二娆?wordpress LDAP鎻掍欢 閾炬帴鏈嶅姟鍣ㄧ殑BUG淇
鐗堟潈鎵€鏈夛紝杞浇璇锋敞鏄庢潵婧恏ttp://gogo1217.iteye.com锛岃繚鑰呭繀绌讹紒
聽 聽 聽 聽浠婂ぉ瀹夎浜嗕笅wordpress锛屼富瑕佺敤浜庡洟闃熷唴閮ㄦ妧鏈氦娴佸拰鍒嗕韩銆傚畠鐨勫畨瑁呭€掓槸闈炲父绠€鍗曪紝淇敼涓嬫暟鎹簱閰嶇疆鏂囦欢灏卞彲浠ヤ簡銆備絾鐢变簬鍥㈤槦鐨勮处鍙峰叏閮ㄩ噰鐢↙DAP杩涜绠$悊锛屽洜姝ゅ笇鏈泈ordpress鑳戒笌ldap杩涜闆嗘垚銆?/p>
聽 聽 聽 聽濂藉湪wordpress姣旇緝鎴愮啛锛屾湁澶氱LDAP鎻掍欢鍙互浣跨敤锛屽湪灏濊瘯浜哠imple LDAP Login鍜孉ctive Directory Integration鍧囧憡鐭ュけ璐ョ殑鎯呭喌涓嬶紝鍙ソ娼滃績鍘荤湅涓嬪畠鐨勪唬鐮侊紝浠g爜鍊掔畝鍗曪紝鍔犱笂涔嬪墠鍐欒繃涓€涓畝鍗曠殑PHP淇敼LDAP瀵嗙爜鐨勯〉闈紝寰堝揩灏卞畾浣嶉棶棰樺苟鍦嗘弧瑙e喅浜嗐€?/p>
聽
聽 1銆佺幇灏嗛棶棰樼殑淇敼杩囩▼鍜屽ぇ瀹跺垎浜紝鍏堣涓嬫垜浠琇DAP鐨勭粍缁囨儏鍐碉紝鎴戜滑鍦↙DAP鍒涘缓浜?涓粍锛屼竴涓敤鎴风粍锛屼竴涓鑹插垎缁勶紝鐢ㄦ埛鍒嗙粍鎸夌収缁勭粐鏋舵瀯杩涜鍖哄垎锛屽涓嬪浘鎵€绀?
+dc=foo,dc=bar,dc=com -+ou=roles -+ou=users --+ou=dev ---+ou=dev09 ----+uid=zhangsan
聽 聽鍥犳鎴戜滑base_dn涓?dc=foo,dc=bar,dc=com
聽
聽2銆丼imple LDAP Login鎻掍欢淇敼锛?/p>
聽 聽 聽 a).涓嬭浇骞跺惎鐢⊿imple LDAP Login
聽 聽 聽 b).鍦ㄨ缃」涓壘鍒癝imple LDAP Login鐨勯厤缃〉闈紝濉啓Simple閫夐」鍗′腑閰嶇疆baseDN銆丩DAP鐨勬湇鍔″櫒IP鍦板潃锛屽苟鍦ˋdvance閰嶇疆LDAP Login Attribute涓簎id銆?/p>
聽 聽 聽 c).淇濆瓨鍚庯紝鍙戠幇杈撳叆姝g‘鐨勭敤鎴峰悕鍜屽瘑鐮佸悗锛屾棤娉曠櫥闄嗐€?/p>
聽 聽 聽 d).缈讳簡缈绘彃浠剁殑婧愮爜鎵嶅彂鐜板湪Simple-LDAP-Login.php涓璴dap_auth鏂规硶瀛樺湪闂銆備粬灏嗘垜浠厤缃殑uid銆佽緭鍏ョ殑鐢ㄦ埛鍚嶅拰閰嶇疆baseDN閾炬帴鍦ㄤ竴璧凤紝鍗冲緱鍒扮殑鏄€渦id=zhangsan,dc=foo,dc=bar,dc=com鈥濅綔涓虹敤鎴风殑dn鏌ユ壘锛岃€岃姝g‘鐨勬煡鎵惧簲璇ヤ负鈥渦id=zhangsan,ou=dev1,ou=dev1,ou=dev,ou=users,dc=foo,dc=bar,dc=com鈥?鍥犳鎬绘槸鎻愮ず鎴戜滑鏃犳硶鐧婚檰銆?/p>
function ldap_auth( $username, $password, $directory ) { $result = false; if ( $directory == "ad" ) { $result = $this->adldap->authenticate( $username, $password ); } elseif ( $directory == "ol" ) { $this->ldap = ldap_connect( join(' ', (array)$this->get_setting('domain_controllers')), (int)$this->get_setting('ldap_port') ); ldap_set_option($this->ldap, LDAP_OPT_PROTOCOL_VERSION, (int)$this->get_setting('ldap_version')); if ( str_true($this->get_setting('use_tls')) ) { ldap_start_tls($this->ldap); } $ldapbind = @ldap_bind($this->ldap, $this->get_setting('ol_login') .'=' . $username . ',' . $this->get_setting('base_dn'), $password); $result = $ldapbind; } return apply_filters($this->prefix . 'ldap_auth', $result); }
