Commit 32c8213e404641e40ea8682795dcfc208f735809
1 parent
59103cfb
KTS-2772
"CLONE -LDAP / Active Directory Authentication incorrect fields returned(SUP-521)" Fixed. Rearranged the attributes retrieved from either directory to match the user's fields correctly. Committed by: Megan Watson Reviewed by: Conrad Vermeulen git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@7913 c91229c3-7414-0410-bfa2-8a42b809f60b
Showing
4 changed files
with
45 additions
and
39 deletions
plugins/ktstandard/ldap/activedirectoryauthenticationprovider.inc.php
| ... | ... | @@ -5,32 +5,32 @@ |
| 5 | 5 | * KnowledgeTree Open Source Edition |
| 6 | 6 | * Document Management Made Simple |
| 7 | 7 | * Copyright (C) 2004 - 2007 The Jam Warehouse Software (Pty) Limited |
| 8 | - * | |
| 8 | + * | |
| 9 | 9 | * This program is free software; you can redistribute it and/or modify it under |
| 10 | 10 | * the terms of the GNU General Public License version 3 as published by the |
| 11 | 11 | * Free Software Foundation. |
| 12 | - * | |
| 12 | + * | |
| 13 | 13 | * This program is distributed in the hope that it will be useful, but WITHOUT |
| 14 | 14 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS |
| 15 | 15 | * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more |
| 16 | 16 | * details. |
| 17 | - * | |
| 17 | + * | |
| 18 | 18 | * You should have received a copy of the GNU General Public License |
| 19 | 19 | * along with this program. If not, see <http://www.gnu.org/licenses/>. |
| 20 | - * | |
| 20 | + * | |
| 21 | 21 | * You can contact The Jam Warehouse Software (Pty) Limited, Unit 1, Tramber Place, |
| 22 | 22 | * Blake Street, Observatory, 7925 South Africa. or email info@knowledgetree.com. |
| 23 | - * | |
| 23 | + * | |
| 24 | 24 | * The interactive user interfaces in modified source and object code versions |
| 25 | 25 | * of this program must display Appropriate Legal Notices, as required under |
| 26 | 26 | * Section 5 of the GNU General Public License version 3. |
| 27 | - * | |
| 27 | + * | |
| 28 | 28 | * In accordance with Section 7(b) of the GNU General Public License version 3, |
| 29 | 29 | * these Appropriate Legal Notices must retain the display of the "Powered by |
| 30 | - * KnowledgeTree" logo and retain the original copyright notice. If the display of the | |
| 30 | + * KnowledgeTree" logo and retain the original copyright notice. If the display of the | |
| 31 | 31 | * logo is not reasonably feasible for technical reasons, the Appropriate Legal Notices |
| 32 | - * must display the words "Powered by KnowledgeTree" and retain the original | |
| 33 | - * copyright notice. | |
| 32 | + * must display the words "Powered by KnowledgeTree" and retain the original | |
| 33 | + * copyright notice. | |
| 34 | 34 | * Contributor( s): ______________________________________ |
| 35 | 35 | * |
| 36 | 36 | */ |
| ... | ... | @@ -40,20 +40,21 @@ require_once(KT_LIB_DIR . '/authentication/Authenticator.inc'); |
| 40 | 40 | require_once(KT_DIR . '/plugins/ktstandard/ldap/ldapbaseauthenticationprovider.inc.php'); |
| 41 | 41 | |
| 42 | 42 | class KTActiveDirectoryAuthenticationProvider extends KTLDAPBaseAuthenticationProvider { |
| 43 | - var $sNamespace = "ktstandard.authentication.adprovider"; | |
| 43 | + var $sNamespace = 'ktstandard.authentication.adprovider'; | |
| 44 | 44 | |
| 45 | 45 | var $bGroupSource = true; |
| 46 | 46 | |
| 47 | - var $sAuthenticatorClass = "KTActiveDirectoryAuthenticator"; | |
| 48 | - var $aAttributes = array ("cn", "samaccountname", "givenname", "sn", "userprincipalname", "telephonenumber"); | |
| 47 | + var $sAuthenticatorClass = 'KTActiveDirectoryAuthenticator'; | |
| 48 | + var $aAttributes = array ('cn', 'samaccountname', 'givenname', 'sn', 'mail', 'telephonenumber', 'userprincipalname'); | |
| 49 | 49 | |
| 50 | 50 | function KTActiveDirectoryAuthenticationProvider() { |
| 51 | - $this->sName = _kt("ActiveDirectory authentication provider"); | |
| 51 | + $this->sName = _kt('ActiveDirectory authentication provider'); | |
