feat: enhance user creation and editing with role assignment and secure password handling (ldaps merci guillaume)
This commit is contained in:
Morph01
@@ -5,16 +5,29 @@ class LDAPAuth
|
||||
private $service_dn;
|
||||
private $service_pwd;
|
||||
private $ad;
|
||||
private $ca_cert_file;
|
||||
|
||||
public function __construct()
|
||||
{
|
||||
$this->ldap_server = 'ldap://intranet.epul3a.local';
|
||||
$this->ldap_server = 'ldaps://intranet.epul3a.local';
|
||||
$this->service_dn = 'CN=Service LDAP Reader,CN=Users,DC=epul3a,DC=local';
|
||||
$this->service_pwd = 'Test@123';
|
||||
$this->ca_cert_file = 'c:\\certs\\root.pem';
|
||||
}
|
||||
|
||||
public function connect()
|
||||
{
|
||||
if (!file_exists($this->ca_cert_file)) {
|
||||
die("❌ Le fichier de certificat n'existe pas ou n'est pas lisible : " . $this->ca_cert_file);
|
||||
}
|
||||
|
||||
if (!is_readable($this->ca_cert_file)) {
|
||||
die("❌ Impossible de lire le fichier de certificat : " . $this->ca_cert_file);
|
||||
}
|
||||
|
||||
ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, $this->ca_cert_file);
|
||||
ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, LDAP_OPT_X_TLS_DEMAND);
|
||||
|
||||
$this->ad = ldap_connect($this->ldap_server)
|
||||
or die("❌ Impossible de se connecter au LDAP");
|
||||
|
||||
@@ -54,8 +67,12 @@ class LDAPAuth
|
||||
if (@ldap_bind($this->ad, $user_dn, $user_password)) {
|
||||
// Vérifier si l'utilisateur est un administrateur
|
||||
$is_admin = $this->isUserAdmin($user_dn);
|
||||
// Récupérer les OUs sur lesquelles l'utilisateur a des droits d'administration
|
||||
$admin_ous = $this->getAdminOUs($user_dn);
|
||||
// Récupérer les OUs sur lesquelles l'utilisateur a des droits d'administration (si admin)
|
||||
if ($is_admin) {
|
||||
$admin_ous = $this->getAdminOUs($user_dn);
|
||||
} else {
|
||||
$admin_ous = [];
|
||||
}
|
||||
|
||||
return [
|
||||
'success' => true,
|
||||
@@ -331,6 +348,20 @@ class LDAPAuth
|
||||
return $users;
|
||||
}
|
||||
|
||||
public function addUserToGroup($user_dn, $group_dn, $admin_username, $admin_password)
|
||||
{
|
||||
$this->connect();
|
||||
$this->bindWithCredentials($admin_username, $admin_password);
|
||||
|
||||
$mod = [
|
||||
'member' => $user_dn
|
||||
];
|
||||
|
||||
if (!@ldap_mod_add($this->ad, $group_dn, $mod)) {
|
||||
throw new Exception("Erreur lors de l'ajout de l'utilisateur au groupe : " . ldap_error($this->ad));
|
||||
}
|
||||
}
|
||||
|
||||
public function getUserDetails($username)
|
||||
{
|
||||
$this->connect();
|
||||
@@ -366,7 +397,7 @@ class LDAPAuth
|
||||
$this->bindServiceAccount();
|
||||
|
||||
$filter = "(objectClass=user)";
|
||||
$attributes = ["Name", "sn", "givenName","mail", "sAMAccountName"];
|
||||
$attributes = ["Name", "sn", "givenName", "mail", "sAMAccountName"];
|
||||
$result = ldap_read($this->ad, $dn, $filter, $attributes);
|
||||
$entries = ldap_get_entries($this->ad, $result);
|
||||
|
||||
|
||||
Reference in New Issue
Block a user