二娆?wordpress LDAP鎻掍欢閾炬帴鏈嶅姟鍣ㄧ殑BUG淇

2娆?wordpress LDAP鎻掍欢閾炬帴鏈嶅姟鍣ㄧ殑BUG淇

鐗堟潈鎵€鏈夛紝杞浇璇锋敞鏄庢潵婧恏ttp://gogo1217.iteye.com锛岃繚鑰呭繀绌讹紒

聽聽聽聽浠婂ぉ瀹夎浜嗕笅wordpress锛屼富瑕佺敤浜庡洟闃熷唴閮ㄦ妧鏈氦娴佸拰鍒嗕韩銆傚畠鐨勫畨瑁呭€掓槸闈炲父绠€鍗曪紝淇敼涓嬫暟鎹簱閰嶇疆鏂囦欢灏卞彲浠ヤ簡銆備絾鐢变簬鍥㈤槦鐨勮处鍙峰叏閮ㄩ噰鐢↙DAP杩涜绠＄悊锛屽洜姝ゅ笇鏈泈ordpress鑳戒笌ldap杩涜闆嗘垚銆?/p>

聽聽聽聽濂藉湪wordpress姣旇緝鎴愮啛锛屾湁澶氱LDAP鎻掍欢鍙互浣跨敤锛屽湪灏濊瘯浜哠imple LDAP Login鍜孉ctive Directory Integration鍧囧憡鐭ュけ璐ョ殑鎯呭喌涓嬶紝鍙ソ娼滃績鍘荤湅涓嬪畠鐨勪唬鐮侊紝浠ｇ爜鍊掔畝鍗曪紝鍔犱笂涔嬪墠鍐欒繃涓€涓畝鍗曠殑PHP淇敼LDAP瀵嗙爜鐨勯〉闈紝寰堝揩灏卞畾浣嶉棶棰樺苟鍦嗘弧瑙ｅ喅浜嗐€?/p>

聽

聽 1銆佺幇灏嗛棶棰樼殑淇敼杩囩▼鍜屽ぇ瀹跺垎浜紝鍏堣涓嬫垜浠琇DAP鐨勭粍缁囨儏鍐碉紝鎴戜滑鍦↙DAP鍒涘缓浜?涓粍锛屼竴涓敤鎴风粍锛屼竴涓鑹插垎缁勶紝鐢ㄦ埛鍒嗙粍鎸夌収缁勭粐鏋舵瀯杩涜鍖哄垎锛屽涓嬪浘鎵€绀?

+dc=foo,dc=bar,dc=com
-+ou=roles
-+ou=users
--+ou=dev
---+ou=dev09
----+uid=zhangsan

聽聽鍥犳鎴戜滑base_dn涓?dc=foo,dc=bar,dc=com

聽

聽2銆丼imple LDAP Login鎻掍欢淇敼锛?/p>

聽聽聽 a).涓嬭浇骞跺惎鐢⊿imple LDAP Login

聽聽聽 b).鍦ㄨ缃」涓壘鍒癝imple LDAP Login鐨勯厤缃〉闈紝濉啓Simple閫夐」鍗′腑閰嶇疆baseDN銆丩DAP鐨勬湇鍔″櫒IP鍦板潃锛屽苟鍦ˋdvance閰嶇疆LDAP Login Attribute涓簎id銆?/p>

聽聽聽 c).淇濆瓨鍚庯紝鍙戠幇杈撳叆姝ｇ‘鐨勭敤鎴峰悕鍜屽瘑鐮佸悗锛屾棤娉曠櫥闄嗐€?/p>

聽聽聽 d).缈讳簡缈绘彃浠剁殑婧愮爜鎵嶅彂鐜板湪Simple-LDAP-Login.php涓璴dap_auth鏂规硶瀛樺湪闂銆備粬灏嗘垜浠厤缃殑uid銆佽緭鍏ョ殑鐢ㄦ埛鍚嶅拰閰嶇疆baseDN閾炬帴鍦ㄤ竴璧凤紝鍗冲緱鍒扮殑鏄€渦id=zhangsan,dc=foo,dc=bar,dc=com鈥濅綔涓虹敤鎴风殑dn鏌ユ壘锛岃€岃姝ｇ‘鐨勬煡鎵惧簲璇ヤ负鈥渦id=zhangsan,ou=dev1,ou=dev1,ou=dev,ou=users,dc=foo,dc=bar,dc=com鈥?鍥犳鎬绘槸鎻愮ず鎴戜滑鏃犳硶鐧婚檰銆?/p>

