2nd iteration of the ldap identity manager provider
This commit is contained in:
parent
dd22142107
commit
0963c99eb8
70
modules/ldap/config/gallery.ldif
Normal file
70
modules/ldap/config/gallery.ldif
Normal file
@ -0,0 +1,70 @@
|
|||||||
|
dn: ou=people,dc=gallery,dc=local
|
||||||
|
objectClass: organizationalUnit
|
||||||
|
ou: people
|
||||||
|
|
||||||
|
dn: ou=groups,dc=gallery,dc=local
|
||||||
|
objectClass: organizationalUnit
|
||||||
|
ou: groups
|
||||||
|
|
||||||
|
dn: ou=systems,dc=gallery,dc=local
|
||||||
|
objectClass: organizationalUnit
|
||||||
|
ou: systems
|
||||||
|
|
||||||
|
dn: uid=jdoe,ou=people,dc=gallery,dc=local
|
||||||
|
objectClass: inetOrgPerson
|
||||||
|
objectClass: posixAccount
|
||||||
|
uid: jdoe
|
||||||
|
sn: Doe
|
||||||
|
givenname: John
|
||||||
|
cn: John Doe
|
||||||
|
userpassword: {SSHA}76qIsKTflGM6dj0f5c5olnD9ltKKXAFE
|
||||||
|
displayName: John Doe
|
||||||
|
homeDirectory: /home/jdoe
|
||||||
|
uidnumber: 1000
|
||||||
|
gidnumber: 10000
|
||||||
|
mail: jdoe@gallery.local
|
||||||
|
|
||||||
|
dn: uid=hwallbanger,ou=people,dc=gallery,dc=local
|
||||||
|
objectClass: inetOrgPerson
|
||||||
|
objectClass: posixAccount
|
||||||
|
uid: hwallbanger
|
||||||
|
sn: Wallbanger
|
||||||
|
givenname: Harvey
|
||||||
|
cn: Harvey Wallbanger
|
||||||
|
userpassword: {SSHA}084H+FFr6s/anIoaIhI+O8OaH2u0MIBL
|
||||||
|
displayName: Harvey Wallbanger
|
||||||
|
homeDirectory: /home/hwallbanger
|
||||||
|
uidnumber: 1001
|
||||||
|
gidnumber: 10001
|
||||||
|
mail: hwallbanger@gallery.local
|
||||||
|
|
||||||
|
dn: uid=rnail,ou=people,dc=gallery,dc=local
|
||||||
|
objectClass: inetOrgPerson
|
||||||
|
objectClass: posixAccount
|
||||||
|
uid: rnail
|
||||||
|
sn: Nail
|
||||||
|
givenname: Rusty
|
||||||
|
cn: Rusty Nail
|
||||||
|
userpassword: {SSHA}wXVdpfbP6n9LwoLxrB+NvY2oDN1j/M2z
|
||||||
|
displayName: Rusty Nail
|
||||||
|
homeDirectory: /home/rnail
|
||||||
|
uidnumber: 1002
|
||||||
|
gidnumber: 10001
|
||||||
|
mail: rnail@gallery.local
|
||||||
|
|
||||||
|
dn: cn=admins,ou=groups,dc=gallery,dc=local
|
||||||
|
objectclass: posixGroup
|
||||||
|
cn: admins
|
||||||
|
gidnumber: 10000
|
||||||
|
memberuid: jdoe
|
||||||
|
|
||||||
|
dn: cn=users,ou=groups,dc=gallery,dc=local
|
||||||
|
objectclass: posixGroup
|
||||||
|
cn: users
|
||||||
|
gidnumber: 10001
|
||||||
|
memberuid: jdoe
|
||||||
|
memberuid: hwallbanger
|
||||||
|
memberuid: rnail
|
||||||
|
|
||||||
|
|
||||||
|
|
45
modules/ldap/config/identity.php
Normal file
45
modules/ldap/config/identity.php
Normal file
@ -0,0 +1,45 @@
|
|||||||
|
<?php defined("SYSPATH") or die("No direct script access.");
|
||||||
|
/**
|
||||||
|
* Gallery - a web based photo album viewer and editor
|
||||||
|
* Copyright (C) 2000-2009 Bharat Mediratta
|
||||||
|
*
|
||||||
|
* This program is free software; you can redistribute it and/or modify
|
||||||
|
* it under the terms of the GNU General Public License as published by
|
||||||
|
* the Free Software Foundation; either version 2 of the License, or (at
|
||||||
|
* your option) any later version.
