From 4020bf861e96fb0db58bcd8428f38058b9b3e910 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?D=C3=A9veloppeur=20=C3=A9gar=C3=A9?= Date: Wed, 4 Feb 2015 00:35:24 +0100 Subject: [PATCH] automated creation of Friendica basic account --- ldapauth.tgz | Bin 1514 -> 1941 bytes ldapauth/ldapauth.php | 59 +++++++++++++++++++++++++++++++++--------- 2 files changed, 47 insertions(+), 12 deletions(-) diff --git a/ldapauth.tgz b/ldapauth.tgz index 7dd3d6c427335979974f62e0cf6539bd60cd3ec8..62ff161abc5b090d3e32cdd9c22521b41e0b0354 100755 GIT binary patch literal 1941 zcmV;G2Wt2qiwFqhSs5boFYR~*$KEed_x3#etl zfFh89p)%kDLM2VyHX^l)oiHZEf9KAQ^U}3jfx!ou#Y*bjJ@?%C?wq($;4Qo)p0z4} zZnSaSzP(rJ?(N?0c6Tf7z5VX~ZU^VHQR#HsJNsP}>+Dt9o$lW4b_Mn-e_~wLey|at*?aI~o)8p=aT<>b@=FKYHgqPl&_2BvA!&h*Ksla#~`d-ZF)?=o887|^b z@LuUAc#tS2!JB#^S21|p00g0Aek|lEX}@JsY0XZvgWolPkUe-2eq!*#Rvz4)#qpxo zYGt+9^u@fjkYW->tTjjBdqr*UbUyQmU8@S#g(os(JV0jP1%co+MSm|ukVI>I!+$^T z(Hq4kNdyxi;a$iBaiZYRkHaqv9$PU~3_u{R)cUu^o?2Gb-=asS&&Gk$UZuV%wl11y%G}MKw>E2f-f*Se(dUirrFRWw5Q^PePPmtFm@Cy zFi_z*VuqE6@H#k%Pq7hmjEm;xOJ)d(Ny#RzPv~R7eUb3kM&qSGtrHBaaZY2eUGW~A ziUe2l6gXo68CEQYCQFJtOkou^WZ+!Ca3FC+7nkfHM;+ZnCf5d=W7!UZ+p$&1RFuej3tNwVE;> z3GTDH6LLRF0@k86Ck9TVU#(Ur3HP-h*4~JU5i`BsfN#|;n}nm85TEK!G5H-A99{ga zm75#gw%@h(sHjZFzppf(@DhQ9|9uK)MC;q0dt-a735Aoo6EZ$ry@o3MyP|gzSFA3 ziR9#7?%f*F*0#HC$r6Ps;Mgvt9ezE4DT_xYJ?nXTx~1%F^b4wEtlxlNsA|N{sxD48 zQeB)F)ts;={aL^-By7aW$`lSSj^(+^xma1*H2e!mYcbN?GHTQ{b+cq?Qk<`UR{lJ! z5yM?CBCg>$iP_IWFR7nviPGrT4W-(-9bIbI0Qa?s@%m=&H5%2e%_C8xiCTX%L&R@0 zJIisX>Bj+j=p$P?U$nt`JvEt^UIXuDgIY%2*01Rt%0!aF%5g7r&MH{UV(~T_OLC?^ zz{HCb>!-z@LL%P>MH6Kp6t?s;4TN3~`ykbhM`oX_TP;^_w4!nqvNATN6$xZ z2gBFTj$XPujsC{U!@-lmaCrFqwF_-jOWD;QWbGkWDmEpz*k-Wn9vmDP-q`(C`=e*S zYp--K)`7|!Np7axh1})F(gf$g!OyJo7K5shH=_^+8G}hE6{a_j;hTGvqA6yut5es;xhzQm)mzlMjC^DyyL zvv2`<+Yg8bM;_F-=@nolUFR40UC2kTQx9~L!Rwzep+EB=$WmLpU?IC%64vJrvdk%P1<&rWc8$$-`e(cWorNH z`5VN+JuT=uJoG=MGr2R4hQ_JXm+S=vr*cOf-08zf$Y{3H=##bd&k({myhA&I1>IR7SLqd%$T(_QyqBz?8UQV z=+xZYs(Ji1T&(%@HFSBK*(#MbdRDm_8;yvz{iWZ3c6Rr6 zEAUs&|Nryfe}3-Z`;tz*fAPq>da0+~)#FP&+`hzbX)!#W| bP7j!``u^3p8du|LY&?DdvmUf603-ka(dys( literal 1514 zcmV?dm0sy&{xQFeBEwQg@~ zr`z4CwR_v$?X8YkPo>uBwl}xCsMhJ#+MRB1r(J{IBXY_mk;)eUwYeWmsrX9SEqd{^ zx7~U9^5s)-dP0e^{0|3v2Sf2^(f6=F;Y#I@WeJQWF2*D2oml6=7WY%uLuUUOcgcoDg4@1uMlKwq1(`WTbGWS2k|AFp3MEc3A&+>lI z`_Do?>?MeR4|oq+hL3m|BKptYhiR=n)~$%p_F}YA_&2vBnr9cJ0c$xZlY|9^WrjA= z<&U-HZNT5oT2=z18RwUtTP!!X0j_Dc*2>F6Z|9iWdQ>vrc;(!zbf2&ifrLFhh3{0o zy5D$K9~(k+;^m5Eo$+T^S2M%u>7F2`G&Dwt7AVTk&>99FW&m;;Bc^irsvo2 zN$4Mw&tO+95wpWElJa;4(&ty)KK-Z=V4 z5S0jaTZqe%%jh-gS;RCK2TpWm8Ff5zNr($6dw z&?{iyrq*g?r?Qt>HOyEaoqRYOeHfmco$Q|+jy?{Cr|(aW8=Gl>?_)e1yc-OMdxxhD zXs2e#&U>3z%EG8vpN(S0VJGhH?pofu5mui^uiT`;(%0;6&QI6WvYV{Z8p}1-1b5fP zzj+gugNn%aqd>!)!GsE_M%dosxDApYCd^kfTztd*DpH7Sk#GFpyD$ZIc92V zwHPmIF}_MGr515Xire|VAz_e^#%8xjLrcV`QzE?eY<~3d<1`@najL)71dr11$^(uS zh@WUM&|_h};D2>)ZGN*Sg6kz7o$XtAxCH3W<2Tds#SE| zpWt^VACsp(m|nu?A8=v+=0OmvyZ@F%-tHjnpHj)*RR0^Pq>@T1sicxhDygKBN-C+O Ql3!N-0WfY{a{wp+0LAb0O8@`> diff --git a/ldapauth/ldapauth.php b/ldapauth/ldapauth.php index b87f669d5..2c8f3effd 100755 --- a/ldapauth/ldapauth.php +++ b/ldapauth/ldapauth.php @@ -2,8 +2,9 @@ /** * Name: LDAP Authenticate * Description: Authenticate a user against an LDAP directory - * Version: 1.0 + * Version: 1.1 * Author: Mike Macgirvin + * Author: aymhce */ /** @@ -17,8 +18,9 @@ * * Optionally authenticates only if a member of a given group in the directory. * - * The person must have registered with Friendica using the normal registration + * By default, the person must have registered with Friendica using