HomeLab/ldap-user-manager
2
0
Fork 0
mirror of https://github.com/wheelybird/ldap-user-manager.git synced 2025-01-18 23:42:54 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix issues #124 and #126

Browse Source
This commit is contained in:
Brian Lycett 2022-03-10 14:41:27 +00:00
parent 6f6dbb09e0
commit 4c7fbbc542
4 changed files with 102 additions and 75 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
www/account_manager/show_group.php
View File

@ -111,18 +111,41 @@ if (isset($_POST["update_members"])) {
$non_members = array_diff($all_people,$updated_membership);
$group_members = $updated_membership;
?>
<script>
window.setTimeout(function() {
$(".alert").fadeTo(500, 0).slideUp(500, function(){ $(this).remove(); });
}, 4000);
</script>
<div class="alert alert-success" role="alert">
<button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="TRUE">&times;</span></button>
<p class="text-center">The group has been <?php print $has_been; ?>.</p>
</div>
$rfc2307bis_available = ldap_detect_rfc2307bis($ldap_connection);
if ($rfc2307bis_available == TRUE and count($group_members) == 0) {
<?php
$group_members = ldap_get_group_members($ldap_connection,$group_cn);
$non_members = array_diff($all_people,$group_members);
?>
<script>
window.setTimeout(function() {
$(".alert").fadeTo(500, 0).slideUp(500, function(){ $(this).remove(); });
}, 15000);
</script>
<div class="alert alert-danger" role="alert">
<button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="TRUE">&times;</span></button>
<p class="text-center">Groups can't be empty, so the final member hasn't been removed. You could try deleting the group.</p>
</div>
<?php
}
else {
?>
<script>
window.setTimeout(function() {
$(".alert").fadeTo(500, 0).slideUp(500, function(){ $(this).remove(); });
}, 4000);
</script>
<div class="alert alert-success" role="alert">
<button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="TRUE">&times;</span></button>
<p class="text-center">The group has been <?php print $has_been; ?>.</p>
</div>
<?php
}
}
else {
@ -233,7 +256,6 @@ ldap_close($ldap_connection);
</style>
<div class="container">
<div class="panel panel-default">

2
www/account_manager/show_user.php
View File

@ -522,7 +522,7 @@ if ($ldap_search) {
<button class="btn btn-default btn-sm move-right">
<span class="glyphicon glyphicon-chevron-right"></span>
</button>
<form id="update_with_groups" action="<?php print $CURRENT_PAGE" method="post">
<form id="update_with_groups" action="<?php print $CURRENT_PAGE ?>" method="post">
<input type="hidden" name="update_member_of">
<input type="hidden" name="account_identifier" value="<?php print $account_identifier; ?>">
</form>