|
||||||
|
*
|
||||||
|
* This program is distributed in the hope that it will be useful, but
|
||||||
|
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||||
|
* General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU General Public License
|
||||||
|
* along with this program; if not, write to the Free Software
|
||||||
|
* Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
|
||||||
|
*/
|
||||||
|
/*
|
||||||
|
* @package Identity
|
||||||
|
*
|
||||||
|
* User settings, defined as arrays, or "groups". If no group name is
|
||||||
|
* used when loading the cache library, the group named "default" will be used.
|
||||||
|
*
|
||||||
|
* Each group can be used independently, and multiple groups can be used at once.
|
||||||
|
*
|
||||||
|
* Group Options:
|
||||||
|
* driver - User backend driver. Gallery comes with Gallery user driver.
|
||||||
|
* allow_updates - Flag to indicate that the back end allows updates.
|
||||||
|
* params - Driver parameters, specific to each driver.
|
||||||
|
*/
|
||||||
|
$config["ldap"] = array(
|
||||||
|
"driver" => "ldap",
|
||||||
|
"allow_updates" => false,
|
||||||
|
"params" => array(
|
||||||
|
"groups" => array("admins", "users", "guest"),
|
||||||
|
"everybody_group" => "guest",
|
||||||
|
"registered_users_group" => "users",
|
||||||
|
"admins" => array("jdoe"),
|
||||||
|
"url" => "ldap://127.0.0./",
|
||||||
|
"group_domain" => "ou=groups,dc=gallery,dc=local",
|
||||||
|
"user_domain" => "ou=people,dc=gallery,dc=local"
|
||||||
|
)
|
||||||
|
);
|
@ -1,64 +0,0 @@
|
|||||||
<?php defined("SYSPATH") or die("No direct script access.");
|
|
||||||
/**
|
|
||||||
* Gallery - a web based photo album viewer and editor
|
|
||||||
* Copyright (C) 2000-2009 Bharat Mediratta
|
|
||||||
*
|
|
||||||
* This program is free software; you can redistribute it and/or modify
|
|
||||||
* it under the terms of the GNU General Public License as published by
|
|
||||||
* the Free Software Foundation; either version 2 of the License, or (at
|
|
||||||
* your option) any later version.
|
|
||||||
*
|
|
||||||
* This program is distributed in the hope that it will be useful, but
|
|
||||||
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
||||||
* General Public License for more details.
|
|
||||||
*
|
|
||||||
* You should have received a copy of the GNU General Public License
|
|
||||||
* along with this program; if not, write to the Free Software
|
|
||||||
* Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
|
|
||||||
*/
|
|
||||||
class Admin_Ldap_Controller extends Admin_Controller {
|
|
||||||
public function index() {
|
|
||||||
$view = new Admin_View("admin.html");
|
|
||||||
$view->content = new View("admin_ldap.html");
|
|
||||||
$view->content->config = Kohana::config("ldap");
|
|
||||||
print $view;
|
|
||||||
}
|
|
||||||
|
|
||||||
public function activate() {
|
|
||||||
access::verify_csrf();
|
|
||||||
|
|
||||||
|
|
||||||
if (module::get_var("gallery", "user_group_storage", "Gallery3") == "Gallery3") {
|
|
||||||
// @todo: we should have an API for these
|
|
||||||
foreach (ORM::factory("group")->find_all() as $group) {
|
|
||||||
$group->delete();
|
|
||||||
}
|
|
||||||
foreach (ORM::factory("user")->find_all() as $user) {
|
|
||||||
$user->delete();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// Create LDAP groups
|
|
||||||
foreach (Kohana::config("ldap.groups") as $group_name) {
|
|
||||||
$group = ldap::lookup_group_by_name($group_name);
|
|
||||||
module::event("group_created", $group);
|
|
||||||
}
|
|
||||||
|
|
||||||
// Fix up permissions.