function ldap_auth( $username, $password, $directory ) {
		$result = false;

		if ( $directory == "ad" ) {
			$result = $this->adldap->authenticate( $username, $password );
		} elseif ( $directory == "ol" ) {
			$this->ldap = ldap_connect( join(' ', (array)$this->get_setting('domain_controllers')), (int)$this->get_setting('ldap_port') );
			ldap_set_option($this->ldap, LDAP_OPT_PROTOCOL_VERSION, (int)$this->get_setting('ldap_version'));
			if ( str_true($this->get_setting('use_tls')) ) {
				ldap_start_tls($this->ldap);
			}
			$ldapbind = @ldap_bind($this->ldap, $this->get_setting('ol_login') .'=' . $username . ',' . $this->get_setting('base_dn'), $password);
			$result = $ldapbind;
		}

		return apply_filters($this->prefix . 'ldap_auth', $result);
	}

聽聽聽聽聽 e).淇敼鏌ユ壘閮ㄥ垎锛屽厛鐢╱id鍘绘煡鎵炬纭殑dn锛岀劧鍚庣敤姝ｇ‘鐨刣n鍜宲assword鍘荤粦瀹氾紝绾㈣壊閮ㄥ垎涓轰慨鏀广€?/p>

二娆?wordpress LDAP鎻掍欢閾炬帴鏈嶅姟鍣ㄧ殑BUG淇

聽聽聽聽聽 f).鏈€缁堜唬鐮佸涓嬶細

	function ldap_auth( $username, $password, $directory ) {
		$result = false;

		if ( $directory == "ad" ) {
			$result = $this->adldap->authenticate( $username, $password );
		} elseif ( $directory == "ol" ) {
			$this->ldap = ldap_connect( join(' ', (array)$this->get_setting('domain_controllers')), (int)$this->get_setting('ldap_port') );
			ldap_set_option($this->ldap, LDAP_OPT_PROTOCOL_VERSION, (int)$this->get_setting('ldap_version'));
			if ( str_true($this->get_setting('use_tls')) ) {
				ldap_start_tls($this->ldap);
			}
			
			//add by gogo1217
	        $search=@ldap_search($this->ldap,$this->get_setting('base_dn'),$this->get_setting('ol_login') .'=' .$username);
	        $dn=@ldap_get_entries($this->ldap,$search);
	        //浠庤幏鍙栧埌鐨勬暟缁勫彇鍑虹敤鎴穌n锛屾病鏈夌敤鎴穌n淇敼涓嶄簡瀵嗙爜銆?
	        for ($i=0; $i<$dn["count"]; $i++){
	            $user_dn= $dn[$i]["dn"];
	        }
            $ldapbind = @ldap_bind($this->ldap, $user_dn, $password);
	        //end by gogo1217

			//$ldapbind = @ldap_bind($this->ldap, $this->get_setting('ol_login') .'=' . $username . ',' . $this->get_setting('base_dn'), $password);
			$result = $ldapbind;
		}

		return apply_filters($this->prefix . 'ldap_auth', $result);
	}

聽聽聽 g).LDAP涓鍚嶄腑鏂囦贡鐮侀棶棰橈細

杩欐槸鍥犱负鎻掍欢涓涓枃杩涜浜嗚浆鐮侊紝鍘绘帀杞爜鍗冲彲锛屽垹闄ょ孩棰滆壊閮ㄥ垎涓殑sanitize_title鍑芥暟鍖呰９锛?/p>

二娆?wordpress LDAP鎻掍欢閾炬帴鏈嶅姟鍣ㄧ殑BUG淇

聽

聽3銆丄ctive Directory Integration鎻掍欢淇敼锛?/p>

聽聽聽 a).涓嬭浇骞跺惎鐢ˋctive Directory Integration锛?/p>

聽聽聽 b).鍦ㄩ厤缃ā鍧椾腑鎵惧埌Active Directory Integration Settings,濉啓Server閫夐」鍗′腑鐨凩DAP鐨勬湇鍔″櫒IP鍦板潃鍜宐aseDN銆?/p>

