From 90c79bd539f5c8fad837161fb8ce8593ee1e5663 Mon Sep 17 00:00:00 2001 From: Tom Laermans Date: Sat, 16 Jan 2010 22:57:10 +0000 Subject: [PATCH] ldap access filtering by group git-svn-id: http://www.observium.org/svn/observer/trunk@700 61d68cd4-352d-0410-923a-c4978735b2b8 --- config.php.default | 5 +++-- html/includes/authenticate.inc | 18 ++++++++++++++---- 2 files changed, 17 insertions(+), 6 deletions(-) diff --git a/config.php.default b/config.php.default index e6ad6081a..2efd5ac56 100755 --- a/config.php.default +++ b/config.php.default @@ -23,9 +23,10 @@ $config['auth_mechanism'] = "mysql"; # default, other options: ldap # LDAP module configuration $config['auth_ldap_server'] = "ldap.yourserver.com"; -$config['auth_ldap_port'] = 389; -$config['auth_ldap_suffix'] = ",ou=People,dc=example,dc=com"; +$config['auth_ldap_port'] = 389; $config['auth_ldap_prefix'] = "uid="; +$config['auth_ldap_suffix'] = ",ou=People,dc=example,dc=com"; +$config['auth_ldap_group'] = "cn=observer,ou=groups,dc=example,dc=com"; ### Location of executables diff --git a/html/includes/authenticate.inc b/html/includes/authenticate.inc index c28066da3..521a5e0cb 100644 --- a/html/includes/authenticate.inc +++ b/html/includes/authenticate.inc @@ -4,7 +4,7 @@ session_start(); -if($_GET['logout'] && $_SESSION['authenticated']) { +if(isset($_GET['logout']) && $_SESSION['authenticated']) { mysql_query("INSERT INTO authlog (`user`,`address`,`result`) VALUES ('" . $_SESSION['username'] . "', '".$_SERVER["REMOTE_ADDR"]."', 'logged out')"); unset($_SESSION); session_destroy(); @@ -14,12 +14,12 @@ if($_GET['logout'] && $_SESSION['authenticated']) { $auth_message = "Logged Out"; } -if($_POST['username'] && $_POST['password']){ +if(isset($_POST['username']) && isset($_POST['password'])){ $_SESSION['username'] = mres($_POST['username']); $_SESSION['password'] = mres($_POST['password']); } -if($_COOKIE['username'] && $_COOKIE['password']){ +if(isset($_COOKIE['username']) && isset($_COOKIE['password'])){ $_SESSION['username'] = mres($_COOKIE['username']); $_SESSION['password'] = mres($_COOKIE['password']); } @@ -45,7 +45,17 @@ if ($_SESSION['username']) { if (ldap_bind($ds, $config['auth_ldap_prefix'] . $_SESSION['username'] . $config['auth_ldap_suffix'], $_SESSION['password'])) { - $auth_success = 1; + if (!$config['auth_ldap_group']) + { + $auth_success = 1; + } + else + { + if (ldap_compare($ds,$config['auth_ldap_group'],'memberUid',$_SESSION['username'])) + { + $auth_success = 1; + } + } } } }