summaryrefslogtreecommitdiff
path: root/app
diff options
context:
space:
mode:
authorFrancois Ferrand <thetypz@gmail.com>2015-01-16 17:08:48 +0100
committerFrancois Ferrand <thetypz@gmail.com>2015-01-16 17:13:36 +0100
commit969d60ab416c075db27f7a0247f0c48ab519afa6 (patch)
tree5612bf783866291a24f7c5af913cbd584f7b7137 /app
parentfd22b955751075e4a69df9c1d24995f15b991be7 (diff)
Add Json API to create LDAP user.
This allows setting up permissions before the LDAP users actually connect to Kanboard, and even importing the permissions from other tools.
Diffstat (limited to 'app')
-rw-r--r--app/Auth/Ldap.php48
-rw-r--r--app/constants.php1
2 files changed, 49 insertions, 0 deletions
diff --git a/app/Auth/Ldap.php b/app/Auth/Ldap.php
index b3440614..22c9fb88 100644
--- a/app/Auth/Ldap.php
+++ b/app/Auth/Ldap.php
@@ -206,4 +206,52 @@ class Ldap extends Base
return false;
}
+
+ /**
+ * Retrieve info on LDAP user.
+ *
+ * @param resource $ldap LDAP connection
+ * @param string $username Username
+ * @param string $email Email address
+ */
+ public function lookup($username = null, $email = null)
+ {
+ if ($username && $email)
+ $query = '(&('.sprintf(LDAP_USER_PATTERN, $username).')('.sprintf(LDAP_ACCOUNT_EMAIL, $email).')';
+ else if ($username)
+ $query = sprintf(LDAP_USER_PATTERN, $username);
+ else if ($email)
+ $query = '('.LDAP_ACCOUNT_EMAIL.'='.$email.')';
+ else
+ return false;
+
+ // Connect and attempt anonymous bind
+ $ldap = $this->connect();
+ if (!is_resource($ldap) || !$this->bind($ldap, null, null))
+ return false;
+
+ // Try to find user
+ $sr = @ldap_search($ldap, LDAP_ACCOUNT_BASE, $query, array(LDAP_ACCOUNT_FULLNAME, LDAP_ACCOUNT_EMAIL, LDAP_ACCOUNT_ID));
+ if ($sr === false) {
+ return false;
+ }
+
+ $info = ldap_get_entries($ldap, $sr);
+
+ // User not found
+ if (count($info) == 0 || $info['count'] == 0) {
+ return false;
+ }
+
+ // User id not retrieved: LDAP_ACCOUNT_ID not properly configured
+ if (!$username && !isset($info[0][LDAP_ACCOUNT_ID][0])) {
+ return false;
+ }
+
+ return array(
+ 'username' => isset($info[0][LDAP_ACCOUNT_ID][0]) ? $info[0][LDAP_ACCOUNT_ID][0] : $username,
+ 'name' => isset($info[0][LDAP_ACCOUNT_FULLNAME][0]) ? $info[0][LDAP_ACCOUNT_FULLNAME][0] : '',
+ 'email' => isset($info[0][LDAP_ACCOUNT_EMAIL][0]) ? $info[0][LDAP_ACCOUNT_EMAIL][0] : $email,
+ );
+ }
}
diff --git a/app/constants.php b/app/constants.php
index a8d8f56e..f0384d30 100644
--- a/app/constants.php
+++ b/app/constants.php
@@ -34,6 +34,7 @@ defined('LDAP_ACCOUNT_BASE') or define('LDAP_ACCOUNT_BASE', '');
defined('LDAP_USER_PATTERN') or define('LDAP_USER_PATTERN', '');
defined('LDAP_ACCOUNT_FULLNAME') or define('LDAP_ACCOUNT_FULLNAME', 'displayname');
defined('LDAP_ACCOUNT_EMAIL') or define('LDAP_ACCOUNT_EMAIL', 'mail');
+defined('LDAP_ACCOUNT_ID') or define('LDAP_ACCOUNT_ID', '');
// Google authentication
defined('GOOGLE_AUTH') or define('GOOGLE_AUTH', false);