|
|
||||||
$root = item::root();
|
|
||||||
$everybody = ldap::everybody_group();
|
|
||||||
access::allow($everybody, "view", $root);
|
|
||||||
access::allow($everybody, "view_full", $root);
|
|
||||||
$registered_users = ldap::registered_users_group();
|
|
||||||
access::allow($registered_users, "view", $root);
|
|
||||||
access::allow($registered_users, "view_full", $root);
|
|
||||||
|
|
||||||
// Switch authentication
|
|
||||||
module::set_var("gallery", "user_group_storage", "Ldap");
|
|
||||||
|
|
||||||
// Logout and go back to the top level
|
|
||||||
user::logout();
|
|
||||||
url::redirect(item::root()->abs_url());
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,115 +0,0 @@
|
|||||||
<?php defined("SYSPATH") or die("No direct script access.");
|
|
||||||
/**
|
|
||||||
* Gallery - a web based photo album viewer and editor
|
|
||||||
* Copyright (C) 2000-2009 Bharat Mediratta
|
|
||||||
*
|
|
||||||
* This program is free software; you can redistribute it and/or modify
|
|
||||||
* it under the terms of the GNU General Public License as published by
|
|
||||||
* the Free Software Foundation; either version 2 of the License, or (at
|
|
||||||
* your option) any later version.
|
|
||||||
*
|
|
||||||
* This program is distributed in the hope that it will be useful, but
|
|
||||||
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
||||||
* General Public License for more details.
|
|
||||||
*
|
|
||||||
* You should have received a copy of the GNU General Public License
|
|
||||||
* along with this program; if not, write to the Free Software
|
|
||||||
* Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
|
|
||||||
*/
|
|
||||||
class ldap_Core {
|
|
||||||
private static $connection;
|
|
||||||
|
|
||||||
static function connection() {
|
|
||||||
if (!isset(self::$connection)) {
|
|
||||||
self::$connection = ldap_connect(Kohana::config("ldap.url"));
|
|
||||||
ldap_bind(self::$connection);
|
|
||||||
}
|
|
||||||
return self::$connection;
|
|
||||||
}
|
|
||||||
|
|
||||||
static function lookup_group_by_name($name) {
|
|
||||||
|
|
||||||
$result = ldap_search(ldap::connection(),
|
|
||||||
Kohana::config("ldap.group_domain"),
|
|
||||||
"cn=$name");
|
|
||||||
$entry_id = ldap_first_entry(ldap::connection(), $result);
|
|
||||||
if ($entry_id) {
|
|
||||||
$cn_entry = ldap_get_values(ldap::connection(), $entry_id, "cn");
|
|
||||||
$gid_number_entry = ldap_get_values(ldap::connection(), $entry_id, "gidNumber");
|
|
||||||
return new Ldap_Group_Model($gid_number_entry[0], $cn_entry[0]);
|
|
||||||
}
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
|
|
||||||
static function lookup_group($id) {
|
|
||||||
$result = ldap_search(ldap::connection(),
|
|
||||||
Kohana::config("ldap.group_domain"),
|
|
||||||
"gidNumber=$id");
|
|
||||||
$entry_id = ldap_first_entry(ldap::connection(), $result);
|
|
||||||
if ($entry_id) {
|
|
||||||
$cn_entry = ldap_get_values(ldap::connection(), $entry_id, "cn");
|
|
||||||
return new Ldap_Group_Model($id, $cn_entry[0]);
|
|
||||||
}
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
|
|
||||||
static function lookup_user_by_name($name) {
|
|
||||||
$result = ldap_search(ldap::connection(),
|
|
||||||
Kohana::config("ldap.user_domain"),
|
|
||||||
"uid=$name");
|
|
||||||
$entries = ldap_get_entries(ldap::connection(), $result);
|
|
||||||
if ($entries["count"] > 0) {
|
|
||||||
return new Ldap_User_Model($entries[0]);
|
|
||||||
}
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
|
|
||||||
static function lookup_user($id) {
|
|
||||||
$result = ldap_search(ldap::connection(),
|
|
||||||
Kohana::config("ldap.user_domain"),
|
|
||||||
"uidNumber=$id");
|
|
||||||
$entries = ldap_get_entries(ldap::connection(), $result);
|
|
||||||
if ($entries["count"] > 0) {
|
|
||||||
return new Ldap_User_Model($entries[0]);
|
|
||||||
}
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
|
|
||||||
static function validate_group($input) {
|
|
||||||
