mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add LDAP bind and userlist filter support to ldap-authorization (#13788)

Browse Source 
* Add userlist filter to ldap-authorization

* Add LDAP bind user to ldap-authorization

* Type hint getFullDn parameter of ldap-authorization

* docs: add missing options of ldap

* docs: add available options of ldap-authorization
This commit is contained in:
Philipp Fromme
2022-04-22 08:28:29 +02:00
committed by GitHub
parent 3a379431a5
commit 4a98dc69e3
2 changed files with 67 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
LibreNMS/Authentication/LdapAuthorizationAuthorizer.php
View File

@@ -59,6 +59,17 @@ class LdapAuthorizationAuthorizer extends AuthorizerBase
throw new AuthenticationException('Fatal error: LDAP TLS required but not successfully negotiated:' . ldap_error($this->ldap_connection));
}
}
if ((Config::has('auth_ldap_binduser') || Config::has('auth_ldap_binddn')) && Config::has('auth_ldap_bindpassword')) {
if (Config::get('auth_ldap_binddn') == null) {
Config::set('auth_ldap_binddn', $this->getFullDn(Config::get('auth_ldap_binduser')));
}
$username = Config::get('auth_ldap_binddn');
$password = Config::get('auth_ldap_bindpassword');
$bind_result = ldap_bind($this->ldap_connection, $username, $password);
if (! $bind_result) {
throw new AuthenticationException('Fatal error: LDAP bind configured but not successfully authenticated:' . ldap_error($this->ldap_connection));
}
}
}
public function authenticate($credentials)
@@ -167,7 +178,9 @@ class LdapAuthorizationAuthorizer extends AuthorizerBase
$userlist = [];
$filter = '(' . Config::get('auth_ldap_prefix') . '*)';
if (Config::get('auth_ldap_userlist_filter') != null) {
$filter = '(' . Config::get('auth_ldap_userlist_filter') . ')';
}
$search = ldap_search($this->ldap_connection, trim(Config::get('auth_ldap_suffix'), ','), $filter);
$entries = ldap_get_entries($this->ldap_connection, $search);
@@ -213,6 +226,18 @@ class LdapAuthorizationAuthorizer extends AuthorizerBase
return false;
}
/**
* Get the full dn with auth_ldap_prefix and auth_ldap_suffix
*
* @internal
*
* @return string
*/
protected function getFullDn(string $username)
{
return Config::get('auth_ldap_prefix', '') . $username . Config::get('auth_ldap_suffix', '');
}
protected function getMembername($username)
{
if (Config::get('auth_ldap_groupmembertype') == 'fulldn') {