Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added support for LDAP. #1124

Open
wants to merge 45 commits into
base: master
Choose a base branch
from
Open
Changes from 1 commit
Commits
Show all changes
45 commits
Select commit Hold shift + click to select a range
9ef2ecc
add SMTP email sending, LDAP authentication with auto user creation
epsilon-0 Jul 4, 2022
74e92aa
Added support for LDAP filters and attribute search
El-Virus Jul 19, 2022
6cc928e
Removed new field hiding system and changed LDAP and SMTP parameters …
El-Virus Jul 19, 2022
32aeff2
Add support for LDAP Groups, minor fixes
El-Virus Jul 20, 2022
16922d2
Added Morphology hook to Standard Settings Controller of Baikal Admin.
El-Virus Jul 24, 2022
75dbdf1
Merge commit '9ef2ecc184c72332f142061452f261e117d60986'
El-Virus Jul 24, 2022
7b2bb3e
Merge commit '74e92aa3c48bc3cdce3d16e3b3fc552cd8cc9318'
El-Virus Jul 24, 2022
e8237c9
Merge commit '6cc928e050a77789622a8d450ac60ebba76fe254'
El-Virus Jul 24, 2022
7abdc21
Merge commit '32aeff23ef9bd05d07a7d22a775501c9e36ad47b'
El-Virus Jul 24, 2022
11fd40d
Added missing refresh on "WebDAV authentication type" change
El-Virus Jul 24, 2022
248a4a8
Fix LDAP.php, according to linter.
El-Virus Jul 24, 2022
9806378
Fix Standard.php, according to linter.
El-Virus Jul 24, 2022
4eb5981
Fix (BaikalAdmin) Standard.php, according to linter.
El-Virus Jul 24, 2022
996ea8d
Added Curly Braces to if statements.
El-Virus Jul 28, 2022
7d6067f
Added a couple of missing spaces
El-Virus Jul 28, 2022
42a926b
Added quotation marks surrounding url, and a period.
El-Virus Jul 30, 2022
25741a6
Fixed https://github.com/sabre-io/Baikal/pull/1124#issuecomment-12394…
El-Virus Sep 7, 2022
d9c9d3d
Fixed linter errors
El-Virus Sep 7, 2022
7fda407
fix the patternReplace function
epsilon-0 Sep 7, 2022
34bc4a9
LDAP bind Password hidden
El-Virus Sep 8, 2022
e8b2178
Merge pull request #1 from bsd-ac/LDAP
El-Virus Sep 8, 2022
3e6ab43
Fix LDAP.php, according to linter.
El-Virus Sep 8, 2022
38ca1f0
Epsilon0's merge fix
El-Virus Sep 8, 2022
f8d25b4
Merge remote-tracking branch 'refs/remotes/upstream/master'
El-Virus Oct 9, 2022
3d3e756
Actually allow LDAP bind password to be set
El-Virus Oct 15, 2022
6e455eb
Added LDAP Config Struct and default LDAP Params to dist config.
El-Virus Oct 16, 2022
9a175df
Fix LDAP.php, according to linter.
El-Virus Oct 16, 2022
0bfa4a8
Moved Structs folder to correct location.
El-Virus Oct 16, 2022
8633f78
Fix LDAPConfig.php, according to linter.
El-Virus Oct 16, 2022
b7d68b3
Added empty value on config set safeguard.
El-Virus Oct 17, 2022
bf0288f
Fix LDAP.php's license
El-Virus Oct 30, 2022
4fb8397
Fix LDAPConfig.php's license
El-Virus Oct 30, 2022
171dab0
Changed copyright notice. Added check for empty bind password.
El-Virus Nov 4, 2022
8885a9f
Changed $username to $dn
El-Virus Nov 20, 2022
3f4c6a7
Removed an article from a settings label
El-Virus Dec 31, 2022
8583553
Removed an article from a settings label
El-Virus Dec 31, 2022
afb5d38
Added slash to ldap_connect
El-Virus Dec 31, 2022
de8e4ff
Fixed typo in settings
El-Virus Dec 31, 2022
12b4121
Remove articles from config page.
El-Virus Dec 31, 2022
b492d70
Fixed 'Undefined array key 0' on incorrect username
El-Virus Jan 13, 2023
cd967f1
Added check for LDAP extension availability
El-Virus Jan 13, 2023
4b3213a
Fix LDAP.php, according to linter
El-Virus Jan 13, 2023
3677285
Merge commit 'aa7e340113545f8be18b6e8c44d001fc4e684526'
El-Virus Jun 23, 2023
d62f271
Applied standard settings morphology hook to initialization wizard.
El-Virus Jun 23, 2023
d576221
Merge remote-tracking branch 'refs/remotes/upstream/master'
El-Virus Aug 4, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
El-Virus committed Sep 7, 2022
commit 25741a69c903038966276ba0e0a533a582202b22
10 changes: 7 additions & 3 deletions Core/Frameworks/Baikal/Core/LDAP.php
Original file line number Diff line number Diff line change
@@ -2,6 +2,8 @@

