Version modifiée
David
Le Tue, 29 Jan 2013 15:43:12 +0100
David DURIEUX <[email protected]> a écrit:
>Bonjour,
>
>Voici le patch afin de remplir la fiche utilisateur à partir des infos
>d'un serveur d'authentification central (SSO) de type Shibboleth ou
>LemonLDAP::NG .
>
>Afin de tester, tu peux mettre ces infos au tout début du fichier
>login.php :
>
>$_SERVER['REMOTE_USER'] = 'totoA';
>$_SERVER['name'] = "cromagnon";
>$_SERVER['email'] = "[email protected]";
>
>
>Attention! ceci ne fonctionnera pas s'il y a un ou plusiuers serveur
>LDAP d'activé.
>
>
>J'ai également ajouté le fait que ça passe dans le moteur de règle des
>habilitations pour ce cas là, et j'ai ajouté le critère LOGIN dans ces
>même règles.
>
>
>
>Cordialement,
>--
>David DURIEUX
>Tel : +33 (0)4.82.53.30.53
>Mail : [email protected]
>Site Web : http://www.siprossii.com/
>
>SIPROSSII
>Les Lafôrets
>69430 Beaujeu
>FRANCE
Index: inc/auth.class.php
===================================================================
--- inc/auth.class.php (revision 20101)
+++ inc/auth.class.php (working copy)
@@ -327,6 +327,11 @@
}
if (self::isValidLogin($login)) {
$this->user->fields['name'] = $login;
+ // Get data from SSO if defined
+ $ret = $this->user->getFromSSO();
+ if (!$ret) {
+ return false;
+ }
return true;
}
break;
@@ -514,12 +519,18 @@
}
}
}
- //If user is set as present in GLPI but no LDAP DN found : it means that the user
- //is not present in an ldap directory anymore
- if (!$user_dn
- && $this->user_present) {
- $user_deleted_ldap = true;
- $this->user_deleted_ldap = true;
+ if (count($ldapservers) == 0
+ && $authtype == self::EXTERNAL) {
+ // Case of using external auth and no LDAP servers, so get data from external auth
+ $this->user->getFromSSO();
+ } else {
+ //If user is set as present in GLPI but no LDAP DN found : it means that the user
+ //is not present in an ldap directory anymore
+ if (!$user_dn
+ && $this->user_present) {
+ $user_deleted_ldap = true;
+ $this->user_deleted_ldap = true;
+ }
}
// Reset to secure it
$this->user->fields['name'] = $login_name;
@@ -1127,10 +1138,95 @@
Dropdown::showYesNo('existing_auth_server_field_clean_domain',
$CFG_GLPI['existing_auth_server_field_clean_domain']);
echo "</td></tr>\n";
+
+ echo "<tr class='tab_bg_2'>";
+ echo "<td class='center'>" . __('Surname') . "</td>";
+ echo "<td><input type='text' name='realname_ssofield' value='".
+ $CFG_GLPI['realname_ssofield']."'></td>";
+ echo "</tr>\n";
+
+ echo "<tr class='tab_bg_2'>";
+ echo "<td class='center'>" . __('First name') . "</td>";
+ echo "<td><input type='text' name='firstname_ssofield' value='".
+ $CFG_GLPI['firstname_ssofield']."'></td>";
+ echo "</tr>\n";
+
+ echo "<tr class='tab_bg_2'>";
+ echo "<td class='center'>" . __('Comments') . "</td>";
+ echo "<td><input type='text' name='comment_ssofield' value='".
+ $CFG_GLPI['comment_ssofield']."'>";
+ echo "</td>";
+ echo "</tr>\n";
+
+ echo "<tr class='tab_bg_2'>";
+ echo "<td class='center'>" . __('Administrative number') . "</td>";
+ echo "<td><input type='text' name='registration_number_ssofield' value='".
