mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fixes issues with binding and authenticating users in nested groups (#12398)

Browse Source 
* Fixes issues with binding and authenticating users in nested groups

Signed-off-by: Patrik Forsberg <git@paddyonline.net>

* re-instated the user group check for nested groups after identifying the real issue in ActiveDirectoryAuthorizer.php
added fix for special characters in group checker in ActiveDirectoryAuthorizer.php

Signed-off-by: Patrik Forsberg <git@paddyonline.net>

* fix for styleci/pr issues in ActiveDirectoryAuthorizer.php

Signed-off-by: Patrik Forsberg <git@paddyonline.net>

* further fixes for styleci/pr in ActiveDirectoryAuthorizer.php

Signed-off-by: Patrik Forsberg <git@paddyonline.net>

* fixed return value from userExists in ActiveDirectoryAuthorizer to return boolean instead of integer

Signed-off-by: Patrik Forsberg <git@paddyonline.net>

* fix for styleci/pr issues

Signed-off-by: Patrik Forsberg <git@paddyonline.net>

* cleanup

* don't use boolval on int...

Co-authored-by: Tony Murray <murraytony@gmail.com>
This commit is contained in:
Patrik Forsberg
2021-02-02 07:13:48 +01:00
committed by GitHub
parent aa634aa622
commit 89cbf152f6
1 changed files with 5 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
LibreNMS/Authentication/ActiveDirectoryAuthorizer.php
View File

@@ -90,7 +90,8 @@ class ActiveDirectoryAuthorizer extends AuthorizerBase
throw new AuthenticationException();
}
$group_dn = $result[0]['dn'];
// special character handling
$group_dn = addcslashes($result[0]['dn'], '()');
$search = ldap_search(
$connection,
@@ -118,10 +119,10 @@ class ActiveDirectoryAuthorizer extends AuthorizerBase
$entries = ldap_get_entries($connection, $search);
if ($entries['count']) {
return 1;
return true;
}
return 0;
return false;
}
public function getUserlevel($username)
@@ -226,7 +227,7 @@ class ActiveDirectoryAuthorizer extends AuthorizerBase
ldap_set_option($this->ldap_connection, LDAP_OPT_NETWORK_TIMEOUT, -1); // restore timeout
if ($bind_result) {
return;
return $bind_result;
}
ldap_set_option($this->ldap_connection, LDAP_OPT_NETWORK_TIMEOUT, Config::get('auth_ad_timeout', 5));