the normal registration * procedures in order to have a Friendica user record, contact, and profile. + * However, it's possible with an option to automate the creation of a Friendica basic account. * * Note when using with Windows Active Directory: you may need to set TLS_CACERT in your site * ldap.conf file to the signing cert for your LDAP server. @@ -31,6 +33,7 @@ * */ +require_once('include/user.php'); function ldapauth_install() { @@ -44,19 +47,13 @@ function ldapauth_uninstall() { function ldapauth_hook_authenticate($a,&$b) { - if(ldapauth_authenticate($b['username'],$b['password'])) { - $results = q("SELECT * FROM `user` WHERE `nickname` = '%s' AND `blocked` = 0 AND `verified` = 1 LIMIT 1", - dbesc($b['username']) - ); - if(count($results)) { - $b['user_record'] = $results[0]; - $b['authenticated'] = 1; - } + if(ldapauth_authenticate($b['username'],$b['password']) && is_existing_account($b['username'])) { + $b['user_record'] = $results[0]; + $b['authenticated'] = 1; } return; } - function ldapauth_authenticate($username,$password) { $ldap_server = get_config('ldapauth','ldap_server'); @@ -65,7 +62,15 @@ function ldapauth_authenticate($username,$password) { $ldap_searchdn = get_config('ldapauth','ldap_searchdn'); $ldap_userattr = get_config('ldapauth','ldap_userattr'); $ldap_group = get_config('ldapauth','ldap_group'); + $ldap_autocreateaccount = get_config('ldapauth','ldap_autocreateaccount'); + $ldap_autocreateaccount_emailattribute = get_config('ldapauth','ldap_autocreateaccount_emailattribute'); + $ldap_autocreateaccount_nameattribute = get_config('ldapauth','ldap_autocreateaccount_nameattribute'); + if(! strlen($ldap_autocreateaccount_emailattribute)) + $ldap_autocreateaccount_emailattribute = "mail"; + if(! strlen($ldap_autocreateaccount_nameattribute)) + $ldap_autocreateaccount_nameattribute = "givenName"; + if(! ((strlen($password)) && (function_exists('ldap_connect')) && (strlen($ldap_server)))) @@ -98,9 +103,14 @@ function ldapauth_authenticate($username,$password) { if(! @ldap_bind($connect,$dn,$password)) return false; + + $emailarray = @ldap_get_values($connect, $id, $ldap_autocreateaccount_emailattribute); + $namearray = @ldap_get_values($connect, $id, $ldap_autocreateaccount_nameattribute); - if(! strlen($ldap_group)) + if(! strlen($ldap_group)){ + ldap_autocreateaccount($ldap_autocreateaccount,$username,$password,$emailarray[0],$namearray[0]); return true; + } $r = @ldap_compare($connect,$ldap_group,'member',$dn); if ($r === -1) { @@ -126,5 +136,30 @@ function ldapauth_authenticate($username,$password) { return false; } + ldap_autocreateaccount($ldap_autocreateaccount,$username,$password,$emailarray[0],$namearray[0]); return true; } + +function ldap_autocreateaccount($ldap_autocreateaccount,$username,$password,$email,$name) { + if($ldap_autocreateaccount == "true" && !is_existing_account($username)){ + if (strlen($email) > 0 && strlen($name) > 0){ + $arr = array('username'=>$name,'nickname'=>$username,'email'=>$email,'password'=>$password,'verified'=>1); + $result = create_user($arr); + if ($result['success']){ + logger("ldapauth: account " . $username . " created"); + }else{ + logger("ldapauth: account " . $username . " was not created ! : " . implode($result)); + } + }else{ + logger("ldapauth: unable to create account, no email or nickname found"); + } + } +} + +function is_existing_account($username){ + $results = q("SELECT * FROM `user` WHERE `nickname` = '%s' AND `blocked` = 0 AND `verified` = 1 LIMIT 1",$username); + if(count($results)) { + return true; + } + return false; +}