namespace Baikal\Core;

use Exception;

/**
* This is an authentication backend that uses ldap.
*
@@ -173,7 +175,7 @@ protected function doesBind(&$conn, $dn, $password) {
* @param string $ldap_cn
* @param string $ldap_mail
*/
public function __construct(\PDO $pdo, $table_name = 'users', $ldap_mode = 'DN', $ldap_uri = 'ldap://127.0.0.1', $ldap_bind_dn = 'cn=baikal,ou=apps,dc=example,dc=com', $ldap_bind_password = '', $ldap_dn = 'mail=%u', $ldap_cn = 'cn', $ldap_mail = 'mail', $ldap_search_base = 'ou=users,dc=example,dc=com', $ldap_search_attribute = 'uid=%U', $ldap_search_filter = '(objectClass=*)', $ldap_group = 'cn=baikal,ou=groups,dc=example,dc=com') {
public function __construct(\PDO $pdo, $table_name, $ldap_mode, $ldap_uri, $ldap_bind_dn, $ldap_bind_password, $ldap_dn, $ldap_cn, $ldap_mail, $ldap_search_base, $ldap_search_attribute, $ldap_search_filter, $ldap_group) {
$this->pdo = $pdo;
$this->table_name = $table_name;
$this->ldap_mode = $ldap_mode;
@@ -221,13 +223,15 @@ protected function ldapOpen($username, $password) {
$attribute = $this->ldap_search_attribute;
$this->patternReplace($attribute, $username);

$result = ldap_get_entries($conn, ldap_search($conn, $this->ldap_search_base, '(' . $attribute . ')', [explode('=', $attribute, 2)[0]], 0, 1, 0, LDAP_DEREF_ALWAYS, []))[0];
$result = ldap_get_entries($conn, ldap_search($conn, $this->ldap_search_base, '(' . $attribute . ')',
[explode('=', $attribute, 2)[0]], 0, 1, 0, LDAP_DEREF_ALWAYS, []))[0];

$dn = $result["dn"];

if ($this->ldap_mode == 'Group') {
$inGroup = false;
$members = ldap_get_entries($conn, ldap_read($conn, $this->ldap_group, '(objectClass=*)', ['member', 'uniqueMember'], 0, 0, 0, LDAP_DEREF_NEVER, []))[0];
$members = ldap_get_entries($conn, ldap_read($conn, $this->ldap_group, '(objectClass=*)',
['member', 'uniqueMember'], 0, 0, 0, LDAP_DEREF_NEVER, []))[0];
if (isset($members["member"])) {
foreach ($members["member"] as $member) {
if ($member == $result["dn"]) {
41 changes: 22 additions & 19 deletions Core/Frameworks/Baikal/Model/Config/Standard.php
Original file line number Diff line number Diff line change
@@ -36,6 +36,7 @@ class Standard extends \Baikal\Model\Config {
"timezone" => "Europe/Paris",
"card_enabled" => true,
"cal_enabled" => true,
"admin_passwordhash" => "",
"dav_auth_type" => "Digest",
"ldap_mode" => "None",
"ldap_uri" => "ldap://127.0.0.1",
@@ -48,7 +49,6 @@ class Standard extends \Baikal\Model\Config {
"ldap_search_attribute" => "uid=%U",
"ldap_search_filter" => "(objectClass=*)",
"ldap_group" => "cn=baikal,ou=groups,dc=example,dc=com",
"admin_passwordhash" => "",
"failed_access_message" => "user %u authentication failure for Baikal",
// While not editable as will change admin & any existing user passwords,
// could be set to different value when migrating from legacy config
@@ -81,12 +81,24 @@ function formMorphologyForThisModelInstance() {
"label" => "Enable CalDAV",
]));