if (!self::lookup_group_by_name($input->value)) {
|
|
||||||
$input->add_error("invalid_group", 1);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
static function groups_for($user) {
|
|
||||||
$result = ldap_search(ldap::connection(),
|
|
||||||
Kohana::config("ldap.group_domain"),
|
|
||||||
"(memberUid=$user->name)");
|
|
||||||
|
|
||||||
$associated_groups = Kohana::config("ldap.groups");
|
|
||||||
$groups = array();
|
|
||||||
for ($entry_id = ldap_first_entry(ldap::connection(), $result);
|
|
||||||
$entry_id != false;
|
|
||||||
$entry_id = ldap_next_entry(ldap::connection(), $entry_id)) {
|
|
||||||
$group_id = ldap_get_values(ldap::connection(), $entry_id, "gidNumber");
|
|
||||||
$group_name = ldap_get_values(ldap::connection(), $entry_id, "cn");
|
|
||||||
if (in_array($group_name[0], $associated_groups)) {
|
|
||||||
$groups[] = new Ldap_Group_Model($group_id[0], $group_name[0]);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return $groups;
|
|
||||||
}
|
|
||||||
|
|
||||||
static function guest() {
|
|
||||||
return new Ldap_Guest_Model();
|
|
||||||
}
|
|
||||||
|
|
||||||
public function everybody_group() {
|
|
||||||
return ldap::lookup_group_by_name(Kohana::config("ldap.everybody_group"));
|
|
||||||
}
|
|
||||||
|
|
||||||
public function registered_users_group() {
|
|
||||||
return ldap::lookup_group_by_name(Kohana::config("ldap.registered_users_group"));
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,28 +0,0 @@
|
|||||||
<?php defined("SYSPATH") or die("No direct script access.");
|
|
||||||
/**
|
|
||||||
* Gallery - a web based photo album viewer and editor
|
|
||||||
* Copyright (C) 2000-2009 Bharat Mediratta
|
|
||||||
*
|
|
||||||
* This program is free software; you can redistribute it and/or modify
|
|
||||||
* it under the terms of the GNU General Public License as published by
|
|
||||||
* the Free Software Foundation; either version 2 of the License, or (at
|
|
||||||
* your option) any later version.
|
|
||||||
*
|
|
||||||
* This program is distributed in the hope that it will be useful, but
|
|
||||||
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
||||||
* General Public License for more details.
|
|
||||||
*
|
|
||||||
* You should have received a copy of the GNU General Public License
|
|
||||||
* along with this program; if not, write to the Free Software
|
|
||||||
* Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
|
|
||||||
*/
|
|
||||||
class ldap_event_Core {
|
|
||||||
static function admin_menu($menu, $theme) {
|
|
||||||
$menu->get("settings_menu")
|
|
||||||
->append(Menu::factory("link")
|
|
||||||
->id("ldap")
|
|
||||||
->label(t("LDAP"))
|
|
||||||
->url(url::site("admin/ldap")));
|
|
||||||
}
|
|
||||||
}
|
|
@ -17,20 +17,24 @@
|
|||||||
* along with this program; if not, write to the Free Software
|
* along with this program; if not, write to the Free Software
|
||||||
* Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
|
* Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
|
||||||
*/
|
*/
|
||||||
class Ldap_Guest_Model {
|
class ldap_installer {
|
||||||
public $id = 0;
|
static function install() {
|
||||||
public $guest = true;
|
}
|
||||||
public $admin = false;
|
|
||||||
public $locale = null;
|
|
||||||
public $name = "Guest";
|
|
||||||
|
|
||||||
public function __get($key) {
|
static function uninstall() {
|
||||||
switch($key) {
|
// Delete all users and groups so that we give other modules an opportunity to clean up
|
||||||
case "groups":
|
foreach (ORM::factory("user")->find_all() as $user) {
|
||||||
return array(ldap::everybody_group());
|
$user->delete();
|
||||||
|
}
|
||||||
|
|
||||||
default:
|
foreach (ORM::factory("group")->find_all() as $group) {
|
||||||
throw new Exception("@todo UNKNOWN_KEY ($key)");
|
$group->delete();
|
||||||
|
}
|
||||||
|
|
||||||
|
try {
|
||||||
|
Session::instance()->destroy();
|
||||||
|
} catch (Exception $e) {
|
||||||
|
// We don't care if there was a problem destroying the session.
