ldap support

This commit is contained in:
Miroslav Šedivý 2020-06-12 00:35:13 +02:00
parent 63e82e911c
commit f6b258321f
3 changed files with 62 additions and 5 deletions

View file

@ -2,6 +2,8 @@ FROM php:7.4-apache
MAINTAINER Miroslav Sedivy
ARG LDAP=false
RUN set -eux; apt-get update; \
apt-get install -y --no-install-recommends \
#
@ -12,9 +14,6 @@ RUN set -eux; apt-get update; \
zlib1g-dev libpng-dev libjpeg-dev \
libwebp-dev libxpm-dev libfreetype6-dev; \
#
# clean up
rm -rf /var/lib/apt/lists/*; \
#
# configure extensions
docker-php-ext-configure gd --enable-gd \
--with-jpeg --with-webp --with-xpm --with-freetype; \
@ -22,8 +21,17 @@ RUN set -eux; apt-get update; \
# install extensions
docker-php-ext-install curl gd pdo pdo_mysql; \
#
# LDAP support
if [ -n "$LDAP" ] && [ "$LDAP" = "true" ]; then \
apt-get install -y --no-install-recommends libldb-dev libldap2-dev; \
docker-php-ext-install ldap; \
fi; \
#
# set up environment
a2enmod rewrite;
a2enmod rewrite; \
#
# clean up
rm -rf /var/lib/apt/lists/*;
#
# copy files

View file

@ -18,7 +18,13 @@ class user
return true;
}
return !empty($_SESSION[User::SESSION_NAME]) && $_SESSION[User::SESSION_NAME] === hash("crc32", Config::get("nick").Config::get_safe("pass", ""), false);
if(Config::get_safe("ldap_enabled", false)){
return !empty($_SESSION[User::SESSION_NAME]) &&
$_SESSION[User::SESSION_NAME] === 'admin';
}
return !empty($_SESSION[User::SESSION_NAME]) &&
$_SESSION[User::SESSION_NAME] === hash("crc32", Config::get("nick").Config::get_safe("pass", ""), false);
}
public static function login($nick, $pass){
@ -30,6 +36,14 @@ class user
throw new Exception(__("You are already logged in."));
}
if(Config::get_safe("ldap_enabled", false)){
return static::LDAP_login($nick, $pass);
} else {
return static::config_login($nick, $pass);
}
}
private static function config_login($nick, $pass){
if(Config::get("nick") === $nick && Config::get_safe("pass", "") === $pass){
$_SESSION[User::SESSION_NAME] = hash("crc32", $nick.$pass, false);
return ["logged_in" => true, "is_visitor" => false];
@ -45,6 +59,34 @@ class user
throw new Exception(__("The nick or password is incorrect."));
}
private static function LDAP_login($nick, $pass){
$ldap_host = Config::get("ldap_host");
$ldap_port = Config::get_safe("ldap_port", 389);
$ldap_admin_dn = Config::get_safe("ldap_admin_dn", false);
$ldap_visitor_dn = Config::get_safe("ldap_visitor_dn", false);
if(!($ds = ldap_connect($ldap_host, $ldap_port))) {
throw new Exception(__("Could not connect to LDAP server."));
}
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
ldap_set_option($ds, LDAP_OPT_NETWORK_TIMEOUT, 10);
if ($ldap_admin_dn !== false && ldap_bind($ds, "cn=".$nick.",".$ldap_admin_dn, $pass)) {
$_SESSION[User::SESSION_NAME] = 'admin';
return ["logged_in" => true, "is_visitor" => false];
}
if ($ldap_visitor_dn !== false && ldap_bind($ds, "cn=".$nick.",".$ldap_visitor_dn, $pass)) {
$_SESSION[User::SESSION_NAME] = 'visitor';
return ["logged_in" => false, "is_visitor" => true];
}
Log::put("login_fails", $nick);
throw new Exception(__("The nick or password is incorrect."));
}
public static function logout(){
if(!Config::get_safe("force_login", false)){
throw new Exception(__("You can't log out. There is no account."));

View file

@ -43,6 +43,13 @@ pass = demo
;visitor[user] = pass
;visitor[user] = pass
;[ldap]
;ldap_enabled = true
;ldap_host = localhost
;ldap_port = 389
;ldap_admin_dn = 'ou=admin,dc=example,dc=org'
;ldap_visitor_dn = 'ou=visitor,dc=example,dc=org'
[directories]
images_path = data/i/
thumbnails_path = data/t/