-
Notifications
You must be signed in to change notification settings - Fork 20
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Draft - Active Directory support (#156)
* Switch to LTB LDAP 0.2 * Migration of send_mail function * Migration of connect function * Migration of ldap_get_mail_for_notification function * Require autoload in index * Migration of search function * Use ldapInstance in smarty plugin * Call ldap_bind to check password * Fix typo * Migrate notify_admin_by_mail function * Function to convert AD date * First mapping between OpenLDAP and AD * Manage other AD specific attributes * AD lockout time * AD identifier * Move OpenLDAP specific attributes * Work on isLocked function * Use new ltb-common Directory functions * Hide special value of lockout date * Use ltb-common password expiration functions * Use functions to lock/unlock an account * Use ltb-common function to modify password * Use ltb-common resetAtNextConnection function * Add feature to enable/disable account * Remove composer.lock * Use new lockDate function to remove OpenLDAP specific code * Clean lock account code * Use Directory interface for search locked account * Use Directory interface for search expired passwords * Use Directory interface for search idle accounts * Use Directory interface for search will expire passwords * Use password policy configuration from Directory interface * Fix merge * Fix merge * Doc for OpenLDAP/AD
- Loading branch information
Showing
22 changed files
with
480 additions
and
354 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
Enable and disable account | ||
========================== | ||
|
||
Show enabled status | ||
------------------- | ||
|
||
Service Desk will display if account is enabled or not. To allow this feature: | ||
|
||
.. code-block:: php | ||
$show_enablestatus = true; | ||
Enable account | ||
-------------- | ||
|
||
This feature allows to enable the account. The button is only displayed if the account is disabled. | ||
|
||
To enable this feature: | ||
|
||
.. code-block:: php | ||
$use_enableaccount = true; | ||
Disable account | ||
--------------- | ||
|
||
This feature allows to disable the account. It is only displayed if the account is enabled. | ||
|
||
To enable this feature: | ||
|
||
.. code-block:: php | ||
$use_disableaccount = true; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,5 @@ | ||
Lock account | ||
============ | ||
Lock and unlock account | ||
======================= | ||
|
||
Show lock status | ||
---------------- | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
<?php | ||
/* | ||
* Disable account in LDAP directory | ||
*/ | ||
|
||
$result = ""; | ||
$dn = ""; | ||
$password = ""; | ||
|
||
if (isset($_POST["dn"]) and $_POST["dn"]) { | ||
$dn = $_POST["dn"]; | ||
} else { | ||
$result = "dnrequired"; | ||
} | ||
|
||
if (!$use_disableaccount) { | ||
$result = "actionforbidden"; | ||
} | ||
|
||
if ($result === "") { | ||
|
||
require_once("../conf/config.inc.php"); | ||
require __DIR__ . '/../vendor/autoload.php'; | ||
|
||
# Connect to LDAP | ||
$ldap_connection = $ldapInstance->connect(); | ||
|
||
$ldap = $ldap_connection[0]; | ||
$result = $ldap_connection[1]; | ||
|
||
if ($ldap) { | ||
if ( $directory->disableAccount($ldap, $dn) ) { | ||
$result = "accountdisabled"; | ||
} else { | ||
$result = "ldaperror"; | ||
} | ||
} | ||
} | ||
|
||
if ($audit_log_file) { | ||
auditlog($audit_log_file, $dn, $audit_admin, "disableaccount", $result); | ||
} | ||
|
||
header('Location: index.php?page=display&dn='.$dn.'&disableaccountresult='.$result); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
<?php | ||
/* | ||
* Enable account in LDAP directory | ||
*/ | ||
|
||
$result = ""; | ||
$dn = ""; | ||
$password = ""; | ||
|
||
if (isset($_POST["dn"]) and $_POST["dn"]) { | ||
$dn = $_POST["dn"]; | ||
} else { | ||
$result = "dnrequired"; | ||
} | ||
|
||
if (!$use_enableaccount) { | ||
$result = "actionforbidden"; | ||
} | ||
|
||
if ($result === "") { | ||
|
||
require_once("../conf/config.inc.php"); | ||
require __DIR__ . '/../vendor/autoload.php'; | ||
|
||
# Connect to LDAP | ||
$ldap_connection = $ldapInstance->connect(); | ||
|
||
$ldap = $ldap_connection[0]; | ||
$result = $ldap_connection[1]; | ||
|
||
if ($ldap) { | ||
if ( $directory->enableAccount($ldap, $dn) ) { | ||
$result = "accountenabled"; | ||
} else { | ||
$result = "ldaperror"; | ||
} | ||
} | ||
} | ||
|
||
if ($audit_log_file) { | ||
auditlog($audit_log_file, $dn, $audit_admin, "enableaccount", $result); | ||
} | ||
|
||
header('Location: index.php?page=display&dn='.$dn.'&enableaccountresult='.$result); |
Oops, something went wrong.