$oMorpho->add(new \Formal\Element\Text([
"prop" => "invite_from",
"label" => "Email invite sender address",
"help" => "Leave empty to disable sending invite emails",
]));

$oMorpho->add(new \Formal\Element\Password([
"prop" => "admin_passwordhash",
"label" => "Admin password",
]));

$oMorpho->add(new \Formal\Element\Password([
"prop" => "admin_passwordhash_confirm",
"label" => "Admin password, confirmation",
"validation" => "sameas:admin_passwordhash",
]));

$oMorpho->add(new \Formal\Element\Listbox([
"prop" => "dav_auth_type",
"label" => "WebDAV authentication type",
@@ -103,7 +115,7 @@ function formMorphologyForThisModelInstance() {

$oMorpho->add(new \Formal\Element\Text([
"prop" => "ldap_uri",
"label" => "URI of the LDAP server; default ldap://127.0.0.1",
"label" => "URI of the LDAP server",
]));

$oMorpho->add(new \Formal\Element\Text([
@@ -118,17 +130,18 @@ function formMorphologyForThisModelInstance() {

$oMorpho->add(new \Formal\Element\Text([
"prop" => "ldap_dn",
"label" => "User DN for bind; with replacments %u => username, %U => user part, %d => domain part of username, %1-9 parts of the domain in reverse order",
"label" => "User DN for bind",
"help" => "Replacments: %u => username, %U => user part, %d => domain part of username, %1-9 parts of the domain in reverse order",
]));

$oMorpho->add(new \Formal\Element\Text([
"prop" => "ldap_cn",
"label" => "LDAP-attribute for displayname; default cn",
"label" => "LDAP-attribute for displayname",
]));

$oMorpho->add(new \Formal\Element\Text([
"prop" => "ldap_mail",
"label" => "LDAP-attribute for email; default mail",
"label" => "LDAP-attribute for email",
]));

$oMorpho->add(new \Formal\Element\Text([
@@ -138,28 +151,18 @@ function formMorphologyForThisModelInstance() {

$oMorpho->add(new \Formal\Element\Text([
"prop" => "ldap_search_attribute",
"label" => "Attribute and match the user with.; with replacments %u => username, %U => user part, %d => domain part of username, %1-9 parts of the domain in reverse order",
"label" => "Attribute and match the user with",
El-Virus marked this conversation as resolved.
Show resolved Hide resolved
"help" => "Replacments: %u => username, %U => user part, %d => domain part of username, %1-9 parts of the domain in reverse order",
]));

$oMorpho->add(new \Formal\Element\Text([
"prop" => "ldap_search_filter",
"label" => "The LDAP filter to be applied to the search.",
"label" => "The LDAP filter to be applied to the search",
El-Virus marked this conversation as resolved.
Show resolved Hide resolved
]));

$oMorpho->add(new \Formal\Element\Text([
"prop" => "ldap_group",
"label" => "The Group DN that contains the member atribute of the user.",
]));

$oMorpho->add(new \Formal\Element\Password([
"prop" => "admin_passwordhash",
"label" => "Admin password",
]));

$oMorpho->add(new \Formal\Element\Password([
"prop" => "admin_passwordhash_confirm",
"label" => "Admin password, confirmation",
"validation" => "sameas:admin_passwordhash",
"label" => "The Group DN that contains the member atribute of the user",
El-Virus marked this conversation as resolved.
Show resolved Hide resolved
]));
El-Virus marked this conversation as resolved.
Show resolved Hide resolved

try {
Original file line number Diff line number Diff line change
@@ -102,6 +102,7 @@ function morphologyHook(\Formal\Form $oForm, \Formal\Form\Morphology $oMorpho) {
error_log('Unknown LDAP mode: ' . $sLDAPm);
}
} else {
$oMorpho->remove("ldap_uri");
$oMorpho->remove("ldap_mode");
$oMorpho->remove("ldap_bind_dn");
$oMorpho->remove("ldap_bind_password");