mirror of
https://we.phorge.it/source/phorge.git
synced 2024-09-19 16:58:48 +02:00
Support searching for users to find their LDAP entry
Summary: - the current LDAP auth flow expects a DN to look like cn=ossareh,ou=Users,dc=example,dc=com - however many LDAP setups have their dn look something like cn=Mike Ossareh,ou=Users,dc=example,dc=com Test Plan: Test if logins work with a LDAP setup which has cn=Full Name instead of cn=username. To test you should ensure you set the properties needed to trigger the search before login as detailed in conf/default.conf.php Reviewers: epriestley CC: mbeck, aran, Korvin Differential Revision: https://secure.phabricator.com/D3072
This commit is contained in:
Michael Ossareh
parent
514ee3526c
commit
0a0607d2f7
2 changed files with 23 additions and 6 deletions
|
|
@ -642,6 +642,14 @@ return array(
|
|||
// The attribute to be regarded as 'username'. Has to be unique
|
||||
'ldap.search_attribute' => '',
|
||||
|
||||
// Perform a search to find a user
|
||||
// Many LDAP installations do not have the username in the dn, if this is
|
||||
// true for you set this to true and configure the username_attribute below
|
||||
'ldap.search-first' => false,
|
||||
|
||||
// The attribute to search for if you have to search for a user
|
||||
'ldap.username_attribute' => '',
|
||||
|
||||
// The attribute(s) to be regarded as 'real name'.
|
||||
// If more then one attribute is supplied the values of the attributes in
|
||||
// the array will be joined
|
||||
|
|
|
|||
|
|
@ -46,6 +46,10 @@ final class PhabricatorLDAPProvider {
|
|||
return PhabricatorEnv::getEnvConfig('ldap.search_attribute');
|
||||
}
|
||||
|
||||
public function getUsernameAttribute() {
|
||||
return PhabricatorEnv::getEnvConfig('ldap.username_attribute');
|
||||
}
|
||||
|
||||
public function getLDAPVersion() {
|
||||
return PhabricatorEnv::getEnvConfig('ldap.version');
|
||||
}
|
||||
|
|
@ -117,6 +121,13 @@ final class PhabricatorLDAPProvider {
|
|||
throw new Exception('Username can not be empty');
|
||||
}
|
||||
|
||||
if (PhabricatorEnv::getEnvConfig('ldap.search-first')) {
|
||||
$user = $this->getUser($this->getUsernameAttribute(), $username);
|
||||
$username = $user[($this->getSearchAttribute())][0];
|
||||
}
|
||||
|
||||
$conn = $this->getConnection();
|
||||
|
||||
$activeDirectoryDomain =
|
||||
PhabricatorEnv::getEnvConfig('ldap.activedirectory_domain');
|
||||
|
||||
|
|
@ -130,8 +141,6 @@ final class PhabricatorLDAPProvider {
|
|||
$this->getBaseDN());
|
||||
}
|
||||
|
||||
$conn = $this->getConnection();
|
||||
|
||||
// NOTE: It is very important we suppress any messages that occur here,
|
||||
// because it logs passwords if it reaches an error log of any sort.
|
||||
DarkConsoleErrorLogPluginAPI::enableDiscardMode();
|
||||
|
|
@ -143,16 +152,16 @@ final class PhabricatorLDAPProvider {
|
|||
"LDAP Error #".ldap_errno($conn).": ".ldap_error($conn));
|
||||
}
|
||||
|
||||
$this->userData = $this->getUser($username);
|
||||
$this->userData = $this->getUser($this->getSearchAttribute(), $username);
|
||||
return $this->userData;
|
||||
}
|
||||
|
||||
private function getUser($username) {
|
||||
private function getUser($attribute, $username) {
|
||||
$conn = $this->getConnection();
|
||||
|
||||
$query = ldap_sprintf(
|
||||
'%Q=%S',
|
||||
$this->getSearchAttribute(),
|
||||
$attribute,
|
||||
$username);
|
||||
|
||||
$result = ldap_search($conn, $this->getBaseDN(), $query);
|
||||
|
|
@ -170,7 +179,7 @@ final class PhabricatorLDAPProvider {
|
|||
|
||||
if ($entries['count'] > 1) {
|
||||
throw new Exception('Found more then one user with this ' .
|
||||
$this->getSearchAttribute());
|
||||
$attribute);
|
||||
}
|
||||
|
||||
if ($entries['count'] == 0) {
|
||||
|
|
|
|||
Loading…
Reference in a new issue