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
223
modules/ldap/libraries/drivers/Identity/Ldap.php
Normal file
223
modules/ldap/libraries/drivers/Identity/Ldap.php
Normal file
@ -0,0 +1,223 @@
|
|||||||
|
<?php defined("SYSPATH") or die("No direct script access.");
|
||||||
|
/**
|
||||||
|
* Gallery - a web based photo album viewer and editor
|
||||||
|
* Copyright (C) 2000-2009 Bharat Mediratta
|
||||||
|
*
|
||||||
|
* This program is free software; you can redistribute it and/or modify
|
||||||
|
* it under the terms of the GNU General Public License as published by
|
||||||
|
* the Free Software Foundation; either version 2 of the License, or (at
|
||||||
|
* your option) any later version.
|
||||||
|
*
|
||||||
|
* This program is distributed in the hope that it will be useful, but
|
||||||
|
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||||
|
* General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU General Public License
|
||||||
|
* along with this program; if not, write to the Free Software
|
||||||
|
* Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
|
||||||
|
*/
|
||||||
|
class Identity_Ldap_Driver implements Identity_Driver {
|
||||||
|
private static $_params;
|
||||||
|
private static $_connection;
|
||||||
|
private static $_guest_user;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Initializes the LDAP Driver
|
||||||
|
*
|
||||||
|
* @return void
|
||||||
|
*/
|
||||||
|
public function __construct($params) {
|
||||||
|
self::$_params = $params;
|
||||||
|
self::$_connection = ldap_connect($this->_params["url"]);
|
||||||
|
ldap_bind(self::$_connection);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @see Identity_Driver::guest.
|
||||||
|
*/
|
||||||
|
public function guest() {
|
||||||
|
if (empty(self::$_guest_user)) {
|
||||||
|
self::$_guest_user = new Ldap_User();
|
||||||
|
self::$_guest_user->id = 0;
|
||||||
|
self::$_guest_user->name = "Guest";
|
||||||
|
self::$_guest_user->guest = true;
|
||||||
|
self::$_guest_user->admin = false;
|
||||||
|
self::$_guest_user->locale = null;
|
||||||
|
self::$_guest_user->groups = array($this->everybody());
|
||||||
|
}
|
||||||
|
return self::$_guest_user;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @see Identity_Driver::create_user.
|
||||||
|
*/
|
||||||
|
public function create_user($name, $full_name, $password) {
|
||||||
|
throw new Exception("@todo INVALID OPERATION");
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @see Identity_Driver::is_correct_password.
|
||||||
|
*/
|
||||||
|
public function is_correct_password($user, $password) {
|
||||||
|
$valid = $user->password;
|
||||||
|
|
||||||
|
// Try phpass first, since that's what we generate.
|
||||||
|
if (strlen($valid) == 34) {
|
||||||
|
require_once(MODPATH . "user/lib/PasswordHash.php");
|
||||||
|
$hashGenerator = new PasswordHash(10, true);
|
||||||
|
return $hashGenerator->CheckPassword($password, $valid);
|
||||||
|
}
|
||||||
|
|
||||||
|
$salt = substr($valid, 0, 4);
|
||||||
|
// Support both old (G1 thru 1.4.0; G2 thru alpha-4) and new password schemes:
|
||||||
|
$guess = (strlen($valid) == 32) ? md5($password) : ($salt . md5($salt . $password));
|
||||||
|
if (!strcmp($guess, $valid)) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Passwords with <&"> created by G2 prior to 2.1 were hashed with entities
|
||||||
|
$sanitizedPassword = html::specialchars($password, false);
|
||||||
|
$guess = (strlen($valid) == 32) ? md5($sanitizedPassword)
|
||||||
|
: ($salt . md5($salt . $sanitizedPassword));
|
||||||
|
if (!strcmp($guess, $valid)) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @see Identity_Driver::lookup_user.
