From 5a088b9cecda8c8ae7bc28fc39c7483331be397d Mon Sep 17 00:00:00 2001 From: M.Gergo Date: Mon, 22 Feb 2021 04:00:09 +0100 Subject: M2L: ldap_open() --- "egy\303\251b/nextcloud/mayor-ldap.php" | 157 ++++++++++++++++------- "egy\303\251b/nextcloud/mayor-nextcloud.cfg.php" | 7 +- 2 files changed, 117 insertions(+), 47 deletions(-) diff --git "a/egy\303\251b/nextcloud/mayor-ldap.php" "b/egy\303\251b/nextcloud/mayor-ldap.php" index a4e15168..b9a6c74d 100644 --- "a/egy\303\251b/nextcloud/mayor-ldap.php" +++ "b/egy\303\251b/nextcloud/mayor-ldap.php" @@ -41,6 +41,16 @@ $cfg['allapot_tartas'] = "2018-06-14"; //A jelölt napnak megfelelő állapot b $cfg['infotxt_szöveg'] = "info.txt"; $cfg['verbose'] = 3 ; + + +$cfg['ldap_server'] = "ldaps://windows.iskola.hu:636"; //Jelszóváltoztatást csak TLS/SSL porton enged a windows! +$cfg['ldap_reqCert'] = "allow"; // Ellenőrizze-e a certet: "true" "allow" "never" +$cfg['ldap_baseDn'] = "DC=ad,DC=iskola,DC=hu"; +$cfg['ldap_rootBindDn'] = "CN=LDAP_ADATCSERE_ADMIN,CN=Users,DC=ad,DC=iskola,DC=hu"; +$cfg['ldap_rootBindPw'] = ""; + + + $occ_path = "/var/www/nextcloud/"; $occ_user = "www-data"; $nxt_version = 0; @@ -133,7 +143,8 @@ function rnescp($str){ //Escape strings } -if (function_exists('mysqli_connect') and version_compare(phpversion(), '5.0', '>=')) { //MySQLi (Improved) és php7 kell! + +if (function_exists('mysqli_connect') and function_exists('ldap_search') and version_compare(phpversion(), '5.0', '>=')) { //MySQLi (Improved) és php7 kell! function db_connect($db = ""){ global $log,$cfg; @@ -155,6 +166,49 @@ if (function_exists('mysqli_connect') and version_compare(phpversion(), '5.0', ' } // bezár: mysqli_close($link); + + + function ldap_open($host = ""){ + global $cfg, $log; + + if(empty($host)){ + $host = $cfg['ldap_server']; + } + if ($log['verbose'] > 0 ){ echo "***\tLDAP kapcsolódás. ('".$host."')\n"; } + $ld = ldap_connect($host); + + if($ld !== False){ + + if($cfg['ldap_reqCert'] == "never"){ //Mennyire legyen szigorú a CERT-ekkel + ldap_set_option($ld, LDAP_OPT_X_TLS_REQUIRE_CERT, LDAP_OPT_X_TLS_NEVER); + } else if($cfg['ldap_reqCert'] == "allow"){ + ldap_set_option($ld, LDAP_OPT_X_TLS_REQUIRE_CERT, LDAP_OPT_X_TLS_ALLOW); + } else if($cfg['ldap_reqCert'] == "true"){ + ldap_set_option($ld, LDAP_OPT_X_TLS_REQUIRE_CERT, LDAP_OPT_X_TLS_HARD); + } else { + ldap_set_option($ld, LDAP_OPT_X_TLS_REQUIRE_CERT, LDAP_OPT_X_TLS_TRY); + } + ldap_set_option($ld, LDAP_OPT_NETWORK_TIMEOUT, 10); //Szerver felülbírálhatja + ldap_set_option($ld, LDAP_OPT_PROTOCOL_VERSION, 3); + ldap_set_option($ld, LDAP_OPT_REFERRALS, 0); //Így azért gyorsabb + ldap_set_option($ld, LDAP_OPT_MATCHED_DN, $cfg['ldap_baseDn']); //Jobb, ha mindjárt az elején beállítjuk + + if(ldap_bind($ld, $cfg['ldap_rootBindDn'], $cfg['ldap_rootBindPw']) === FALSE){ + $ern = ldap_errno($ld); + echo "\n**** Sikertelen kapcsolódás! **** ('".$host."') info:".ldap_err2str($ern)." [$ern] \n\n"; + return null; + } else { + if ($log['verbose'] > 0 ){ echo "*\tSikeres kapcsolódás. ('".