Fix LDAP+SSO authentication (AUTH_TYPE == 4)

Use ldap.php in auth phase to extract user LDAP attributes Check user existence with search_on_loginnt($login) Do not check password validity when $affich_method == 'SSO'
OCSInventory-NG · Dec 13, 2023 · 6177e28 · 6177e28
1 parent 3b49e43
commit 6177e28
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 2 deletions.
diff --git a/backend/AUTH/methode/ldap.php b/backend/AUTH/methode/ldap.php
@@ -68,7 +68,13 @@ function verif_pw_ldap($login, $pw) {
         // login doesn't exist
         return ("BAD LOGIN OR PASSWORD");
     }
-    return (ldap_test_pw($info[0]["dn"], $pw) ? "OK" : "BAD LOGIN OR PASSWORD");
+
+    $affich_method = get_affiche_methode();
+    if($affich_method == 'SSO') {
+        return (isset($info[0]["dn"]) ? "OK" : "BAD LOGIN OR PASSWORD");
+    } else {
+        return (ldap_test_pw($info[0]["dn"], $pw) ? "OK" : "BAD LOGIN OR PASSWORD");
+    }
 }
 
 function search_on_loginnt($login) {

diff --git a/backend/require/auth.manager.php b/backend/require/auth.manager.php
@@ -51,7 +51,10 @@ function get_list_methode($identity = false){
             );
 
         case 4:
-
+            return array(
+                0 => "ldap.php"
+            );
+            break;
         case 5:
             if($identity){
                 return array(