+ $CFG_GLPI['registration_number_ssofield']."'>";
+ echo "</td>";
+ echo "</tr>\n";
+
+ echo "<tr class='tab_bg_2'>";
+ echo "<td class='center'>" . __('Email') . "</td>";
+ echo "<td><input type='text' name='email1_ssofield' value='".$CFG_GLPI['email1_ssofield']."'>";
+ echo "</td>";
+ echo "</tr>\n";
+
+ echo "<tr class='tab_bg_2'>";
+ echo "<td class='center'>" . sprintf(__('%1$s %2$s'),_n('Email','Emails',1), '2') . "</td>";
+ echo "<td><input type='text' name='email2_ssofield' value='".$CFG_GLPI['email2_ssofield']."'>";
+ echo "</td>";
+ echo "</tr>\n";
+
+ echo "<tr class='tab_bg_2'>";
+ echo "<td class='center'>" . sprintf(__('%1$s %2$s'),_n('Email','Emails',1), '3') . "</td>";
+ echo "<td><input type='text' name='email3_ssofield' value='".$CFG_GLPI['email3_ssofield']."'>";
+ echo "</td>";
+ echo "</tr>\n";
+
+ echo "<tr class='tab_bg_2'>";
+ echo "<td class='center'>" . sprintf(__('%1$s %2$s'),_n('Email','Emails',1), '4') . "</td>";
+ echo "<td><input type='text' name='email4_ssofield' value='".$CFG_GLPI['email4_ssofield']."'>";
+ echo "</td>";
+ echo "</tr>\n";
+
+ echo "<tr class='tab_bg_2'>";
+ echo "<td class='center'>" . __('Phone') . "</td>";
+ echo "<td><input type='text' name='phone_ssofield'value='".$CFG_GLPI['phone_ssofield']."'>";
+ echo "</td>";
+ echo "</tr>\n";
+
+ echo "<tr class='tab_bg_2'>";
+ echo "<td class='center'>" . __('Phone 2') . "</td>";
+ echo "<td><input type='text' name='phone2_ssofield'value='".$CFG_GLPI['phone2_ssofield']."'>";
+ echo "</td>";
+ echo "</tr>\n";
+
+ echo "<tr class='tab_bg_2'>";
+ echo "<td class='center'>" . __('Mobile phone') . "</td>";
+ echo "<td><input type='text' name='mobile_ssofield'value='".$CFG_GLPI['mobile_ssofield']."'>";
+ echo "</td>";
+ echo "</tr>\n";
+
+ echo "<tr class='tab_bg_2'>";
+ echo "<td class='center'>" . _x('person','Title') . "</td>";
+ echo "<td><input type='text' name='title_ssofield' value='".$CFG_GLPI['title_ssofield']."'>";
+ echo "</td>";
+ echo "</tr>\n";
+
+ echo "<tr class='tab_bg_2'>";
+ echo "<td class='center'>" . __('Category') . "</td>";
+ echo "<td><input type='text' name='category_ssofield' value='".
+ $CFG_GLPI['category_ssofield']."'></td>";
+ echo "</tr>\n";
+
+ echo "<tr class='tab_bg_2'>";
+ echo "<td class='center'>" . __('Language') . "</td>";
+ echo "<td><input type='text' name='language_ssofield' value='".
