40 global $db, $conf, $langs;
41 global $dolibarr_main_auth_ldap_host, $dolibarr_main_auth_ldap_port;
42 global $dolibarr_main_auth_ldap_version, $dolibarr_main_auth_ldap_servertype;
43 global $dolibarr_main_auth_ldap_login_attribute, $dolibarr_main_auth_ldap_dn;
44 global $dolibarr_main_auth_ldap_admin_login, $dolibarr_main_auth_ldap_admin_pass;
45 global $dolibarr_main_auth_ldap_filter;
46 global $dolibarr_main_auth_ldap_debug;
49 $entity = $entitytotest;
50 if (isModEnabled(
'multicompany') &&
getDolGlobalString(
'MULTICOMPANY_TRANSVERSE_MODE')) {
55 $resultFetchUser =
'';
57 if (!function_exists(
"ldap_connect")) {
58 dol_syslog(
"functions_ldap::check_user_password_ldap Authentication KO failed to connect to LDAP. LDAP functions are disabled on this PHP", LOG_ERR);
62 $langs->loadLangs(array(
'main',
'other'));
64 $_SESSION[
"dol_loginmesg"] = $langs->transnoentitiesnoconv(
"ErrorLDAPFunctionsAreDisabledOnThisPHP").
' '.$langs->transnoentitiesnoconv(
"TryAnotherConnectionMode");
69 dol_syslog(
"functions_ldap::check_user_password_ldap usertotest=".$usertotest.
" passwordtotest=".preg_replace(
'/./',
'*', $passwordtotest).
" entitytotest=".$entitytotest);
72 $ldaphost = $dolibarr_main_auth_ldap_host;
73 $ldapport = $dolibarr_main_auth_ldap_port;
74 $ldapversion = $dolibarr_main_auth_ldap_version;
75 $ldapservertype = (empty($dolibarr_main_auth_ldap_servertype) ?
'openldap' : $dolibarr_main_auth_ldap_servertype);
77 $ldapuserattr = $dolibarr_main_auth_ldap_login_attribute;
78 $ldapdn = $dolibarr_main_auth_ldap_dn;
79 $ldapadminlogin = $dolibarr_main_auth_ldap_admin_login;
80 $ldapadminpass = $dolibarr_main_auth_ldap_admin_pass;
81 $ldapdebug = !(empty($dolibarr_main_auth_ldap_debug) || $dolibarr_main_auth_ldap_debug ==
"false");
84 print
"DEBUG: Logging LDAP steps<br>\n";
87 require_once DOL_DOCUMENT_ROOT.
'/core/class/ldap.class.php';
89 $ldap->server = explode(
',', $ldaphost);
90 $ldap->serverPort = $ldapport;
91 $ldap->ldapProtocolVersion = $ldapversion;
92 $ldap->serverType = $ldapservertype;
93 $ldap->searchUser = $ldapadminlogin;
94 $ldap->searchPassword = $ldapadminpass;
97 dol_syslog(
"functions_ldap::check_user_password_ldap Server:".implode(
',', $ldap->server).
", Port:".$ldap->serverPort.
", Protocol:".$ldap->ldapProtocolVersion.
", Type:".$ldap->serverType);
98 dol_syslog(
"functions_ldap::check_user_password_ldap uid/samaccountname=".$ldapuserattr.
", dn=".$ldapdn.
", Admin:".$ldap->searchUser.
", Pass:".
dol_trunc($ldap->searchPassword, 3));
99 print
"DEBUG: Server:".implode(
',', $ldap->server).
", Port:".$ldap->serverPort.
", Protocol:".$ldap->ldapProtocolVersion.
", Type:".$ldap->serverType.
"<br>\n";
100 print
"DEBUG: uid/samaccountname=".$ldapuserattr.
", dn=".$ldapdn.
", Admin:".$ldap->searchUser.
", Pass:".
dol_trunc($ldap->searchPassword, 3).
"<br>\n";
103 $resultFetchLdapUser = 0;
106 $userSearchFilter =
"";
107 if (empty($dolibarr_main_auth_ldap_filter)) {
108 $userSearchFilter =
"(".$ldapuserattr.
"=".$usertotest.
")";
111 $userSearchFilter = str_replace(
'%1%', $usertotest, $dolibarr_main_auth_ldap_filter);
116 if ($ldapadminlogin || $dolibarr_main_auth_ldap_filter) {
117 $result = $ldap->connectBind();
119 $resultFetchLdapUser = $ldap->fetch($usertotest, $userSearchFilter);
121 if ($resultFetchLdapUser > 0 && $ldap->pwdlastset == 0) {
122 dol_syslog(
'functions_ldap::check_user_password_ldap '.$usertotest.
