lunax/snipe_it
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity Actions

Merge branch 'develop' of https://github.com/snipe/snipe-it into develop

Browse source
This commit is contained in:
snipe 2020-10-09 17:24:55 -07:00
commit 51d804c971
1 changed files with 14 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
app/Services/LdapAd.php
View file

@ -63,8 +63,15 @@ class LdapAd extends LdapAdConfiguration
parent::init(); parent::init();
if($this->isLdapEnabled()) { if($this->isLdapEnabled()) {
$this->ldapConfig['account_prefix'] = $this->ldapSettings['ldap_auth_filter_query']; if($this->ldapSettings['is_ad'] == 0 ) { //only for NON-AD setups!
$this->ldapConfig['account_suffix'] = ','.$this->ldapConfig['base_dn']; $this->ldapConfig['account_prefix'] = $this->ldapSettings['ldap_auth_filter_query'];
$this->ldapConfig['account_suffix'] = ','.$this->ldapConfig['base_dn'];
} /*
To the point mentioned in ldapLogin(), we might want to add an 'else' clause here that
sets up an 'account_suffix' of '@'.$this->ldapSettings['ad_domain'] *IF* the user has
$this->ldapSettings['ad_append_domain'] enabled.
That code in ldapLogin gets simplified, in exchange for putting all the weirdness here only.
*/
$this->ldap = new Adldap(); $this->ldap = new Adldap();
$this->ldap->addProvider($this->ldapConfig); $this->ldap->addProvider($this->ldapConfig);
return true; return true;
@ -92,11 +99,13 @@ class LdapAd extends LdapAdConfiguration
*/ */
public function ldapLogin(string $username, string $password): User public function ldapLogin(string $username, string $password): User
{ {
if ($this->ldapSettings['ad_append_domain']) { if ($this->ldapSettings['ad_append_domain']) { //if you're using 'userprincipalname', don't check the ad_append_domain checkbox
$username .= '@' . $this->ldapSettings['ad_domain']; $login_username = $username . '@' . $this->ldapSettings['ad_domain']; // I feel like could can be solved with the 'suffix' feature? Then this would be easier.
} else {
$login_username = $username;
} }
if ($this->ldap->auth()->attempt($username, $password, true) === false) { if ($this->ldap->auth()->attempt($login_username, $password, true) === false) {
throw new Exception('Unable to validate user credentials!'); throw new Exception('Unable to validate user credentials!');
} }