+ $CFG_GLPI['language_ssofield']."'></td></tr>";
echo "<tr class='tab_bg_1'><td class='center' colspan='2'>";
echo "<input type='submit' name='update' class='submit' value=\"".__s('Save')."\" >";
- echo "</td></tr>";
+ echo "</td></tr>\n";
echo "</table></div>\n";
Html::closeForm();
Index: inc/ruleright.class.php
===================================================================
--- inc/ruleright.class.php (revision 20101)
+++ inc/ruleright.class.php (working copy)
@@ -277,6 +277,13 @@
$criterias['MAIL_EMAIL']['linkfield'] = '';
$criterias['MAIL_EMAIL']['virtual'] = true;
$criterias['MAIL_EMAIL']['id'] = 'mail_email';
+
+ $criterias['LOGIN']['table'] = '';
+ $criterias['LOGIN']['field'] = '';
+ $criterias['LOGIN']['name'] = __('Login');
+ $criterias['LOGIN']['linkfield'] = '';
+ $criterias['LOGIN']['virtual'] = true;
+ $criterias['LOGIN']['id'] = 'login';
$criterias['GROUPS']['table'] = 'glpi_groups';
$criterias['GROUPS']['field'] = 'completename';
Index: inc/rulerightcollection.class.php
===================================================================
--- inc/rulerightcollection.class.php (revision 20101)
+++ inc/rulerightcollection.class.php (working copy)
@@ -255,6 +255,10 @@
return $rule_parameters;
}
return $rule_input;
+ } else if ($params["type"] == "SSO") {
+ $rule_parameters["MAIL_EMAIL"] = $params["email"];
+ $rule_parameters["LOGIN"] = $params["login"];
+ return $rule_parameters;
}
//IMAP/POP login method
$rule_parameters["MAIL_SERVER"] = $params["mail_server"];
Index: inc/user.class.php
===================================================================
--- inc/user.class.php (revision 20101)
+++ inc/user.class.php (working copy)
@@ -950,7 +950,8 @@
if (isset($this->fields["id"]) && ($this->fields["id"] > 0)) {
$authtype = Auth::getMethodsByID($this->fields["authtype"], $this->fields["auths_id"]);
- if (count($authtype)) {
+ if (count($authtype)
+ || $this->fields["authtype"] == Auth::EXTERNAL) {
// Clean emails
$this->input["_emails"] = array_unique ($this->input["_emails"]);
@@ -1444,7 +1445,101 @@
} // getFromIMAP()
+
/**
+ * Function that try to load from the SSO server the user information...
+ **/
+ function getFromSSO() {
+ global $DB, $CFG_GLPI;
+
+ $a_field = array();
+ foreach ($CFG_GLPI as $key=>$value) {
+ if (!is_array($value)
+ && strstr($key, "_ssofield")
+ && !empty($value)) {
+ $key = str_replace('_ssofield', '', $key);
+ $a_field[$key] = $value;
+ }
+ }
+
+ if (count($a_field) == 0) {
+ return true;
+ }
+ $this->fields['_ruleright_process'] = true;
+ foreach ($a_field as $field=>$value) {
+ if (!isset($_SERVER[$value])
+ || empty($_SERVER[$value])) {
+ switch ($field) {
+ case "title" :
+ $this->fields['usertitles_id'] = 0;
+ break;
+ case "category" :
+ $this->fields['usercategories_id'] = 0;
+ break;
+
+ default :
+ $this->fields[$field] = "";
+ }
+
+ } else {
+ switch ($field) {
+ case "email1" :
+ case "email2" :
+ case "email3" :
+ case "email4" :
+ // Manage multivaluable fields
+ if (!preg_match('/count/',$_SERVER[$value])) {
+ $this->fields["_emails"][] = addslashes($_SERVER[$value]);
+ }
+ // Only get them once if duplicated
+ $this->fields["_emails"] = array_unique($this->fields["_emails"]);
+ break;
+
+ case "language" :
+ $language = Config::getLanguage($_SERVER[$value]);
