kenmirrors/grocy
1
0
Fork 0
mirror of https://github.com/grocy/grocy.git synced 2025-04-29 09:39:57 +00:00
Code Issues Projects Releases Wiki Activity

Improved support for other LDAP servers (#1380)

Browse Source 
Co-authored-by: kuanhong <>
This commit is contained in:
tank0226 2021-06-20 19:22:18 +08:00 committed by GitHub
parent a4f7aac963
commit b3ed80d186
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 30 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
config-dist.php
View File

@ -78,9 +78,12 @@ Setting('AUTH_CLASS', 'Grocy\Middleware\DefaultAuthMiddleware');
Setting('REVERSE_PROXY_AUTH_HEADER', 'REMOTE_USER');
// When using LdapAuthMiddleware
Setting('LDAP_DOMAIN', ''); // Example value "local"
Setting('LDAP_ADDRESS', ''); // Example value "ldap://vm-dc2019.local.berrnd.net"
Setting('LDAP_BASE_DN', ''); // Example value "OU=OU_Users,DC=local,DC=berrnd,DC=net"
Setting('LDAP_BASE_DN', ''); // Example value "DC=local,DC=berrnd,DC=net"
Setting('LDAP_BIND_DN', ''); // Example value "CN=grocy_bind_account,OU=service_accounts,DC=local,DC=berrnd,DC=net"
Setting('LDAP_BIND_PW', ''); // Password for the above account
Setting('LDAP_USER_FILTER', ''); // Example value "(OU=grocy_users)"
Setting('LDAP_UID_ATTR', ''); // Windows AD: "sAMAccountName", OpenLDAP: "uid", Glauth: "cn"
// Set this to true if you want to disable the ability to scan a barcode via the device camera (Browser API)
Setting('DISABLE_BROWSER_BARCODE_CAMERA_SCANNING', false);

27
middleware/LdapAuthMiddleware.php
View File

@ -34,16 +34,33 @@ class LdapAuthMiddleware extends AuthMiddleware
ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($connect, LDAP_OPT_REFERRALS, 0);
if ($bind = ldap_bind($connect, GROCY_LDAP_DOMAIN . '\\' . $postParams['username'], $postParams['password']))
// bind with service account to retrieve user DN
if ($bind = ldap_bind($connect, GROCY_LDAP_BIND_DN, GROCY_LDAP_BIND_PW))
{
$fields = '(|(samaccountname=*' . $postParams['username'] . '*))';
$filter = '(&(' . GROCY_LDAP_UID_ATTR . '=' . $postParams['username'] . ')' . GROCY_LDAP_USER_FILTER . ')';
$search = ldap_search($connect, GROCY_LDAP_BASE_DN, $fields);
$search = ldap_search($connect, GROCY_LDAP_BASE_DN, $filter);
$result = ldap_get_entries($connect, $search);
$ldapFirstName = $result[0]['givenname'][0];
$ldapLastName = $result[0]['sn'][0];
$ldapDistinguishedName = $result[0]['dn'];
if (is_null($ldapDistinguishedName))
{
// User not found
return false;
}
}
else
{
// Bind authentication failed
return false;
}
// bind with user account to validate password
if ($bind = ldap_bind($connect, $ldapDistinguishedName, $postParams['password']))
{
ldap_close($connect);
$db = DatabaseService::getInstance()->GetDbConnection();
@ -60,7 +77,9 @@ class LdapAuthMiddleware extends AuthMiddleware
}
else
{
// LDAP authentication failed
ldap_close($connect);
// User authentication failed
return false;
}
}