聽 聽聽 聽 聽 e).淇敼鏌ユ壘閮ㄥ垎锛屽厛鐢╱id鍘绘煡鎵炬纭殑dn锛岀劧鍚庣敤姝g‘鐨刣n鍜宲assword鍘荤粦瀹氾紝绾㈣壊閮ㄥ垎涓轰慨鏀广€?/p>
聽 聽聽 聽 聽 f).鏈€缁堜唬鐮佸涓嬶細
function ldap_auth( $username, $password, $directory ) { $result = false; if ( $directory == "ad" ) { $result = $this->adldap->authenticate( $username, $password ); } elseif ( $directory == "ol" ) { $this->ldap = ldap_connect( join(' ', (array)$this->get_setting('domain_controllers')), (int)$this->get_setting('ldap_port') ); ldap_set_option($this->ldap, LDAP_OPT_PROTOCOL_VERSION, (int)$this->get_setting('ldap_version')); if ( str_true($this->get_setting('use_tls')) ) { ldap_start_tls($this->ldap); } //add by gogo1217 $search=@ldap_search($this->ldap,$this->get_setting('base_dn'),$this->get_setting('ol_login') .'=' .$username); $dn=@ldap_get_entries($this->ldap,$search); //浠庤幏鍙栧埌鐨勬暟缁勫彇鍑虹敤鎴穌n锛屾病鏈夌敤鎴穌n淇敼涓嶄簡瀵嗙爜銆? for ($i=0; $i<$dn["count"]; $i++){ $user_dn= $dn[$i]["dn"]; } $ldapbind = @ldap_bind($this->ldap, $user_dn, $password); //end by gogo1217 //$ldapbind = @ldap_bind($this->ldap, $this->get_setting('ol_login') .'=' . $username . ',' . $this->get_setting('base_dn'), $password); $result = $ldapbind; } return apply_filters($this->prefix . 'ldap_auth', $result); }
聽 聽 聽 g).LDAP涓鍚嶄腑鏂囦贡鐮侀棶棰橈細
杩欐槸鍥犱负鎻掍欢涓涓枃杩涜浜嗚浆鐮侊紝鍘绘帀杞爜鍗冲彲锛屽垹闄ょ孩棰滆壊閮ㄥ垎涓殑sanitize_title鍑芥暟鍖呰9锛?/p>
聽
聽
聽3銆丄ctive Directory Integration鎻掍欢淇敼锛?/p>
聽 聽 聽 a).涓嬭浇骞跺惎鐢ˋctive Directory Integration锛?/p>
聽 聽 聽 b).鍦ㄩ厤缃ā鍧椾腑鎵惧埌Active Directory Integration Settings,濉啓Server閫夐」鍗′腑鐨凩DAP鐨勬湇鍔″櫒IP鍦板潃鍜宐aseDN銆?/p>
聽 聽 聽 c).淇濆瓨鍚庯紝鍙戠幇杈撳叆姝g‘鐨勭敤鎴峰悕鍜屽瘑鐮佸悗锛屾棤娉曠櫥闄嗐€?/p>
聽 聽 聽 d).缈讳簡缈绘彃浠剁殑婧愮爜锛屽彂鐜颁娇鐢╝d_ldap/adLDAP.php鏉ラ摼鎺DAP锛屼粬灏嗚緭鍏ョ殑鐢ㄦ埛鍚嶅拰鎴戜滑鍦║ser閰嶇疆椤甸潰涓敤鎴峰悗缂€閾炬帴鍦ㄤ竴璧凤紝鐢变簬鎴戞病鏈夐厤缃悗缂€鍗冲緱鍒扮殑鏄€渮hangsan鈥濅綔涓虹敤鎴风殑dn鏌ユ壘锛岃€岃姝g‘鐨勬煡鎵惧簲璇ヤ负鈥渦id=zhangsan,ou=dev1,ou=dev1,ou=dev,ou=users,dc=foo,dc=bar,dc=com鈥?鍥犳鎬绘槸鎻愮ず鎴戜滑鏃犳硶鐧婚檰銆?/p>
