Skip to content

Commit

Permalink
new LDAP fields in admin view see #237
Browse files Browse the repository at this point in the history
  • Loading branch information
vincent-peugnet committed Nov 23, 2024
1 parent 25e1322 commit ebaa62d
Show file tree
Hide file tree
Showing 4 changed files with 81 additions and 6 deletions.
10 changes: 5 additions & 5 deletions app/class/Config.php
Original file line number Diff line number Diff line change
Expand Up @@ -631,24 +631,24 @@ public static function setlazyloadimg($lazyloadimg): bool
return self::$lazyloadimg = boolval($lazyloadimg);
}

public static function setldapserver($ldapserver): void
public static function setldapserver(string $ldapserver): void
{
self::$ldapserver = $ldapserver;
}

public static function setldaptree($ldaptree): void
public static function setldaptree(string $ldaptree): void
{
self::$ldaptree = $ldaptree;
}

public static function setldapu($ldapu): void
public static function setldapu(string $ldapu): void
{
self::$ldapu = $ldapu;
}

public static function setldapuserlevel($ldapuserlevel): void
public static function setldapuserlevel(int $ldapuserlevel): void
{
if (is_int($ldapuserlevel) && $ldapuserlevel >= 0 && $ldapuserlevel <= 10) {
if ($ldapuserlevel >= 0 && $ldapuserlevel <= 10) {
self::$ldapuserlevel = $ldapuserlevel;
}
}
Expand Down
5 changes: 5 additions & 0 deletions app/class/Controllerconnect.php
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,11 @@ protected function login(): void
}

if ($this->user->isldap()) {
if (!Config::isldap()) {
$this->sendflashmessage('Error with LDAP connection', self::FLASH_ERROR);
Logger::error("User $userid tried to authenticate against LDAP, but LDAP is not configured");
return;
}
try {
$ldap = new Modelldap(Config::ldapserver(), Config::ldaptree(), Config::ldapu());
$pass = $ldap->auth($userid, $_POST['pass']);
Expand Down
7 changes: 6 additions & 1 deletion app/class/Modelldap.php
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
namespace Wcms;

use RuntimeException;
use Wcms\Exception\Missingextensionexception;

class Modelldap extends Model
{
Expand All @@ -22,10 +23,14 @@ class Modelldap extends Model
* Like `ou=people,dc=server,dc=tld`
* @param string $u Username storing name, something like `uid`.
*
* @throws RuntimeException
* @throws RuntimeException if LDAP server syntax did pass the sanity test
* @throws Missingextensionexception if LDAP extension is not installed
*/
public function __construct(string $ldapserver, string $tree, string $u)
{
if (!extension_loaded('ldap')) {
throw new Missingextensionexception('PHP LDAP extension is not installed');
}
$this->ldapserver = $ldapserver;
$this->connection = @ldap_connect($this->ldapserver);
if ($this->connection === false) {
Expand Down
65 changes: 65 additions & 0 deletions app/view/templates/admin.php
Original file line number Diff line number Diff line change
Expand Up @@ -362,6 +362,71 @@
</p>
</div>

<div class="grid-item" id="ldap">
<h2>LDAP auth</h2>

<p class="info">
W authenticates users with a password linked to their account, stored in your instance database.
If you have an LDAP server, you can choose to authenticate your users with this server instead,
rather than using W's database to store their password.
In this case, W will no longer allow user's passwords to be changed.
</p>

<h3>LDAP connection infos</h3>

<p class="info">
Address of the LDAP server. Should start with:
<em>ldap://</em> or <em>ldaps://</em>.
Followed by the server address.
For a local server, put <em>localhost</em>.
A port can be specified by adding <em>:port</em> at the end.
</p>

<p class="field">
<label for="ldapserver">LDAP server address</label>
<input type="text" name="ldapserver" id="ldapserver" value="<?= Wcms\Config::ldapserver() ?>" form="admin" placeholder="ldap://localhost:389">
</p>

<p class="info">
The LDAP tree structure, but without the part containing user identifier.
</p>

<p class="field">
<label for="ldaptree">LDAP hierarchical structure</label>
<input type="text" name="ldaptree" id="ldaptree" value="<?= Wcms\Config::ldaptree() ?>" form="admin" placeholder="ou=People,dc=domain,dc=tld">
</p>

<p class="info">
The name of the user field in the LDAP database.
</p>

<p class="field">
<label for="ldapu">LDAP user field</label>
<input type="text" name="ldapu" id="ldapu" value="<?= Wcms\Config::ldapu() ?>" form="admin" placeholder="uid">
</p>



<h3>New account creation</h3>

<p class="info">
Users can be registered in LDAP but not have an account in W.
In this case, you can choose to have accounts created by defining the level of these new users.
</p>

<p class="field">
<label for="ldapuserlevel">Level of user that are created.</label>
<select name="ldapuserlevel" id="ldapuserlevel" form="admin">
<option value="0">--don't create new users--</option>
<option value="1" <?= Wcms\Config::ldapuserlevel() === 1 ? 'selected' : '' ?>>reader</option>
<option value="2" <?= Wcms\Config::ldapuserlevel() === 2 ? 'selected' : '' ?>>invite</option>
<option value="3" <?= Wcms\Config::ldapuserlevel() === 3 ? 'selected' : '' ?>>editor</option>
<option value="4" <?= Wcms\Config::ldapuserlevel() === 4 ? 'selected' : '' ?>>super editor</option>
<option value="10" <?= Wcms\Config::ldapuserlevel() === 10 ? 'selected' : '' ?>>admin</option>
</select>
</p>
</div>

</main>

<?php $this->stop('page') ?>

0 comments on commit ebaa62d

Please sign in to comment.