clones/librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-09-22 10:58:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix LDAP slow login and unable to login (#10872)

Browse Source 
* Fix LDAP slow login
* Keep getUserList as is and implement fix in getUser function
* Split getUser function for CodeClimate
* Rewrite GetUser
* Fix no ldap auth when bind user configured - https://community.librenms.org/t/ldap-authentication-problem-with-webui/6115/2
This commit is contained in:
louis-oui 2019-11-22 15:38:42 +01:00 committed by PipoCanaja
parent 35a50fa535
commit ab2f909a9d
1 changed files with 22 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
LibreNMS/Authentication/LdapAuthorizer.php
View File

@ -9,6 +9,7 @@ use LibreNMS\Exceptions\LdapMissingException;
class LdapAuthorizer extends AuthorizerBase
{
protected $ldap_connection;
private $userloginname = "";
public function authenticate($credentials)
{
@ -16,7 +17,13 @@ class LdapAuthorizer extends AuthorizerBase
if (!empty($credentials['username'])) {
$username = $credentials['username'];
$this->userloginname = $username;
if (!empty($credentials['password']) && ldap_bind($connection, $this->getFullDn($username), $credentials['password'])) {
// ldap_bind has done a bind with the user credentials. If binduser is configured, rebind with the auth_ldap_binduser
// normal user has restricted right to search in ldap. auth_ldap_binduser has full search rights
if ((Config::has('auth_ldap_binduser') || Config::has('auth_ldap_binddn')) && Config::has('auth_ldap_bindpassword')) {
$this->bind();
}
$ldap_groups = $this->getGroupList();
if (empty($ldap_groups)) {
// no groups, don't check membership
@ -198,10 +205,22 @@ class LdapAuthorizer extends AuthorizerBase
public function getUser($user_id)
{
foreach ($this->getUserlist() as $user) {
if ((int)$user['user_id'] === (int)$user_id) {
return $user;
$connection = $this->getLdapConnection();
$filter = '(' . Config::get('auth_ldap_prefix') . $this->userloginname . ')';
if (Config::get('auth_ldap_userlist_filter') != null) {
$filter = '(' . Config::get('auth_ldap_userlist_filter') . ')';
}
$search = ldap_search($connection, trim(Config::get('auth_ldap_suffix'), ','), $filter);
$entries = ldap_get_entries($connection, $search);
foreach ($entries as $entry) {
$user = $this->ldapToUser($entry);
if ((int)$user['user_id'] !== (int)$user_id) {
continue;
}
return $user;
}
return 0;
}