125
www/includes/ldap_functions.inc.php
View File

@ -320,7 +320,7 @@ function ldap_get_user_list($ldap_connection,$start=0,$entries=NULL,$sort="asc",
$add_these = array();
foreach($fields as $this_attr) {
if ($this_attr !== $sort_key) { $add_these[$this_attr] = $record[$this_attr][0]; }
if ($this_attr !== $sort_key and isset($record[$this_attr])) { $add_these[$this_attr] = $record[$this_attr][0]; }
}
$records[$record[$sort_key][0]] = $add_these;
@ -464,7 +464,7 @@ function ldap_get_group_members($ldap_connection,$group_name,$start=0,$entries=N
global $log_prefix, $LDAP, $LDAP_DEBUG;
if ($LDAP['rfc2307bis_check_run'] != TRUE) { $rfc2307bis_available = ldap_detect_rfc2307bis($ldap_connection); }
$rfc2307bis_available = ldap_detect_rfc2307bis($ldap_connection);
$ldap_search_query = "(${LDAP['group_attribute']}=". ldap_escape($group_name, "", LDAP_ESCAPE_FILTER) . ")";
$ldap_search = @ ldap_search($ldap_connection, "${LDAP['group_dn']}", $ldap_search_query, array($LDAP['group_membership_attribute']));
@ -511,7 +511,7 @@ function ldap_is_group_member($ldap_connection,$group_name,$username) {
global $log_prefix, $LDAP, $LDAP_DEBUG;
if ($LDAP['rfc2307bis_check_run'] != TRUE) { $rfc2307bis_available = ldap_detect_rfc2307bis($ldap_connection); }
$rfc2307bis_available = ldap_detect_rfc2307bis($ldap_connection);
$ldap_search_query = "(${LDAP['group_attribute']}=" . ldap_escape($group_name, "", LDAP_ESCAPE_FILTER) . ")";
$ldap_search = @ ldap_search($ldap_connection, "${LDAP['group_dn']}", $ldap_search_query);
@ -543,7 +543,7 @@ function ldap_user_group_membership($ldap_connection,$username) {
global $log_prefix, $LDAP, $LDAP_DEBUG;
if ($LDAP['rfc2307bis_check_run'] != TRUE) { $rfc2307bis_available = ldap_detect_rfc2307bis($ldap_connection); }
$rfc2307bis_available = ldap_detect_rfc2307bis($ldap_connection);
if ($LDAP['group_membership_uses_uid'] == FALSE) {
$username = "${LDAP['account_attribute']}=$username,${LDAP['user_dn']}";
@ -571,7 +571,7 @@ function ldap_new_group($ldap_connection,$group_name,$initial_member="") {
global $log_prefix, $LDAP, $LDAP_DEBUG;
if ($LDAP['rfc2307bis_check_run'] != TRUE) { $rfc2307bis_available = ldap_detect_rfc2307bis($ldap_connection); }
$rfc2307bis_available = ldap_detect_rfc2307bis($ldap_connection);
if (isset($group_name)) {
@ -863,7 +863,7 @@ function ldap_add_member_to_group($ldap_connection,$group_name,$username) {
global $log_prefix, $LDAP, $LDAP_DEBUG;
if ($LDAP['rfc2307bis_check_run'] != TRUE) { $rfc2307bis_available = ldap_detect_rfc2307bis($ldap_connection); }
$rfc2307bis_available = ldap_detect_rfc2307bis($ldap_connection);
$group_dn = "${LDAP['group_attribute']}=" . ldap_escape($group_name, "", LDAP_ESCAPE_FILTER) . ",${LDAP['group_dn']}";
@ -898,7 +898,7 @@ function ldap_delete_member_from_group($ldap_connection,$group_name,$username) {
return FALSE;
}
else {
if ($LDAP['rfc2307bis_check_run'] != TRUE) { $rfc2307bis_available = ldap_detect_rfc2307bis($ldap_connection); }
$rfc2307bis_available = ldap_detect_rfc2307bis($ldap_connection);
$group_dn = "${LDAP['group_attribute']}=" . ldap_escape($group_name, "", LDAP_ESCAPE_FILTER) . ",${LDAP['group_dn']}";
@ -965,71 +965,76 @@ function ldap_change_password($ldap_connection,$username,$new_password) {
function ldap_detect_rfc2307bis($ldap_connection) {
global $log_prefix, $LDAP, $LDAP_DEBUG;
global $log_prefix, $LDAP, $LDAP_DEBUG;
$bis_available = FALSE;
if ($LDAP['forced_rfc2307bis'] == TRUE) {
