT_REFERRALS, 0))
			{
				for ($i=0;$i<($nb-1);$i++)
	 	 		{
					$suffdns=$suffdns."DC=".$tabsuf[$i].",";
				}
			        $dnsearch=$suffdns."DC=".$tabsuf[$nb-1];
				$filter="CN=".$compte;
							
				$sr=ldap_search($ds,$dnsearch,$filter);
				$info = ldap_get_entries($ds, $sr);
                                if (($info[0]["givenname"][0]!="") && ($info[0]["sn"][0]!=""))
					$_SESSION["ldapinfo"]="User :".$info[0]["sn"][0]." ".$info[0]["givenname"][0];
				else 
					if ($info[0]["description"][0]!="")
						$_SESSION["ldapinfo"]="User :".$info[0]["description"][0];			
						$_SESSION["loggeduser"]=$row->id;
						$_SESSION["lvluser"]=$row->accesslvl;
						$_SESSION["ldapcnx"]=1;	// Flag Cnx LDAP
			}
		}
	}
	ldap_close($ds);
}

In the "else", lign 208 after $_SESSION["lvluser"]=$row->accesslvl;

  • Add the following lines
}
else {
	$_SESSION["loggeduser"]=$row->id;
	$_SESSION["lvluser"]=$row->accesslvl;
        
        // DUBREIL - 02/12/10
        // Ajouts
	$_SESSION["ldapcnx"]=0;
	$_SESSION["ldapinfo"]="";
}

Lign 225, just before : if ( !isset($_SESSION["loggeduser"]) && $dir = @opendir("languages")) {

  • Add the following bloc
// DUBREIL - 02/12/10
// Version Prod 
// Show LDAP info user
if ($_SESSION["ldapinfo"]!="") print ($_SESSION["ldapinfo"]."<br>");


Lign 250 after echo "<img src='image/deconnexion.png'…"

      echo "<br><br><a href=?logout>";
      echo "<img src='image/deconnexion.png' title='".$l->g(251)."' alt='".$l->g(251)."'>";
  • Add the following lines
// DUBREIL - 02/12/10
// Version Prod 
// Adding 
// Possibility of changing password only if no connection LDAP
// Adding of the test if() { }
if ($_SESSION["ldapcnx"]!=1) // Only if no connection to LDAP
{
		
	echo "</a>   <a href=index.php?multi=11>";
	echo "<img src='image/pass";
	if( $_GET["multi"] == 11 )
		echo "_a";
        	echo ".png' title='".$l->g(236)."' alt='".$l->g(236)."' width=40px>";
		echo "</a>";
	}