|
||||||
|
*/
|
||||||
|
public function lookup_user($id) {
|
||||||
|
$result = ldap_search(self::$_connection, self::$_params["user_domain"], "uidNumber=$id");
|
||||||
|
$entries = ldap_get_entries(self::$_connection, $result);
|
||||||
|
if ($entries["count"] > 0) {
|
||||||
|
$cn_entry = ldap_get_values(self::$_connection, $entry_id, "cn");
|
||||||
|
return new Ldap_User($entries[0]);
|
||||||
|
}
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @see Identity_Driver::lookup_user_by_name.
|
||||||
|
*/
|
||||||
|
public function lookup_user_by_name($name) {
|
||||||
|
$result = ldap_search(self::$_connection, self::$_params["user_domain"], "uid=$name");
|
||||||
|
$entries = ldap_get_entries(self::$_connection, $result);
|
||||||
|
if ($entries["count"] > 0) {
|
||||||
|
$cn_entry = ldap_get_values(self::$_connection, $entry_id, "cn");
|
||||||
|
return new Ldap_User($entries[0]);
|
||||||
|
}
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @see Identity_Driver::create_group.
|
||||||
|
*/
|
||||||
|
public function create_group($name) {
|
||||||
|
throw new Exception("@todo INVALID OPERATION");
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @see Identity_Driver::everybody.
|
||||||
|
*/
|
||||||
|
public function everybody() {
|
||||||
|
return ldap::lookup_group_by_name(self::$_params["everybody_group"]);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @see Identity_Driver::registered_users.
|
||||||
|
*/
|
||||||
|
public function registered_users() {
|
||||||
|
return ldap::lookup_group_by_name(self::$_params["registered_users_group"]);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @see Identity_Driver::lookup_group_by_name.
|
||||||
|
*/
|
||||||
|
static function lookup_group_by_name($name) {
|
||||||
|
$result = ldap_search(self::$_connection, self::$_params["group_domain"], "cn=$name");
|
||||||
|
$entry_id = ldap_first_entry(, $result);
|
||||||
|
if ($entry_id) {
|
||||||
|
$cn_entry = ldap_get_values(self::$_connection, $entry_id, "cn");
|
||||||
|
$gid_number_entry = ldap_get_values(self::$_connection, $entry_id, "gidNumber");
|
||||||
|
return new Ldap_Group_Model($gid_number_entry[0], $cn_entry[0]);
|
||||||
|
}
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @see Identity_Driver::get_user_list.
|
||||||
|
*/
|
||||||
|
public function get_user_list($ids) {
|
||||||
|
throw new Exception("@todo NOT IMPLEMENTED");
|
||||||
|
}
|
||||||
|
|
||||||
|
static function groups_for($user) {
|
||||||
|
$result = ldap_search(self::$_connection, self::$_params["group_domain"],
|
||||||
|
"(memberUid=$user->name)");
|
||||||
|
|
||||||
|
$associated_groups = Kohana::config("ldap.groups");
|
||||||
|
$groups = array();
|
||||||
|
for ($entry_id = ldap_first_entry(self::$_connection, $result);
|
||||||
|
$entry_id != false;
|
||||||
|
$entry_id = ldap_next_entry(self::$_connection, $entry_id)) {
|
||||||
|
$group_id = ldap_get_values(self::$_connection, $entry_id, "gidNumber");
|
||||||
|
$group_name = ldap_get_values(self::$_connection, $entry_id, "cn");
|
||||||
|
if (in_array($group_name[0], $associated_groups)) {
|
||||||
|
$groups[] = new Ldap_Group($group_id[0], $group_name[0]);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return $groups;
|
||||||
|
}
|
||||||
|
} // End Identity Gallery Driver
|
||||||
|
|
