mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Updated active directory auth to support dashboards

Browse Source
This commit is contained in:
laf
2016-01-17 15:26:35 +00:00
parent ad9b2db352
commit 57c802cd4e
3 changed files with 24 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
daily.php
View File

@ -121,6 +121,9 @@ if ($options['f'] === 'purgeusers') {
if (is_numeric($config['radius']['users_purge']) && $config['auth_mechanism'] === 'radius') { if (is_numeric($config['radius']['users_purge']) && $config['auth_mechanism'] === 'radius') {
$purge = $config['radius']['users_purge']; $purge = $config['radius']['users_purge'];
} }
if (is_numeric($config['active_directory']['users_purge']) && $config['auth_mechanism'] === 'active_directory') {
$purge = $config['active_directory']['users_purge'];
}
if ($purge > 0) { if ($purge > 0) {
foreach (dbFetchRows("SELECT DISTINCT(`user`) FROM `authlog` WHERE `datetime` >= DATE_SUB(NOW(), INTERVAL ? DAY)", array($purge)) as $user) { foreach (dbFetchRows("SELECT DISTINCT(`user`) FROM `authlog` WHERE `datetime` >= DATE_SUB(NOW(), INTERVAL ? DAY)", array($purge)) as $user) {
$users[] = $user['user']; $users[] = $user['user'];

16
doc/Extensions/Authentication.md
View File

@ -116,16 +116,20 @@ If you have issues with secure LDAP try setting `$config['auth_ad_check_certific
If you set ```$config['auth_ad_require_groupmembership']``` to 1, the authenticated user has to be a member of the specific group. Otherwise all users can authenticate, but are limited to user level 0 and only have access to shared dashboards. If you set ```$config['auth_ad_require_groupmembership']``` to 1, the authenticated user has to be a member of the specific group. Otherwise all users can authenticate, but are limited to user level 0 and only have access to shared dashboards.
> Cleanup of old accounts is done using the authlog. You will need to set the cleanup date for when old accounts will be purged which will happen AUTOMATICALLY.
> Please ensure that you set the $config['authlog_purge'] value to be greater than $config['active_directory]['users_purge'] otherwise old users won't be removed.
##### Sample configuration ##### Sample configuration
``` ```
$config['auth_ad_url'] = "ldaps://your-domain.controll.er"; $config['auth_ad_url'] = "ldaps://your-domain.controll.er";
$config['auth_ad_check_certificates'] = 1; // or 0 $config['auth_ad_check_certificates'] = 1; // or 0
$config['auth_ad_domain'] = "your-domain.com"; $config['auth_ad_domain'] = "your-domain.com";
$config['auth_ad_base_dn'] = "dc=your-domain,dc=com"; $config['auth_ad_base_dn'] = "dc=your-domain,dc=com";
$config['auth_ad_groups']['admin']['level'] = 10; $config['auth_ad_groups']['admin']['level'] = 10;
$config['auth_ad_groups']['pfy']['level'] = 7; $config['auth_ad_groups']['pfy']['level'] = 7;
$config['auth_ad_require_groupmembership'] = 0; $config['auth_ad_require_groupmembership'] = 0;
$config['active_directory']['users_purge'] = 14;//Purge users who haven't logged in for 14 days.
``` ```
#### Radius Authentication #### Radius Authentication

18
html/includes/authentication/active_directory.inc.php
View File

@ -86,7 +86,9 @@ function auth_usermanagement() {
function adduser($username) { function adduser($username) {
// Check to see if user is already added in the database // Check to see if user is already added in the database
if (!user_exists_in_db($username)) { if (!user_exists_in_db($username)) {
$userid = dbInsert(array('username' => $username, 'user_id' => get_userid($username), 'level' => "0", 'can_modify_passwd' => 0, 'twofactor' => 0), 'users'); $hasher = new PasswordHash(8, false);
$encrypted = $hasher->HashPassword($password);
$userid = dbInsert(array('username' => $username, 'password' => $encrypted, 'realname' => $realname, 'email' => $email, 'descr' => $description, 'level' => 0, 'can_modify_passwd' => $can_modify_passwd, 'twofactor' => $twofactor, 'user_id' => get_userid($username)), 'users');
if ($userid == false) { if ($userid == false) {
return false; return false;
} }
@ -162,8 +164,12 @@ function get_userid($username) {
function deluser() { function deluser() {
// not supported so return 0 dbDelete('bill_perms', '`user_name` = ?', array($username));
return 0; dbDelete('devices_perms', '`user_name` = ?', array($username));
dbDelete('ports_perms', '`user_name` = ?', array($username));
dbDelete('users_prefs', '`user_name` = ?', array($username));
dbDelete('users', '`user_name` = ?', array($username));
return dbDelete('users', '`username` = ?', array($username));
} }
@ -221,14 +227,12 @@ function can_update_users() {
function get_user($user_id) { function get_user($user_id) {
// not supported so return 0 // not supported so return 0
return 0; return dbFetchRow('SELECT * FROM `users` WHERE `user_id` = ?', array($user_id), true);
} }
function update_user($user_id, $realname, $level, $can_modify_passwd, $email) { function update_user($user_id, $realname, $level, $can_modify_passwd, $email) {
// not supported so return 0 dbUpdate(array('realname' => $realname, 'can_modify_passwd' => $can_modify_passwd, 'email' => $email), 'users', '`user_id` = ?', array($user_id));
return 0;
} }