37 global $db,$conf,$langs;
39 global $dolibarr_main_auth_ldap_host,$dolibarr_main_auth_ldap_port;
40 global $dolibarr_main_auth_ldap_version,$dolibarr_main_auth_ldap_servertype;
41 global $dolibarr_main_auth_ldap_login_attribute,$dolibarr_main_auth_ldap_dn;
42 global $dolibarr_main_auth_ldap_admin_login,$dolibarr_main_auth_ldap_admin_pass;
43 global $dolibarr_main_auth_ldap_filter;
44 global $dolibarr_main_auth_ldap_debug;
47 $entity=$entitytotest;
48 if (! empty($conf->multicompany->enabled) && ! empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE)) $entity=1;
53 if (! function_exists(
"ldap_connect"))
55 dol_syslog(
"functions_ldap::check_user_password_ldap Authentification ko failed to connect to LDAP. LDAP functions are disabled on this PHP");
59 $langs->loadLangs(array(
'main',
'other'));
61 $_SESSION[
"dol_loginmesg"]=$langs->trans(
"ErrorLDAPFunctionsAreDisabledOnThisPHP").
' '.$langs->trans(
"TryAnotherConnectionMode");
67 dol_syslog(
"functions_ldap::check_user_password_ldap usertotest=".$usertotest.
" passwordtotest=".preg_replace(
'/./',
'*',$passwordtotest).
" entitytotest=".$entitytotest);
70 $ldaphost=$dolibarr_main_auth_ldap_host;
71 $ldapport=$dolibarr_main_auth_ldap_port;
72 $ldapversion=$dolibarr_main_auth_ldap_version;
73 $ldapservertype=(empty($dolibarr_main_auth_ldap_servertype) ?
'openldap' : $dolibarr_main_auth_ldap_servertype);
75 $ldapuserattr=$dolibarr_main_auth_ldap_login_attribute;
76 $ldapdn=$dolibarr_main_auth_ldap_dn;
77 $ldapadminlogin=$dolibarr_main_auth_ldap_admin_login;
78 $ldapadminpass=$dolibarr_main_auth_ldap_admin_pass;
79 $ldapdebug=(empty($dolibarr_main_auth_ldap_debug) || $dolibarr_main_auth_ldap_debug==
"false" ? false :
true);
81 if ($ldapdebug)
print "DEBUG: Logging LDAP steps<br>\n";
83 require_once DOL_DOCUMENT_ROOT.
'/core/class/ldap.class.php';
85 $ldap->server=explode(
',',$ldaphost);
86 $ldap->serverPort=$ldapport;
87 $ldap->ldapProtocolVersion=$ldapversion;
88 $ldap->serverType=$ldapservertype;
89 $ldap->searchUser=$ldapadminlogin;
90 $ldap->searchPassword=$ldapadminpass;
94 dol_syslog(
"functions_ldap::check_user_password_ldap Server:".join(
',',$ldap->server).
", Port:".$ldap->serverPort.
", Protocol:".$ldap->ldapProtocolVersion.
", Type:".$ldap->serverType);
95 dol_syslog(
"functions_ldap::check_user_password_ldap uid/samacountname=".$ldapuserattr.
", dn=".$ldapdn.
", Admin:".$ldap->searchUser.
", Pass:".$ldap->searchPassword);
96 print "DEBUG: Server:".join(
',',$ldap->server).
", Port:".$ldap->serverPort.
", Protocol:".$ldap->ldapProtocolVersion.
", Type:".$ldap->serverType.
"<br>\n";
97 print "DEBUG: uid/samacountname=".$ldapuserattr.
", dn=".$ldapdn.
", Admin:".$ldap->searchUser.
", Pass:".$ldap->searchPassword.
"<br>\n";
100 $resultFetchLdapUser=0;
103 $userSearchFilter =
"";
104 if (empty($dolibarr_main_auth_ldap_filter)) {
105 $userSearchFilter =
"(" . $ldapuserattr .
"=" . $usertotest .
")";
107 $userSearchFilter = str_replace(
'%1%', $usertotest, $dolibarr_main_auth_ldap_filter);
114 $result=$ldap->connect_bind();
117 $resultFetchLdapUser = $ldap->fetch($usertotest,$userSearchFilter);
119 if ($resultFetchLdapUser > 0 && $ldap->pwdlastset == 0)
121 dol_syslog(
'functions_ldap::check_user_password_ldap '.$usertotest.