if ($LDAP_DEBUG == TRUE) { error_log("$log_prefix LDAP RFC2307BIS detection - skipping autodetection because FORCE_RFC2307BIS is TRUE",0); }
$bis_available = TRUE;
}
else {
$schema_base_query = @ ldap_read($ldap_connection,"","subschemaSubentry=*",array('subschemaSubentry'));
if (!$schema_base_query) {
error_log("$log_prefix LDAP RFC2307BIS detection - unable to query LDAP for objectClasses under ${schema_base_dn}:" . ldap_error($ldap_connection),0);
error_log("$log_prefix LDAP RFC2307BIS detection - we'll assume that the RFC2307BIS schema isn't available. Set FORCE_RFC2307BIS to TRUE if you DO use RFC2307BIS.",0);
if (isset($LDAP['rfc2307bis_available'])) {
return $LDAP['rfc2307bis_available'];
}
else {
$schema_base_results = @ ldap_get_entries($ldap_connection, $schema_base_query);
if ($schema_base_results) {
$LDAP['rfc2307bis_available'] = FALSE;
$schema_base_dn = $schema_base_results[0]['subschemasubentry'][0];
if ($LDAP_DEBUG == TRUE) { error_log("$log_prefix LDAP RFC2307BIS detection - found that the 'subschemaSubentry' base DN is '$schema_base_dn'",0); }
$objclass_query = @ ldap_read($ldap_connection,$schema_base_dn,"(objectClasses=*)",array('objectClasses'));
if (!$objclass_query) {
error_log("$log_prefix LDAP RFC2307BIS detection - unable to query LDAP for objectClasses under ${schema_base_dn}:" . ldap_error($ldap_connection),0);
if ($LDAP['forced_rfc2307bis'] == TRUE) {
if ($LDAP_DEBUG == TRUE) { error_log("$log_prefix LDAP RFC2307BIS detection - skipping autodetection because FORCE_RFC2307BIS is TRUE",0); }
$LDAP['rfc2307bis_available'] = TRUE;
}
else {
$objclass_results = @ ldap_get_entries($ldap_connection, $objclass_query);
$this_count = $objclass_results[0]['objectclasses']['count'];
if ($this_count > 0) {
if ($LDAP_DEBUG == TRUE) { error_log("$log_prefix LDAP RFC2307BIS detection - found $this_count objectClasses under $schema_base_dn" ,0); }
$posixgroup_search = preg_grep("/NAME 'posixGroup'.*AUXILIARY/",$objclass_results[0]['objectclasses']);
if (count($posixgroup_search) > 0) {
if ($LDAP_DEBUG == TRUE) { error_log("$log_prefix LDAP RFC2307BIS detection - found AUXILIARY in posixGroup definition which suggests we're using the RFC2307BIS schema" ,0); }
$bis_available = TRUE;
$schema_base_query = @ ldap_read($ldap_connection,"","subschemaSubentry=*",array('subschemaSubentry'));
if (!$schema_base_query) {
error_log("$log_prefix LDAP RFC2307BIS detection - unable to query LDAP for objectClasses under ${schema_base_dn}:" . ldap_error($ldap_connection),0);
error_log("$log_prefix LDAP RFC2307BIS detection - we'll assume that the RFC2307BIS schema isn't available. Set FORCE_RFC2307BIS to TRUE if you DO use RFC2307BIS.",0);
}
else {
if ($LDAP_DEBUG == TRUE) { error_log("$log_prefix LDAP RFC2307BIS detection - couldn't find AUXILIARY in the posixGroup definition which suggests we're not using the RFC2307BIS schema. Set FORCE_RFC2307BIS to TRUE if you DO use RFC2307BIS. " ,0); }
$schema_base_results = @ ldap_get_entries($ldap_connection, $schema_base_query);
if ($schema_base_results) {
$schema_base_dn = $schema_base_results[0]['subschemasubentry'][0];
if ($LDAP_DEBUG == TRUE) { error_log("$log_prefix LDAP RFC2307BIS detection - found that the 'subschemaSubentry' base DN is '$schema_base_dn'",0); }
$objclass_query = @ ldap_read($ldap_connection,$schema_base_dn,"(objectClasses=*)",array('objectClasses'));
if (!$objclass_query) {
error_log("$log_prefix LDAP RFC2307BIS detection - unable to query LDAP for objectClasses under ${schema_base_dn}:" . ldap_error($ldap_connection),0);
