lunax/snipe_it
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity Actions

Misc ldap fixes (#6631)

Browse source 
* misc_ldap_fixes: Map location from OU, not group

* misc_ldap_fixes: Ensure ldap is initialised for import

* misc_ldap_fixes: Import Job Title

* misc_ldap_fixes: Import telephone, fix field select from schema

* misc_ldap_fixes: Cleanup login error-handling, fix boolean tests
This commit is contained in:
Colin Campbell 2019-01-25 01:15:44 +01:00 committed by snipe
parent 7d982c9ea6
commit 8c632f63b0
2 changed files with 24 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
app/Http/Controllers/Users/LDAPImportController.php
View file

@ -26,6 +26,7 @@ class LDAPImportController extends Controller
{ {
parent::__construct(); parent::__construct();
$this->ldap = $ldap; $this->ldap = $ldap;
$this->ldap->init();
} }
/** /**

27
app/Services/LdapAd.php
View file

@ -4,6 +4,7 @@ declare(strict_types=1);
namespace App\Services; namespace App\Services;
use Adldap\Schemas\Schema;
use App\Models\User; use App\Models\User;
use App\Helpers\Helper; use App\Helpers\Helper;
use Exception; use Exception;
@ -94,7 +95,6 @@ class LdapAd extends LdapAdConfiguration
} }
// Should we sync the logged in user // Should we sync the logged in user
try {
Log::debug('Attempting to find user in LDAP directory'); Log::debug('Attempting to find user in LDAP directory');
$record = $this->ldap->search()->findBy($this->ldapSettings['ldap_username_field'], $username); $record = $this->ldap->search()->findBy($this->ldapSettings['ldap_username_field'], $username);
@ -104,11 +104,6 @@ class LdapAd extends LdapAdConfiguration
} }
} }
else { else {
Log::error($e->getMessage());
throw new Exception('Unable to find user in LDAP directory!');
}
} catch (ModelNotFoundException $e) {
Log::error($e->getMessage());
throw new Exception('Unable to find user in LDAP directory!'); throw new Exception('Unable to find user in LDAP directory!');
} }
@ -142,6 +137,8 @@ class LdapAd extends LdapAdConfiguration
$snipeUser['lastname'] = $user->{$this->ldapSettings['ldap_lname_field']}[0] ?? ''; $snipeUser['lastname'] = $user->{$this->ldapSettings['ldap_lname_field']}[0] ?? '';
$snipeUser['firstname'] = $user->{$this->ldapSettings['ldap_fname_field']}[0] ?? ''; $snipeUser['firstname'] = $user->{$this->ldapSettings['ldap_fname_field']}[0] ?? '';
$snipeUser['email'] = $user->{$this->ldapSettings['ldap_email']}[0] ?? ''; $snipeUser['email'] = $user->{$this->ldapSettings['ldap_email']}[0] ?? '';
$snipeUser['title'] = $user->getTitle() ?? '';
$snipeUser['telephonenumber'] = $user->getTelephoneNumber() ?? '';
$snipeUser['location_id'] = $this->getLocationId($user, $defaultLocation, $mappedLocations); $snipeUser['location_id'] = $this->getLocationId($user, $defaultLocation, $mappedLocations);
$snipeUser['activated'] = $this->getActiveStatus($user); $snipeUser['activated'] = $this->getActiveStatus($user);
@ -171,6 +168,8 @@ class LdapAd extends LdapAdConfiguration
$user->last_name = trim($userInfo['lastname']); $user->last_name = trim($userInfo['lastname']);
$user->email = trim($userInfo['email']); $user->email = trim($userInfo['email']);
$user->employee_num = trim($userInfo['employee_number']); $user->employee_num = trim($userInfo['employee_number']);
$user->jobtitle = trim($userInfo['title']);
$user->phone = trim($userInfo['telephonenumber']);
$user->activated = $userInfo['activated']; $user->activated = $userInfo['activated'];
$user->location_id = $userInfo['location_id']; $user->location_id = $userInfo['location_id'];
$user->notes = 'Imported from LDAP'; $user->notes = 'Imported from LDAP';
@ -223,7 +222,7 @@ class LdapAd extends LdapAdConfiguration
*/ */
private function isLdapSync(AdldapUser $user): bool private function isLdapSync(AdldapUser $user): bool
{ {
return (false === $this->ldapSettings['ldap_active_flag']) return (false == $this->ldapSettings['ldap_active_flag'])
|| ('true' == strtolower($user->{$this->ldapSettings['ldap_active_flag']}[0])); || ('true' == strtolower($user->{$this->ldapSettings['ldap_active_flag']}[0]));
} }
@ -245,11 +244,11 @@ class LdapAd extends LdapAdConfiguration
* Check to see if we are connected to an AD server * Check to see if we are connected to an AD server
* if so, check the Active Directory User Account Control Flags * if so, check the Active Directory User Account Control Flags
*/ */
if ($this->ldapSettings['is_ad']) { if ($user->hasAttribute($user->getSchema()->userAccountControl())) {
$activeStatus = (in_array($user->getUserAccountControl(), self::AD_USER_ACCOUNT_CONTROL_FLAGS)) ? 1 : 0; $activeStatus = (in_array($user->getUserAccountControl(), self::AD_USER_ACCOUNT_CONTROL_FLAGS)) ? 1 : 0;
} else { } else {
// If there is no activated flag, assume this is handled via the OU and activate the users // If there is no activated flag, assume this is handled via the OU and activate the users
if (false === $this->ldapSettings['ldap_active_flag']) { if (false == $this->ldapSettings['ldap_active_flag']) {
$activeStatus = 1; $activeStatus = 1;
} }
} }
@ -281,7 +280,7 @@ class LdapAd extends LdapAdConfiguration
// Check to see if the user is in a mapped location // Check to see if the user is in a mapped location
if ($mappedLocations) { if ($mappedLocations) {
$location = $mappedLocations->filter(function ($value, $key) use ($user) { $location = $mappedLocations->filter(function ($value, $key) use ($user) {
if ($user->inGroup([$value], true)) { if ($user->inOu($value)) {
return $key; return $key;
} }
}); });
@ -348,6 +347,8 @@ class LdapAd extends LdapAdConfiguration
*/ */
private function getSelectedFields(): array private function getSelectedFields(): array
{ {
/** @var Schema $schema */
$schema = new $this->ldapConfig['schema'];
return [ return [
$this->ldapSettings['ldap_username_field'], $this->ldapSettings['ldap_username_field'],
$this->ldapSettings['ldap_fname_field'], $this->ldapSettings['ldap_fname_field'],
@ -355,8 +356,10 @@ class LdapAd extends LdapAdConfiguration
$this->ldapSettings['ldap_email'], $this->ldapSettings['ldap_email'],
$this->ldapSettings['ldap_emp_num'], $this->ldapSettings['ldap_emp_num'],
$this->ldapSettings['ldap_active_flag'], $this->ldapSettings['ldap_active_flag'],
'memberOf', $schema->memberOf(),
'useraccountcontrol', $schema->userAccountControl(),
$schema->title(),
$schema->telephone(),
]; ];
} }