/** * Validate a user's login credentials * * @param string $username A user's AD username * @param string $password A user's AD password * @param bool optional $prevent_rebind * @return bool */ public function authenticate($username, $password, $prevent_rebind = false) { // Prevent null binding if ($username === NULL || $password === NULL) { return false; } if (empty($username) || empty($password)) { return false; } // Bind as the user $ret = true; $this->_bind = @ldap_bind($this->_conn, $username . $this->_account_suffix, $password); if (!$this->_bind){ $ret = false; }
聽 聽 聽 e).淇敼鏌ユ壘閮ㄥ垎锛屽厛鐢╱id鍘绘煡鎵炬纭殑dn锛岀劧鍚庣敤姝g‘鐨刣n鍜宲assword鍘荤粦瀹氾紝绾㈣壊閮ㄥ垎涓轰慨鏀广€?/p>
聽 聽 聽 f).鏈€缁堜唬鐮佸涓嬶細
/** * Validate a user's login credentials * * @param string $username A user's AD username * @param string $password A user's AD password * @param bool optional $prevent_rebind * @return bool */ public function authenticate($username, $password, $prevent_rebind = false) { // Prevent null binding if ($username === NULL || $password === NULL) { return false; } if (empty($username) || empty($password)) { return false; } // Bind as the user $ret = true; //add by liushimin $search=@ldap_search($this->_conn,$this->_base_dn,"uid=".$username); $dn=@ldap_get_entries($this->_conn,$search); //浠庤幏鍙栧埌鐨勬暟缁勫彇鍑虹敤鎴穌n锛屾病鏈夌敤鎴穌n淇敼涓嶄簡瀵嗙爜銆? for ($i=0; $i<$dn["count"]; $i++){ $user_dn= $dn[$i]["dn"]; } //end by liushimin $this->_bind = @ldap_bind($this->_conn, $user_dn, $password); //$this->_bind = @ldap_bind($this->_conn, $username . $this->_account_suffix, $password); if (!$this->_bind){ $ret = false; }
聽
聽
4銆佸姣?涓彃浠讹紝閮芥槸鍦ㄧ敤鎴风櫥闄嗙殑鏃跺€欏幓LDAP妫€绱紝骞朵笖鍙戠幇鏈湴娌℃湁鐢ㄦ埛锛屽垯鍒涘缓涓€涓柊鐨勭敤鎴峰苟璧嬩簣鎸囧畾鐨勮鑹层€?/p>