}
else {
$objclass_results = @ ldap_get_entries($ldap_connection, $objclass_query);
$this_count = $objclass_results[0]['objectclasses']['count'];
if ($this_count > 0) {
if ($LDAP_DEBUG == TRUE) { error_log("$log_prefix LDAP RFC2307BIS detection - found $this_count objectClasses under $schema_base_dn" ,0); }
$posixgroup_search = preg_grep("/NAME 'posixGroup'.*AUXILIARY/",$objclass_results[0]['objectclasses']);
if (count($posixgroup_search) > 0) {
if ($LDAP_DEBUG == TRUE) { error_log("$log_prefix LDAP RFC2307BIS detection - found AUXILIARY in posixGroup definition which suggests we're using the RFC2307BIS schema" ,0); }
$LDAP['rfc2307bis_available'] = TRUE;
}
else {
if ($LDAP_DEBUG == TRUE) { error_log("$log_prefix LDAP RFC2307BIS detection - couldn't find AUXILIARY in the posixGroup definition which suggests we're not using the RFC2307BIS schema. Set FORCE_RFC2307BIS to TRUE if you DO use RFC2307BIS. " ,0); }
}
}
else {
if ($LDAP_DEBUG == TRUE) { error_log("$log_prefix LDAP RFC2307BIS detection - no objectClasses were returned when searching under $schema_base_dn" ,0); }
}
}
}
else {
if ($LDAP_DEBUG == TRUE) { error_log("$log_prefix LDAP RFC2307BIS detection - unable to detect the subschemaSubentry base DN" ,0); }
}
}
}
else {
if ($LDAP_DEBUG == TRUE) { error_log("$log_prefix LDAP RFC2307BIS detection - no objectClasses were returned when searching under $schema_base_dn" ,0); }
}
}
}
else {
if ($LDAP_DEBUG == TRUE) { error_log("$log_prefix LDAP RFC2307BIS detection - unable to detect the subschemaSubentry base DN" ,0); }
}
if ($LDAP['rfc2307bis_available'] == TRUE) {
if (!isset($LDAP['group_membership_attribute'])) { $LDAP['group_membership_attribute'] = 'uniquemember'; }
if (!isset($LDAP['group_membership_uses_uid'])) { $LDAP['group_membership_uses_uid'] = FALSE; }
return TRUE;
}
else {
if (!isset($LDAP['group_membership_attribute'])) { $LDAP['group_membership_attribute'] = 'memberuid'; }
if (!isset($LDAP['group_membership_uses_uid'])) { $LDAP['group_membership_uses_uid'] = TRUE; }
return FALSE;
}
}
}
$LDAP['rfc2307bis_check_run'] == TRUE;
if ($bis_available == TRUE) {
if (!isset($LDAP['group_membership_attribute'])) { $LDAP['group_membership_attribute'] = 'uniquemember'; }
if (!isset($LDAP['group_membership_uses_uid'])) { $LDAP['group_membership_uses_uid'] = FALSE; }
return TRUE;
}
else {
if (!isset($LDAP['group_membership_attribute'])) { $LDAP['group_membership_attribute'] = 'memberuid'; }
if (!isset($LDAP['group_membership_uses_uid'])) { $LDAP['group_membership_uses_uid'] = TRUE; }
return FALSE;
}
}

4
www/includes/web_functions.inc.php
View File

@ -38,7 +38,7 @@ $THIS_MODULE_PATH="${SERVER_PATH}${THIS_MODULE}";
$DEFAULT_COOKIE_OPTIONS = array( 'expires' => time()+(60 * $SESSION_TIMEOUT),
'path' => $SERVER_PATH,
'domain' => '',
'secure' => TRUE,
'secure' => $NO_HTTPS ? FALSE : TRUE,
'samesite' => 'strict'
);
@ -140,7 +140,7 @@ function validate_passkey_cookie() {
$this_error="$log_prefix Session: orf_cookie was sent by the client and the session file was found at /tmp/$filename, but";
if (empty($c_passkey)) { $this_error .= " the cookie passkey wasn't set;"; }
if ($c_passkey != $f_passkey) { $this_error .= " the session file passkey didn't match the cookie passkey;"; }
$this_error += " Cookie: ${_COOKIE['orf_cookie']} - Session file contents: $session_file";
$this_error.=" Cookie: ${_COOKIE['orf_cookie']} - Session file contents: $session_file";
error_log($this_error,0);
}
}