' must change password next logon');
124 print
"DEBUG: User ".$usertotest.
" must change password<br>\n";
128 $langs->load(
'ldap');
129 $_SESSION[
"dol_loginmesg"] = $langs->transnoentitiesnoconv(
"YouMustChangePassNextLogon", $usertotest, $ldap->domainFQDN);
134 print
"DEBUG: ".$ldap->error.
"<br>\n";
143 $ldap->searchUser = $ldapuserattr.
"=".$usertotest.
",".$ldapdn;
146 if ($resultFetchLdapUser && !empty($ldap->ldapUserDN)) {
147 $ldap->searchUser = $ldap->ldapUserDN;
149 $ldap->searchPassword = $passwordtotest;
153 $result = $ldap->connectBind();
156 $login = $usertotest;
157 dol_syslog(
"functions_ldap::check_user_password_ldap $login authentication ok");
161 $login = $ldap->login;
162 dol_syslog(
"functions_ldap::check_user_password_ldap login is now $login (LDAP_FIELD_LOGIN=".
getDolGlobalString(
'LDAP_FIELD_LOGIN').
")");
165 require_once DOL_DOCUMENT_ROOT.
'/core/lib/date.lib.php';
170 if ($login && !empty($conf->ldap->enabled) &&
getDolGlobalInt(
'LDAP_SYNCHRO_ACTIVE') == Ldap::SYNCHRO_LDAP_TO_DOLIBARR) {
171 dol_syslog(
"functions_ldap::check_user_password_ldap Sync ldap2dolibarr");
175 print
"DEBUG: login ldap = ".$login.
"<br>\n";
177 $resultFetchLdapUser = $ldap->fetch($login, $userSearchFilter);
180 print
"DEBUG: UACF = ".implode(
',', $ldap->uacf).
"<br>\n";
183 print
"DEBUG: pwdLastSet = ".dol_print_date($ldap->pwdlastset,
'day').
"<br>\n";
186 print
"DEBUG: badPasswordTime = ".dol_print_date($ldap->badpwdtime,
'day').
"<br>\n";
192 $sid = $ldap->getObjectSid($login);
194 print
"DEBUG: sid = ".$sid.
"<br>\n";
198 $usertmp =
new User($db);
199 $resultFetchUser = $usertmp->fetch(0, $login, $sid, 1, ($entitytotest > 0 ? $entitytotest : -1));
200 if ($resultFetchUser > 0) {
201 dol_syslog(
"functions_ldap::check_user_password_ldap Sync user found user id=".$usertmp->id);
204 if ($usertmp->login != $ldap->login && $ldap->login) {
205 $usertmp->login = $ldap->login;
206 $usertmp->update($usertmp);
216 if (isModEnabled(
'multicompany')) {
219 $usertmp =
new User($db);
220 $usertmp->fetch(0, $login);
221 if (is_object($mc)) {
222 $ret = $mc->checkRight($usertmp->id, $entitytotest);
224 dol_syslog(
"functions_ldap::check_user_password_ldap Authentication KO entity '".$entitytotest.
"' not allowed for user id '".$usertmp->id.
"'", LOG_NOTICE);
232 dol_syslog(
"functions_ldap::check_user_password_ldap Authentication KO bad user/password for '".$usertotest.
"'", LOG_NOTICE);
236 $langs->loadLangs(array(
'main',
'other'));
238 $_SESSION[
"dol_loginmesg"] = $langs->transnoentitiesnoconv(
"ErrorBadLoginPassword");
249 dol_syslog(
"functions_ldap::check_user_password_ldap Authentication KO failed to connect to LDAP for '".$usertotest.
"'", LOG_NOTICE);
250 if (is_resource($ldap->connection) || is_object($ldap->connection)) {
253 $ldap->ldapErrorCode = ldap_errno($ldap->connection);
255 $ldap->ldapErrorText = ldap_error($ldap->connection);
256 dol_syslog(
"functions_ldap::check_user_password_ldap ".$ldap->ldapErrorCode.
" ".$ldap->ldapErrorText);
257 }
catch (Throwable $exception) {
258 $ldap->ldapErrorCode = 0;
259 $ldap->ldapErrorText =
'';
260 dol_syslog(
'functions_ldap::check_user_password_ldap '.$exception, LOG_WARNING);
265 $langs->loadLangs(array(
'main',
'other',
'errors'));
266 $_SESSION[
"dol_loginmesg"] = ($ldap->error ? $ldap->error : $langs->transnoentitiesnoconv(
"ErrorBadLoginPassword"));