| 52 | 52 | parent::KTLDAPBaseAuthenticationProvider(); |
| 53 | 53 | } |
| 54 | 54 | } |
| 55 | 55 | |
| 56 | 56 | class KTActiveDirectoryAuthenticator extends KTLDAPBaseAuthenticator { |
| 57 | - var $aAttributes = array ("cn", "samaccountname", "givenname", "sn", "userprincipalname", "telephonenumber"); | |
| 57 | + var $aAttributes = array ('cn', 'samaccountname', 'givenname', 'sn', 'mail', 'telephonenumber', 'userprincipalname'); | |
| 58 | 58 | } |
| 59 | 59 | |
| 60 | +?> | |
| 60 | 61 | \ No newline at end of file | ... | ... |
plugins/ktstandard/ldap/ldapauthenticationprovider.inc.php
| ... | ... | @@ -5,32 +5,32 @@ |
| 5 | 5 | * KnowledgeTree Open Source Edition |
| 6 | 6 | * Document Management Made Simple |
| 7 | 7 | * Copyright (C) 2004 - 2007 The Jam Warehouse Software (Pty) Limited |
| 8 | - * | |
| 8 | + * | |
| 9 | 9 | * This program is free software; you can redistribute it and/or modify it under |
| 10 | 10 | * the terms of the GNU General Public License version 3 as published by the |
| 11 | 11 | * Free Software Foundation. |
| 12 | - * | |
| 12 | + * | |
| 13 | 13 | * This program is distributed in the hope that it will be useful, but WITHOUT |
| 14 | 14 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS |
| 15 | 15 | * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more |
| 16 | 16 | * details. |
| 17 | - * | |
| 17 | + * | |
| 18 | 18 | * You should have received a copy of the GNU General Public License |
| 19 | 19 | * along with this program. If not, see <http://www.gnu.org/licenses/>. |
| 20 | - * | |
| 20 | + * | |
| 21 | 21 | * You can contact The Jam Warehouse Software (Pty) Limited, Unit 1, Tramber Place, |
| 22 | 22 | * Blake Street, Observatory, 7925 South Africa. or email info@knowledgetree.com. |
| 23 | - * | |
| 23 | + * | |
| 24 | 24 | * The interactive user interfaces in modified source and object code versions |
| 25 | 25 | * of this program must display Appropriate Legal Notices, as required under |
| 26 | 26 | * Section 5 of the GNU General Public License version 3. |
| 27 | - * | |
| 27 | + * | |
| 28 | 28 | * In accordance with Section 7(b) of the GNU General Public License version 3, |
| 29 | 29 | * these Appropriate Legal Notices must retain the display of the "Powered by |
| 30 | - * KnowledgeTree" logo and retain the original copyright notice. If the display of the | |
| 30 | + * KnowledgeTree" logo and retain the original copyright notice. If the display of the | |
| 31 | 31 | * logo is not reasonably feasible for technical reasons, the Appropriate Legal Notices |
| 32 | - * must display the words "Powered by KnowledgeTree" and retain the original | |
| 33 | - * copyright notice. | |
| 32 | + * must display the words "Powered by KnowledgeTree" and retain the original | |
| 33 | + * copyright notice. | |
| 34 | 34 | * Contributor( s): ______________________________________ |
| 35 | 35 | * |
| 36 | 36 | */ |
| ... | ... | @@ -41,19 +41,20 @@ require_once('Net/LDAP.php'); |
| 41 | 41 | require_once(KT_DIR . '/plugins/ktstandard/ldap/ldapbaseauthenticationprovider.inc.php'); |
| 42 | 42 | |
| 43 | 43 | class KTLDAPAuthenticationProvider extends KTLDAPBaseAuthenticationProvider { |
| 44 | - var $sNamespace = "ktstandard.authentication.ldapprovider"; | |
| 44 | + var $sNamespace = 'ktstandard.authentication.ldapprovider'; | |
| 45 | 45 | |
| 46 | - var $aAttributes = array ("cn", "uid", "givenname", "sn", "mail", "mobile"); | |
| 47 | - var $sAuthenticatorClass = "KTLDAPAuthenticator"; | |
| 46 | + var $aAttributes = array ('cn', 'samaccountname', 'givenname', 'sn', 'mail', 'mobile', 'userprincipalname', 'uid'); | |
| 47 | + var $sAuthenticatorClass = 'KTLDAPAuthenticator'; | |
| 48 | 48 | |
| 49 | 49 | function KTLDAPAuthenticationProvider() { |
| 50 | - $this->sName = _kt("LDAP authentication provider"); | |
| 50 | + $this->sName = _kt('LDAP authentication provider'); | |
| 51 | 51 | parent::KTLDAPBaseAuthenticationProvider(); |
| 52 | 52 | } |
| 53 | 53 | |
| 54 | 54 | } |
| 55 | 55 | |
| 56 | 56 | class KTLDAPAuthenticator extends KTLDAPBaseAuthenticator { |