聽聽聽 c).淇濆瓨鍚庯紝鍙戠幇杈撳叆姝ｇ‘鐨勭敤鎴峰悕鍜屽瘑鐮佸悗锛屾棤娉曠櫥闄嗐€?/p>

聽聽聽 d).缈讳簡缈绘彃浠剁殑婧愮爜锛屽彂鐜颁娇鐢╝d_ldap/adLDAP.php鏉ラ摼鎺DAP锛屼粬灏嗚緭鍏ョ殑鐢ㄦ埛鍚嶅拰鎴戜滑鍦║ser閰嶇疆椤甸潰涓敤鎴峰悗缂€閾炬帴鍦ㄤ竴璧凤紝鐢变簬鎴戞病鏈夐厤缃悗缂€鍗冲緱鍒扮殑鏄€渮hangsan鈥濅綔涓虹敤鎴风殑dn鏌ユ壘锛岃€岃姝ｇ‘鐨勬煡鎵惧簲璇ヤ负鈥渦id=zhangsan,ou=dev1,ou=dev1,ou=dev,ou=users,dc=foo,dc=bar,dc=com鈥?鍥犳鎬绘槸鎻愮ず鎴戜滑鏃犳硶鐧婚檰銆?/p>

 /**
    * Validate a user's login credentials
    * 
    * @param string $username A user's AD username
    * @param string $password A user's AD password
    * @param bool optional $prevent_rebind
    * @return bool
    */
    public function authenticate($username, $password, $prevent_rebind = false) {
        // Prevent null binding
        if ($username === NULL || $password === NULL) { return false; } 
        if (empty($username) || empty($password)) { return false; }
        
        // Bind as the user        
        $ret = true;
        $this->_bind = @ldap_bind($this->_conn, $username . $this->_account_suffix, $password);
        if (!$this->_bind){ $ret = false; }

聽聽聽 e).淇敼鏌ユ壘閮ㄥ垎锛屽厛鐢╱id鍘绘煡鎵炬纭殑dn锛岀劧鍚庣敤姝ｇ‘鐨刣n鍜宲assword鍘荤粦瀹氾紝绾㈣壊閮ㄥ垎涓轰慨鏀广€?/p>

二娆?wordpress LDAP鎻掍欢閾炬帴鏈嶅姟鍣ㄧ殑BUG淇

聽聽聽 f).鏈€缁堜唬鐮佸涓嬶細

    /**
    * Validate a user's login credentials
    * 
    * @param string $username A user's AD username
    * @param string $password A user's AD password
    * @param bool optional $prevent_rebind
    * @return bool
    */
    public function authenticate($username, $password, $prevent_rebind = false) {
        // Prevent null binding
        if ($username === NULL || $password === NULL) { return false; } 
        if (empty($username) || empty($password)) { return false; }
        
        // Bind as the user        
        $ret = true;
        
        //add by liushimin
        $search=@ldap_search($this->_conn,$this->_base_dn,"uid=".$username);
        $dn=@ldap_get_entries($this->_conn,$search);
        //浠庤幏鍙栧埌鐨勬暟缁勫彇鍑虹敤鎴穌n锛屾病鏈夌敤鎴穌n淇敼涓嶄簡瀵嗙爜銆?
        for ($i=0; $i<$dn["count"]; $i++){
            $user_dn= $dn[$i]["dn"];
        }
        //end by liushimin
        $this->_bind = @ldap_bind($this->_conn, $user_dn, $password);

        //$this->_bind = @ldap_bind($this->_conn, $username . $this->_account_suffix, $password);

        if (!$this->_bind){ $ret = false; }

聽

4銆佸姣?涓彃浠讹紝閮芥槸鍦ㄧ敤鎴风櫥闄嗙殑鏃跺€欏幓LDAP妫€绱紝骞朵笖鍙戠幇鏈湴娌℃湁鐢ㄦ埛锛屽垯鍒涘缓涓€涓柊鐨勭敤鎴峰苟璧嬩簣鎸囧畾鐨勮鑹层€?/p>

1 妤? gogo1217 2013-10-01

鍙戠幇Simple LDAP Login鎻掍欢鐨凩DAP涓枃涔辩爜闂锛屽凡缁忔洿鏂般€?/div>