' must change password next logon');
122 if ($ldapdebug)
print "DEBUG: User ".$usertotest.
" must change password<br>\n";
125 $langs->load(
'ldap');
126 $_SESSION[
"dol_loginmesg"]=$langs->trans(
"YouMustChangePassNextLogon",$usertotest,$ldap->domainFQDN);
132 if ($ldapdebug)
print "DEBUG: ".$ldap->error.
"<br>\n";
140 $ldap->searchUser=$ldapuserattr.
"=".$usertotest.
",".$ldapdn;
143 if ($resultFetchLdapUser && !empty($ldap->ldapUserDN)) $ldap->searchUser = $ldap->ldapUserDN;
144 $ldap->searchPassword=$passwordtotest;
148 $result=$ldap->connect_bind();
153 dol_syslog(
"functions_ldap::check_user_password_ldap Authentification ok");
157 if ($login && ! empty($conf->ldap->enabled) && $conf->global->LDAP_SYNCHRO_ACTIVE ==
'ldap2dolibarr')
159 dol_syslog(
"functions_ldap::check_user_password_ldap Sync ldap2dolibarr");
162 if ($ldapdebug)
print "DEBUG: login ldap = ".$login.
"<br>\n";
163 $resultFetchLdapUser = $ldap->fetch($login,$userSearchFilter);
165 if ($ldapdebug)
print "DEBUG: UACF = ".join(
',',$ldap->uacf).
"<br>\n";
166 if ($ldapdebug)
print "DEBUG: pwdLastSet = ".dol_print_date($ldap->pwdlastset,
'day').
"<br>\n";
167 if ($ldapdebug)
print "DEBUG: badPasswordTime = ".dol_print_date($ldap->badpwdtime,
'day').
"<br>\n";
170 $sid = $ldap->getObjectSid($login);
171 if ($ldapdebug)
print "DEBUG: sid = ".$sid.
"<br>\n";
173 $usertmp=
new User($db);
174 $resultFetchUser=$usertmp->fetch(
'',$login,$sid);
175 if ($resultFetchUser > 0)
177 dol_syslog(
"functions_ldap::check_user_password_ldap Sync user found user id=".$usertmp->id);
180 if ($usertmp->login != $ldap->login && $ldap->login)
182 $usertmp->login = $ldap->login;
183 $usertmp->update($usertmp);
192 if (! empty($conf->multicompany->enabled))
196 $usertmp=
new User($db);
197 $usertmp->fetch(
'',$login);
198 $ret=$mc->checkRight($usertmp->id, $entitytotest);
201 dol_syslog(
"functions_ldap::check_user_password_ldap Authentification ko entity '".$entitytotest.
"' not allowed for user '".$usertmp->id.
"'");
209 dol_syslog(
"functions_ldap::check_user_password_ldap Authentification ko bad user/password for '".$usertotest.
"'");
213 $langs->loadLangs(array(
'main',
'other'));
215 $_SESSION[
"dol_loginmesg"]=$langs->trans(
"ErrorBadLoginPassword");
228 dol_syslog(
"functions_ldap::check_user_password_ldap Authentification ko failed to connect to LDAP for '".$usertotest.
"'");
229 if (is_resource($ldap->connection))
231 $ldap->ldapErrorCode = ldap_errno($ldap->connection);
232 $ldap->ldapErrorText = ldap_error($ldap->connection);
233 dol_syslog(
"functions_ldap::check_user_password_ldap ".$ldap->ldapErrorCode.
" ".$ldap->ldapErrorText);
238 $langs->loadLangs(array(
'main',
'other',
'errors'));
240 $_SESSION[
"dol_loginmesg"]=($ldap->error?$ldap->error:$langs->trans(
"ErrorBadLoginPassword"));
check_user_password_ldap($usertotest, $passwordtotest, $entitytotest)
Check validity of user/password/entity If test is ko, reason must be filled into $_SESSION["dol_login...
print
Draft customers invoices.
Class to manage Dolibarr users.
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='')
Write log message into outputs.
Class to manage LDAP features.