$host."') info:".ldap_error($ld)."\n\n"; } + return $ld; + } + } else { + echo "\n**** Sikertelen kapcsolódás! **** ('".$host."') info:".ldap_error($ld)."\n\n"; + return null; + } + } + // bezár: ldap_close($ldap); + + function script_install($l){ global $cfg,$log; if(mysqli_query($l, "SELECT * FROM ".$cfg['db_m2n_db'].".".$cfg['db_m2n_prefix']."register LIMIT 10;" ) == FALSE ){ //nincs nyilvántartás @@ -833,35 +887,59 @@ if (function_exists('mysqli_connect') and version_compare(phpversion(), '5.0', ' return $ret; } -//----------------------------------------------------------------------------------------------------------------------------------------------------- -var_dump( version_compare(phpversion(), '7.0', '<=')); -echo "\n\n".phpversion()."\n\n"; +//--------------------------------------------------------------------------------------------------------------------------------------------// +// RUN -- RUN -- RUN -- RUN -- RUN -- RUN -- RUN -- RUN -- RUN -- RUN -- RUN -- RUN -- RUN -- RUN -- RUN -- RUN // +//--------------------------------------------------------------------------------------------------------------------------------------------// + -die(); -$server = "10.100.3.3"; //this is the LDAP server you're connecting with -$port = "636"; -$ld = ldap_connect("ldaps://$server:$port"); //always connect securely via LDAPS when possible + if(true){ echo "\n\n###################################################\n" ;} + if(true){ echo "######## Mayor-Nextcloud Script ########\n"; } + if(true){ echo "######## Start: ".date("Y-m-d H:i:s")." ########\n"; } + $t_start = microtime(true); + + if(!isset($cfg['allapot_tartas']) or empty($cfg['allapot_tartas']) or $cfg['allapot_tartas'] == "1970-01-01"){ //A jelölt nap állapotának betöltése + $cfg['allapot_tartas'] = date("Y-m-d"); + } + if(true) { echo "######## A (".$cfg['allapot_tartas'].")-i állapot szerint. ########\n"; } + if(true){ echo "###################################################\n" ;} + + if(true) { echo "\n*** M2N Config betöltése: ($cfgfile fájlból.) ***\n\n"; } + if($printconfig === true or $debug === true){ + echo "\n Betöltött Konfig:\n"; + $m2l = $cfg; + $m2l['infotxt_szöveg'] = "<-- TEXT -->"; //Túl hosszú lenne kiprintelni + var_export($m2l); + echo "\n"; + } + $log['verbose'] = $cfg['verbose']; + if($debug === true) {$log['verbose'] = 1000; $printpasswds = true;} + if( $cfg['always_set_diak_quota'] === true && $log['verbose'] < 4 ){ $log['verbose'] = 4; } -ldap_set_option($ld, LDAP_OPT_X_TLS_REQUIRE_CERT, LDAP_OPT_X_TLS_NEVER); -// LDAP_OPT_X_TLS_NEVER, LDAP_OPT_X_TLS_HARD, LDAP_OPT_X_TLS_DEMAND, LDAP_OPT_X_TLS_ALLOW, LDAP_OPT_X_TLS_TRY -ldap_set_option($ld, LDAP_OPT_NETWORK_TIMEOUT, 10); -ldap_set_option($ld, LDAP_OPT_PROTOCOL_VERSION, 3); -ldap_set_option($ld, LDAP_OPT_REFERRALS, 0); + + - -$basedn = "DC=ad,DC=bmrg,DC=lan"; -ldap_set_option($ld, LDAP_OPT_MATCHED_DN, $basedn); -$ldapbind = ldap_bind($ld, $cfg['rootBindDn'], $cfg['rootBindPass']); //this is the point we are authenticating -print_r($ldapbind); -echo "\n---\n"; + + +//----------------------------------------------------------------------------------------------------------------------------------------------------- + + + + +$ld = ldap_open(); + +function ldap_find(){ + + + +} $dn = "dc=ad,dc=bmrg,dc=lan"; //very important: in which part of your database are you looking $filter = "(objectclass=*)"; //don't filter anyone out (every user has a uid) @@ -881,37 +959,26 @@ ldap_close($ld); +die(); + + + + + + + + + + + + + + -//--------------------------------------------------------------------------------------------------------------------------------------------// -// RUN -- RUN -- RUN -- RUN -- RUN -- RUN -- RUN -- RUN -- RUN -- RUN -- RUN -- RUN -- RUN -- RUN -- RUN -- RUN // -//--------------------------------------------------------------------------------------------------------------------------------------------// - - if(true){ echo "\n\n###################################################\n" ;} - if(true){ echo "######## Mayor-Nextcloud Script ########\n"; } - if(true){ echo "######## Start: ".date("Y-m-d H:i:s")." ########\n"; } - $t_start = microtime(true); - - if(!isset($cfg['allapot_tartas']) or empty($cfg['allapot_tartas']) or $cfg['allapot_tartas'] == "1970-01-01"){ //A jelölt nap állapotának betöltése - $cfg['allapot_tartas'] = date("Y-m-d"); - } - if(true) { echo "######## A (".$cfg['allapot_tartas'].")-i állapot szerint. ########\n"; } - if(true){ echo "###################################################\n" ;} - if(true) { echo "\n*** M2N Config betöltése: ($cfgfile fájlból.) ***\n\n"; } - if($printconfig === true or $debug === true){ - echo "\n Betöltött Konfig:\n"; - $m2l = $cfg; - $m2l['infotxt_szöveg'] = "<-- TEXT -->"; //Túl hosszú lenne kiprintelni - var_export($m2l); - echo "\n"; - } - $log['verbose'] = $cfg['verbose']; - if($debug === true) {$log['verbose'] = 1000; $printpasswds = true;} - if( $cfg['always_set_diak_quota'] === true && $log['verbose'] < 4 ){ $log['verbose'] = 4; } - //------------------------------------------------------------------------------------------------------------------------------- $ret = nxt_get_version(); diff --git "a/egy\303\251b/nextcloud/mayor-nextcloud.cfg.php" "b/egy\303\251b/nextcloud/mayor-nextcloud.cfg.php" index dc5d8c54..bec82d67 100644 --- "a/egy\303\251b/nextcloud/mayor-nextcloud.cfg.php" +++ "b/egy\303\251b/nextcloud/mayor-nextcloud.cfg.php" @@ -41,8 +41,11 @@ $cfg['kihagy'] = array(); //pl: array('Trap.Pista', 'Ebeed.Elek', '22att') $cfg['verbose'] = 3 ; -$cfg['ad_rootBindDn'] = "CN=LDAP_ADATCSERE_ADMIN,CN=Users,DC=ad,DC=iskola,DC=hu"; -$cfg['ad_rootBindPass'] = ""; +$cfg['ldap_server'] = "ldaps://windows.iskola.hu:636"; //Jelszóváltoztatást csak TLS/SSL porton enged a windows! +$cfg['ldap_reqCert'] = "allow"; // Ellenőrizze-e a certet: "true" "allow" "never" +$cfg['ldap_baseDn'] = "DC=ad,DC=iskola,DC=hu"; +$cfg['ldap_rootBindDn'] = "CN=LDAP_ADATCSERE_ADMIN,CN=Users,DC=ad,DC=iskola,DC=hu"; +$cfg['ldap_rootBindPw'] = ""; $occ_path = "/var/www/nextcloud/"; -- cgit v1.2.3