| 57 | - var $aAttributes = array ("cn", "uid", "givenname", "sn", "mail", "mobile"); | |
| 57 | + var $aAttributes = array ('cn', 'samaccountname', 'givenname', 'sn', 'mail', 'mobile', 'userprincipalname', 'uid'); | |
| 58 | 58 | } |
| 59 | 59 | |
| 60 | +?> | |
| 60 | 61 | \ No newline at end of file | ... | ... |
plugins/ktstandard/ldap/ldapbaseauthenticationprovider.inc.php
| ... | ... | @@ -39,11 +39,11 @@ require_once(KT_LIB_DIR . '/authentication/authenticationprovider.inc.php'); |
| 39 | 39 | require_once(KT_LIB_DIR . '/authentication/Authenticator.inc'); |
| 40 | 40 | |
| 41 | 41 | class KTLDAPBaseAuthenticationProvider extends KTAuthenticationProvider { |
| 42 | - var $sName = "LDAP authentication provider"; | |
| 43 | - var $sNamespace = "ktstandard.authentication.ldapprovider"; | |
| 42 | + var $sName = 'LDAP authentication provider'; | |
| 43 | + var $sNamespace = 'ktstandard.authentication.ldapprovider'; | |
| 44 | 44 | |
| 45 | - var $aAttributes = array ("cn", "uid", "givenname", "sn", "mail", "mobile"); | |
| 46 | - var $aMembershipAttributes = array ("memberOf"); | |
| 45 | + var $aAttributes = array ('cn', 'samaccountname', 'givenname', 'sn', 'mail', 'mobile', 'userprincipalname', 'uid'); | |
| 46 | + var $aMembershipAttributes = array ('memberOf'); | |
| 47 | 47 | |
| 48 | 48 | // {{{ KTLDAPBaseAuthenticationProvider |
| 49 | 49 | function KTLDAPBaseAuthenticationProvider() { |
| ... | ... | @@ -281,10 +281,13 @@ class KTLDAPBaseAuthenticationProvider extends KTAuthenticationProvider { |
| 281 | 281 | $this->oValidator->notError($aResults); |
| 282 | 282 | |
| 283 | 283 | $sUserName = $aResults[$this->aAttributes[1]]; |
| 284 | - // With LDAP, if the 'uid' is null then try using the 'givenname' instead. | |
| 285 | - // See activedirectoryauthenticationprovider.inc.php and ldapauthenticationprovider.inc.php for details. | |
| 286 | - if($this->sAuthenticatorClass == "KTLDAPAuthenticator" && empty($sUserName)) { | |
| 287 | - $sUserName = strtolower($aResults[$this->aAttributes[2]]); | |
| 284 | + | |
| 285 | + // If the SAMAccountName is empty then use the UserPrincipalName (UPN) to find the username. | |
| 286 | + // The UPN is normally the username @ the internet domain | |
| 287 | + if(empty($sUserName)) { | |
| 288 | + $sUpn = $aResults[$this->aAttributes[6]]; | |
| 289 | + $aUpn = explode('@', $sUpn); | |
| 290 | + $sUserName = $aUpn[0]; | |
| 288 | 291 | } |
| 289 | 292 | |
| 290 | 293 | $fields = array(); |
| ... | ... | @@ -447,12 +450,12 @@ class KTLDAPBaseAuthenticationProvider extends KTAuthenticationProvider { |
| 447 | 450 | } |
| 448 | 451 | $aSearchDNs[$k] = "'".$aSearchResults[$k]['dn']."'"; |
| 449 | 452 | } |
| 450 | - | |
| 453 | + | |
| 451 | 454 | $sDNs = implode(',', $aSearchDNs); |
| 452 | 455 | $query = "SELECT id, authentication_details_s1 AS dn FROM users |
| 453 | 456 | WHERE authentication_details_s1 IN ($sDNs)"; |
| 454 | 457 | $aCurUsers = DBUtil::getResultArray($query); |
| 455 | - | |
| 458 | + | |
| 456 | 459 | // If the user has already been added, then remove from the list |
| 457 | 460 | if(!PEAR::isError($aCurUsers) && !empty($aCurUsers)){ |
| 458 | 461 | foreach($aCurUsers as $item){ |
| ... | ... | @@ -961,3 +964,4 @@ class KTLDAPBaseAuthenticator extends Authenticator { |
| 961 | 964 | } |
| 962 | 965 | } |
| 963 | 966 | |
| 967 | +?> | |
| 964 | 968 | \ No newline at end of file | ... | ... |
templates/ktstandard/authentication/ldapadduser.smarty
| ... | ... | @@ -10,7 +10,7 @@ |
| 10 | 10 | <input type="hidden" name="dn" value="{$dn}" /> |
| 11 | 11 | <input type="hidden" name="samaccountname" value="{$samaccountname}" /> |
| 12 | 12 | <div class="form_actions"> |
| 13 | - <input type="submit" name="submit[create]" value="{i18n}create user{/i18n}" /> | |
| 13 | + <input type="submit" name="submit[create]" value="{i18n}Create user{/i18n}" /> | |
| 14 | 14 | <input type="submit" name="kt_cancel[]" value="{i18n}Cancel{/i18n}" /> |
| 15 | 15 | </div> |
| 16 | 16 | </fieldset> | ... | ... |