diff --git a/app/class/Config.php b/app/class/Config.php index 10041bf..ce71abb 100644 --- a/app/class/Config.php +++ b/app/class/Config.php @@ -631,24 +631,24 @@ public static function setlazyloadimg($lazyloadimg): bool return self::$lazyloadimg = boolval($lazyloadimg); } - public static function setldapserver($ldapserver): void + public static function setldapserver(string $ldapserver): void { self::$ldapserver = $ldapserver; } - public static function setldaptree($ldaptree): void + public static function setldaptree(string $ldaptree): void { self::$ldaptree = $ldaptree; } - public static function setldapu($ldapu): void + public static function setldapu(string $ldapu): void { self::$ldapu = $ldapu; } - public static function setldapuserlevel($ldapuserlevel): void + public static function setldapuserlevel(int $ldapuserlevel): void { - if (is_int($ldapuserlevel) && $ldapuserlevel >= 0 && $ldapuserlevel <= 10) { + if ($ldapuserlevel >= 0 && $ldapuserlevel <= 10) { self::$ldapuserlevel = $ldapuserlevel; } } diff --git a/app/class/Controllerconnect.php b/app/class/Controllerconnect.php index de4b8c4..9713234 100644 --- a/app/class/Controllerconnect.php +++ b/app/class/Controllerconnect.php @@ -67,6 +67,11 @@ protected function login(): void } if ($this->user->isldap()) { + if (!Config::isldap()) { + $this->sendflashmessage('Error with LDAP connection', self::FLASH_ERROR); + Logger::error("User $userid tried to authenticate against LDAP, but LDAP is not configured"); + return; + } try { $ldap = new Modelldap(Config::ldapserver(), Config::ldaptree(), Config::ldapu()); $pass = $ldap->auth($userid, $_POST['pass']); diff --git a/app/class/Modelldap.php b/app/class/Modelldap.php index 7d2ad10..310421a 100644 --- a/app/class/Modelldap.php +++ b/app/class/Modelldap.php @@ -3,6 +3,7 @@ namespace Wcms; use RuntimeException; +use Wcms\Exception\Missingextensionexception; class Modelldap extends Model { @@ -22,10 +23,14 @@ class Modelldap extends Model * Like `ou=people,dc=server,dc=tld` * @param string $u Username storing name, something like `uid`. * - * @throws RuntimeException + * @throws RuntimeException if LDAP server syntax did pass the sanity test + * @throws Missingextensionexception if LDAP extension is not installed */ public function __construct(string $ldapserver, string $tree, string $u) { + if (!extension_loaded('ldap')) { + throw new Missingextensionexception('PHP LDAP extension is not installed'); + } $this->ldapserver = $ldapserver; $this->connection = @ldap_connect($this->ldapserver); if ($this->connection === false) { diff --git a/app/view/templates/admin.php b/app/view/templates/admin.php index be51b99..3affe76 100644 --- a/app/view/templates/admin.php +++ b/app/view/templates/admin.php @@ -362,6 +362,71 @@

+
+

LDAP auth

+ +

+ W authenticates users with a password linked to their account, stored in your instance database. + If you have an LDAP server, you can choose to authenticate your users with this server instead, + rather than using W's database to store their password. + In this case, W will no longer allow user's passwords to be changed. +

+ +

LDAP connection infos

+ +

+ Address of the LDAP server. Should start with: + ldap:// or ldaps://. + Followed by the server address. + For a local server, put localhost. + A port can be specified by adding :port at the end. +

+ +

+ + +

+ +

+ The LDAP tree structure, but without the part containing user identifier. +

+ +

+ + +

+ +

+ The name of the user field in the LDAP database. +

+ +

+ + +

+ + + +

New account creation

+ +

+ Users can be registered in LDAP but not have an account in W. + In this case, you can choose to have accounts created by defining the level of these new users. +

+ +

+ + +

+
+ stop('page') ?>