||||||
|
class Ldap_User implements User_Definition {
|
||||||
|
private $ldap_entry;
|
||||||
|
|
||||||
|
public function __construct($ldap_entry=null) {
|
||||||
|
$this->ldap_entry = $ldap_entry;
|
||||||
|
}
|
||||||
|
|
||||||
|
public function display_name() {
|
||||||
|
return $this->ldap_entry["displayname"][0];
|
||||||
|
}
|
||||||
|
|
||||||
|
public function __get($key) {
|
||||||
|
switch($key) {
|
||||||
|
case "name":
|
||||||
|
return $this->ldap_entry["uid"][0];
|
||||||
|
|
||||||
|
case "guest":
|
||||||
|
return false;
|
||||||
|
|
||||||
|
case "id":
|
||||||
|
return $this->ldap_entry["uidnumber"][0];
|
||||||
|
|
||||||
|
case "groups":
|
||||||
|
return Identity_Ldap::Driver::groups_for($this);
|
||||||
|
|
||||||
|
case "locale": // @todo
|
||||||
|
return null;
|
||||||
|
|
||||||
|
case "admin":
|
||||||
|
return in_array($this->ldap_entry["uid"][0], Kohana::config("ldap.admins"));
|
||||||
|
|
||||||
|
default:
|
||||||
|
throw new Exception("@todo UNKNOWN_KEY ($key)");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
class Ldap_Group implements Group_Definition {
|
||||||
|
public $id;
|
||||||
|
public $name;
|
||||||
|
|
||||||
|
public function __construct($id, $name) {
|
||||||
|
$this->id = $id;
|
||||||
|
$this->name = $name;
|
||||||
|
$this->special = false;
|
||||||
|
}
|
||||||
|
}
|
@ -1,28 +0,0 @@
|
|||||||
<?php defined("SYSPATH") or die("No direct script access.");
|
|
||||||
/**
|
|
||||||
* Gallery - a web based photo album viewer and editor
|
|
||||||
* Copyright (C) 2000-2009 Bharat Mediratta
|
|
||||||
*
|
|
||||||
* This program is free software; you can redistribute it and/or modify
|
|
||||||
* it under the terms of the GNU General Public License as published by
|
|
||||||
* the Free Software Foundation; either version 2 of the License, or (at
|
|
||||||
* your option) any later version.
|
|
||||||
*
|
|
||||||
* This program is distributed in the hope that it will be useful, but
|
|
||||||
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
||||||
* General Public License for more details.
|
|
||||||
*
|
|
||||||
* You should have received a copy of the GNU General Public License
|
|
||||||
* along with this program; if not, write to the Free Software
|
|
||||||
* Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
|
|
||||||
*/
|
|
||||||
class Ldap_Group_Model {
|
|
||||||
public $id;
|
|
||||||
public $name;
|
|
||||||
|
|
||||||
public function __construct($id, $name) {
|
|
||||||
$this->id = $id;
|
|
||||||
$this->name = $name;
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,58 +0,0 @@
|
|||||||
<?php defined("SYSPATH") or die("No direct script access.");
|
|
||||||
/**
|
|
||||||
* Gallery - a web based photo album viewer and editor
|
|
||||||
* Copyright (C) 2000-2009 Bharat Mediratta
|
|
||||||
*
|
|
||||||
* This program is free software; you can redistribute it and/or modify
|
|
||||||
* it under the terms of the GNU General Public License as published by
|
|
||||||
* the Free Software Foundation; either version 2 of the License, or (at
|
|
||||||
* your option) any later version.
|
|
||||||
*
|
|
||||||
* This program is distributed in the hope that it will be useful, but
|
|
||||||
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
||||||
* General Public License for more details.
