* feature: AD support nested groups (resubmit #7175)
Don't let groups with periods in the name cause issues.
* Merge #7245 into this PR
* Capture Exceptions in get_userlevel()
* Throw generic error if auth_ad_debug is not enabled to prevent information leak.
* Active Directory user in nested groups
* Active Directory user in nested groups
* Active Directory user in nested groups
* Use Config in new function
* fix: minimize session open time
page/graphs speedup part 2
Write close the session as soon as we no longer need to write to it. Prevents the session from blocking other requests.
Do not run through full authentication functions if the session is already authenticated.
Removes password from the session as well as some items to prevent session fixation from #4608.
WARNING: This will cause issues for ad/ldap users who do not have a bind user configured!
* Do no erase username when using cookie auth.
Properly close the session in ajax_setresolution.php
* write close the session as soon as possible in ajax_setresolution.php
* Remove session regeneration. It is not compatible with the current code and would require more changes.
* Totally refactor authentication. Extract code to functions for re-use and improved readability
* Use exceptions for authentication and error logging
Tested: mysql, ad_auth with and without bind user
* fix a couple scrutinizer issues
* fix reauthenticate in radius
* fix: AD authentication when auth_ad_base_dn is an OU
OUs don't have SID, so we can't use them to figure out the domain SID
* Only match leading OUs
* Actually, might be best to remove everything except the domain components.
* fix: move user preferences dashboard and twofactor out of users table
This allows them to work with any authentication method
Add set_user_pref() and get_user_pref() helper functions
* fix edit users for other users
* Fix updated_at default timestamp
* Update and rename 183.sql to 184.sql
* removed commented out debug
* feature: bind user for active_directory auth
Optional, allows the use of "remember me", API, and alerting.
* missing global (but still may not be working)
* always return a value from reauthenticate()
* Make sure the ldapbind credentials are correct on reauth.
Do not send output if they are incorrect (use d_echo) this breaks ajax calls, etc.
Add scripts/auth_test.php, to make it easier to debug authentication.
* Refine auth_test.php a bit more
A few small cleanups in other places of the auth
* Add auth_test.php to docs
Some more improvements in the auth_test.php output.
* Update Authentication.md
* Add auth_ad_(group|user)_filter options
* use global
* Fix some AD annoyances
Use the power of the LDAP filter to minimize the number of queries and
hopefully help performance in get_userlist, change semantics of
auth_ad_(user|group)_filter in $config to be anded with
samaccountname=USERNAME.
* remove unused variable
* update documentation
* Update Authentication.md
* Updated to remove passwords from sessions
* Remove users sessions when user deleted
* Updated when cookies are set
* Updated setcookies to always contain a value
* Added destroy_cookies() to remove users cookies on failed login
* Removed debug line
* Fixed graph issues
