diff options
author | Francois Ferrand <thetypz@gmail.com> | 2015-01-16 17:08:48 +0100 |
---|---|---|
committer | Francois Ferrand <thetypz@gmail.com> | 2015-01-16 17:13:36 +0100 |
commit | 969d60ab416c075db27f7a0247f0c48ab519afa6 (patch) | |
tree | 5612bf783866291a24f7c5af913cbd584f7b7137 /app | |
parent | fd22b955751075e4a69df9c1d24995f15b991be7 (diff) |
Add Json API to create LDAP user.
This allows setting up permissions before the LDAP users actually connect
to Kanboard, and even importing the permissions from other tools.
Diffstat (limited to 'app')
-rw-r--r-- | app/Auth/Ldap.php | 48 | ||||
-rw-r--r-- | app/constants.php | 1 |
2 files changed, 49 insertions, 0 deletions
diff --git a/app/Auth/Ldap.php b/app/Auth/Ldap.php index b3440614..22c9fb88 100644 --- a/app/Auth/Ldap.php +++ b/app/Auth/Ldap.php @@ -206,4 +206,52 @@ class Ldap extends Base return false; } + + /** + * Retrieve info on LDAP user. + * + * @param resource $ldap LDAP connection + * @param string $username Username + * @param string $email Email address + */ + public function lookup($username = null, $email = null) + { + if ($username && $email) + $query = '(&('.sprintf(LDAP_USER_PATTERN, $username).')('.sprintf(LDAP_ACCOUNT_EMAIL, $email).')'; + else if ($username) + $query = sprintf(LDAP_USER_PATTERN, $username); + else if ($email) + $query = '('.LDAP_ACCOUNT_EMAIL.'='.$email.')'; + else + return false; + + // Connect and attempt anonymous bind + $ldap = $this->connect(); + if (!is_resource($ldap) || !$this->bind($ldap, null, null)) + return false; + + // Try to find user + $sr = @ldap_search($ldap, LDAP_ACCOUNT_BASE, $query, array(LDAP_ACCOUNT_FULLNAME, LDAP_ACCOUNT_EMAIL, LDAP_ACCOUNT_ID)); + if ($sr === false) { + return false; + } + + $info = ldap_get_entries($ldap, $sr); + + // User not found + if (count($info) == 0 || $info['count'] == 0) { + return false; + } + + // User id not retrieved: LDAP_ACCOUNT_ID not properly configured + if (!$username && !isset($info[0][LDAP_ACCOUNT_ID][0])) { + return false; + } + + return array( + 'username' => isset($info[0][LDAP_ACCOUNT_ID][0]) ? $info[0][LDAP_ACCOUNT_ID][0] : $username, + 'name' => isset($info[0][LDAP_ACCOUNT_FULLNAME][0]) ? $info[0][LDAP_ACCOUNT_FULLNAME][0] : '', + 'email' => isset($info[0][LDAP_ACCOUNT_EMAIL][0]) ? $info[0][LDAP_ACCOUNT_EMAIL][0] : $email, + ); + } } diff --git a/app/constants.php b/app/constants.php index a8d8f56e..f0384d30 100644 --- a/app/constants.php +++ b/app/constants.php @@ -34,6 +34,7 @@ defined('LDAP_ACCOUNT_BASE') or define('LDAP_ACCOUNT_BASE', ''); defined('LDAP_USER_PATTERN') or define('LDAP_USER_PATTERN', ''); defined('LDAP_ACCOUNT_FULLNAME') or define('LDAP_ACCOUNT_FULLNAME', 'displayname'); defined('LDAP_ACCOUNT_EMAIL') or define('LDAP_ACCOUNT_EMAIL', 'mail'); +defined('LDAP_ACCOUNT_ID') or define('LDAP_ACCOUNT_ID', ''); // Google authentication defined('GOOGLE_AUTH') or define('GOOGLE_AUTH', false); |