+ if ($language != '') {
+ $this->fields[$field] = $language;
+ }
+ break;
+
+ case "title" :
+ $this->fields['usertitles_id'] = Dropdown::importExternal('UserTitle',
+ addslashes($_SERVER[$value]));
+ break;
+
+ case "category" :
+ $this->fields['usercategories_id'] = Dropdown::importExternal('UserCategory',
+ addslashes($_SERVER[$value]));
+ break;
+
+ default :
+ $this->fields[$field] = $_SERVER[$value];
+ break;
+
+ }
+ }
+ }
+ ///Only process rules if working on the master database
+ if (!$DB->isSlave()) {
+ //Instanciate the affectation's rule
+ $rule = new RuleRightCollection();
+
+ $this->fields = $rule->processAllRules(array(), Toolbox::stripslashes_deep($this->fields),
+ array('type' => 'SSO',
+ 'email' => $this->fields["_emails"],
+ 'login' => $this->fields["name"]));
+
+ //If rule action is ignore import
+ if (isset($this->fields["_stop_import"])) {
+ return false;
+ }
+ }
+ return true;
+ }
+
+
+
+ /**
* Blank passwords field of a user in the DB
* needed for external auth users
**/
Index: install/mysql/glpi-0.84-empty.sql
===================================================================
--- install/mysql/glpi-0.84-empty.sql (revision 20101)
+++ install/mysql/glpi-0.84-empty.sql (working copy)
@@ -665,10 +665,25 @@
`duedatewarning_unit` varchar(255) COLLATE utf8_unicode_ci NOT NULL DEFAULT '%',
`duedatecritical_unit` varchar(255) COLLATE utf8_unicode_ci NOT NULL DEFAULT '%',
`ssovariables_id` int(11) NOT NULL DEFAULT '0',
+ `realname_ssofield` varchar(255) COLLATE utf8_unicode_ci DEFAULT NULL,
+ `firstname_ssofield` varchar(255) COLLATE utf8_unicode_ci DEFAULT NULL,
+ `email1_ssofield` varchar(255) COLLATE utf8_unicode_ci DEFAULT NULL,
+ `email2_ssofield` varchar(255) COLLATE utf8_unicode_ci DEFAULT NULL,
+ `email3_ssofield` varchar(255) COLLATE utf8_unicode_ci DEFAULT NULL,
+ `email4_ssofield` varchar(255) COLLATE utf8_unicode_ci DEFAULT NULL,
+ `phone_ssofield` varchar(255) COLLATE utf8_unicode_ci DEFAULT NULL,
+ `phone2_ssofield` varchar(255) COLLATE utf8_unicode_ci DEFAULT NULL,
+ `mobile_ssofield` varchar(255) COLLATE utf8_unicode_ci DEFAULT NULL,
+ `comment_ssofield` varchar(255) COLLATE utf8_unicode_ci DEFAULT NULL,
+ `title_ssofield` varchar(255) COLLATE utf8_unicode_ci DEFAULT NULL,
+ `category_ssofield` varchar(255) COLLATE utf8_unicode_ci DEFAULT NULL,
+ `language_ssofield` varchar(255) COLLATE utf8_unicode_ci DEFAULT NULL,
+ `entity_ssofield` varchar(255) COLLATE utf8_unicode_ci DEFAULT NULL,
+ `registration_number_ssofield` varchar(255) COLLATE utf8_unicode_ci DEFAULT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
-INSERT INTO `glpi_configs` VALUES ('1','0','250','15','50','30',' 0.84','5','0','admsys@localhost',NULL,NULL,NULL,'SIGNATURE','0','0','fr_FR','#fff2f2','#ffe0e0','#ffcece','#ffbfbf','#ffadad','#ff5555','2005-12-31','','443','',NULL,'0','08:00:00','20:00:00','1','0','http://localhost/glpi/','0','','','100','*','0','0','0','50','1','1','0','0',';','0','50','0',NULL,'25',NULL,NULL,'8080',NULL,'1','0','5','2',NULL,NULL,'0','2','2','2','2','1','0','1','1','1','1','0','0','0','0','0','0','0','1','1','1','1',NULL,NULL,NULL,NULL,'2097152','0','0','1','0','svg','1','1','1','{\"1\":{\"1\":1,\"2\":1,\"3\":2,\"4\":2,\"5\":2},\"2\":{\"1\":1,\"2\":2,\"3\":2,\"4\":3,\"5\":3},\"3\":{\"1\":2,\"2\":2,\"3\":3,\"4\":4,\"5\":4},\"4\":{\"1\":2,\"2\":3,\"3\":4,\"4\":4,\"5\":5},\"5\":{\"1\":2,\"2\":3,\"3\":4,\"4\":5,\"5\":5}}','62','62','0','0','0',NULL,NULL,'0','1','0','1','2','1','1','5','0','8','1','1','1','1','0','0','#06ff00','#ffb800','#ff0000','20','5','%','%','0');