|
|
||||||
*
|
|
||||||
* You should have received a copy of the GNU General Public License
|
|
||||||
* along with this program; if not, write to the Free Software
|
|
||||||
* Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
|
|
||||||
*/
|
|
||||||
class Ldap_User_Model {
|
|
||||||
private $ldap_entry;
|
|
||||||
|
|
||||||
public function __construct($ldap_entry) {
|
|
||||||
$this->ldap_entry = $ldap_entry;
|
|
||||||
}
|
|
||||||
|
|
||||||
public function display_name() {
|
|
||||||
return $this->ldap_entry["displayname"][0];
|
|
||||||
}
|
|
||||||
|
|
||||||
public function __get($key) {
|
|
||||||
switch($key) {
|
|
||||||
case "name":
|
|
||||||
return $this->ldap_entry["uid"][0];
|
|
||||||
|
|
||||||
case "guest":
|
|
||||||
return false;
|
|
||||||
|
|
||||||
case "login_count":
|
|
||||||
return 0;
|
|
||||||
|
|
||||||
case "id":
|
|
||||||
return $this->ldap_entry["uidnumber"][0];
|
|
||||||
|
|
||||||
case "groups":
|
|
||||||
return ldap::groups_for($this);
|
|
||||||
|
|
||||||
case "locale": // @todo
|
|
||||||
return null;
|
|
||||||
|
|
||||||
case "admin":
|
|
||||||
return in_array($this->ldap_entry["uid"][0], Kohana::config("ldap.admins"));
|
|
||||||
|
|
||||||
default:
|
|
||||||
throw new Exception("@todo UNKNOWN_KEY ($key)");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,60 +0,0 @@
|
|||||||
<?php defined("SYSPATH") or die("No direct script access.") ?>
|
|
||||||
<div id="gAdminLdap">
|
|
||||||
<h1> <?= t("LDAP Configuration") ?> </h1>
|
|
||||||
<p>
|
|
||||||
<?= t("LDAP is an alternate authentication system. When you switch to it, all your Gallery3 users and groups <b>will be deleted</b> and you'll use users and groups from your LDAP directory.") ?>
|
|
||||||
</p>
|
|
||||||
|
|
||||||
<p>
|
|
||||||
<?= t("Your current LDAP configuration is:") ?>
|
|
||||||
</p>
|
|
||||||
<table>
|
|
||||||
<tr>
|
|
||||||
<td>
|
|
||||||
<?= t("Base LDAP url") ?>
|
|
||||||
</td>
|
|
||||||
<td>
|
|
||||||
<?= $config["url"] ?>
|
|
||||||
</td>
|
|
||||||
</tr>
|
|
||||||
<tr>
|
|
||||||
<td>
|
|
||||||
<?= t("Group LDAP Domain") ?>
|
|
||||||
</td>
|
|
||||||
<td>
|
|
||||||
<?= $config["group_domain"] ?>
|
|
||||||
</td>
|
|
||||||
</tr>
|
|
||||||
<tr>
|
|
||||||
<td>
|
|
||||||
<?= t("User LDAP Domain") ?>
|
|
||||||
</td>
|
|
||||||
<td>
|
|
||||||
<?= $config["user_domain"] ?>
|
|
||||||
</td>
|
|
||||||
</tr>
|
|
||||||
<tr>
|
|
||||||
<td>
|
|
||||||
<?= t("Groups") ?>
|
|
||||||
</td>
|
|
||||||
<td>
|
|
||||||
<?= join(", ", $config["groups"]) ?>
|
|
||||||
</td>
|
|
||||||
</tr>
|
|
||||||
<tr>
|
|
||||||
<td>
|
|
||||||
<?= t("Admin users") ?>
|
|
||||||
</td>
|
|
||||||
<td>
|
|
||||||
<?= join(", ", $config["admins"]) ?>
|
|
||||||
</td>
|
|
||||||
</tr>
|
|
||||||
</table>
|
|
||||||
|
|
||||||
<h2> <?= t("LDAP is not currently active") ?> </h2>
|
|
||||||
<p>
|
|
||||||
<?= t("Upon activation, all existing users and groups will be deleted. The groups listed above and all available users will be associated with Gallery 3. You will be logged in as the <b>%username</b> user. <b>There is no undo!</b>", array("username" => $config["admins"][0])) ?>
|
|
||||||
</p>
|
|
||||||
|
|
||||||
<a href="<?= url::site("admin/ldap/activate?csrf=$csrf") ?>">activate</a>
|
|
||||||
</div>
|
|
Reference in New Issue
Block a user