+INSERT INTO `glpi_configs` VALUES ('1','0','250','15','50','30',' 0.84','5','0','admsys@localhost',NULL,NULL,NULL,'SIGNATURE','0','0','fr_FR','#fff2f2','#ffe0e0','#ffcece','#ffbfbf','#ffadad','#ff5555','2005-12-31','','443','',NULL,'0','08:00:00','20:00:00','1','0','http://localhost/glpi/','0','','','100','*','0','0','0','50','1','1','0','0',';','0','50','0',NULL,'25',NULL,NULL,'8080',NULL,'1','0','5','2',NULL,NULL,'0','2','2','2','2','1','0','1','1','1','1','0','0','0','0','0','0','0','1','1','1','1',NULL,NULL,NULL,NULL,'2097152','0','0','1','0','svg','1','1','1','{\"1\":{\"1\":1,\"2\":1,\"3\":2,\"4\":2,\"5\":2},\"2\":{\"1\":1,\"2\":2,\"3\":2,\"4\":3,\"5\":3},\"3\":{\"1\":2,\"2\":2,\"3\":3,\"4\":4,\"5\":4},\"4\":{\"1\":2,\"2\":3,\"3\":4,\"4\":4,\"5\":5},\"5\":{\"1\":2,\"2\":3,\"3\":4,\"4\":5,\"5\":5}}','62','62','0','0','0',NULL,NULL,'0','1','0','1','2','1','1','5','0','8','1','1','1','1','0','0','#06ff00','#ffb800','#ff0000','20','5','%','%','0', NULL, NULL, NULL, NULL, NU
LL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL);
### Dump table glpi_consumableitems
Index: install/update_0831_084.php
===================================================================
--- install/update_0831_084.php (revision 20101)
+++ install/update_0831_084.php (working copy)
@@ -955,7 +955,22 @@
$migration->addField("glpi_configs", 'duedatecritical_less',"integer", array('value' => 5));
$migration->addField("glpi_configs", 'duedatewarning_unit', "string", array('value' => '%'));
$migration->addField("glpi_configs", 'duedatecritical_unit', "string", array('value' => '%'));
-
+ $migration->addField("glpi_configs", "realname_ssofield", "string");
+ $migration->addField("glpi_configs", "firstname_ssofield", "string");
+ $migration->addField("glpi_configs", "email1_ssofield", "string");
+ $migration->addField("glpi_configs", "email2_ssofield", "string");
+ $migration->addField("glpi_configs", "email3_ssofield", "string");
+ $migration->addField("glpi_configs", "email4_ssofield", "string");
+ $migration->addField("glpi_configs", "phone_ssofield", "string");
+ $migration->addField("glpi_configs", "phone2_ssofield", "string");
+ $migration->addField("glpi_configs", "mobile_ssofield", "string");
+ $migration->addField("glpi_configs", "comment_ssofield", "string");
+ $migration->addField("glpi_configs", "title_ssofield", "string");
+ $migration->addField("glpi_configs", "category_ssofield", "string");
+ $migration->addField("glpi_configs", "language_ssofield", "string");
+ $migration->addField("glpi_configs", "entity_ssofield", "string");
+ $migration->addField("glpi_configs", "registration_number_ssofield", "string");
+
$migration->addField("glpi_users", "notification_to_myself", "tinyint(1) DEFAULT NULL");
$migration->addField("glpi_users", 'duedateok_color', "string");
$migration->addField("glpi_users", 'duedatewarning_color', "string");
_______________________________________________
Glpi-dev mailing list
[email protected]
https://mail.gna.org/listinfo/glpi-dev
