* Fix LDAP encryption labels and allow ignore part of DNs

* Use StartWith for ignore DN matching

* updated Changelog
This commit is contained in:
Lucas Bartholemy 2024-02-07 12:28:01 +01:00 committed by GitHub
parent 5c663f54ae
commit ec72cca8c3
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 11 additions and 5 deletions

View File

@ -56,3 +56,4 @@ HumHub Changelog
- Enh #6812: Reduce people filter options depending on what filtered users have
- Fix #6810: Top menu on small screens: the previous page remains active when the new page is in the drop-down submenu
- Fix #6830: Wrong view filename after module enabling
- Enh #6838: Fix LDAP encryption labels and allow ignore also part of DNs

View File

@ -486,8 +486,11 @@ class LdapAuth extends BaseFormAuth implements AutoSyncUsers, SyncAttributes, Ap
$authClient = null;
$ids = [];
foreach ($this->getUserCollection() as $ldapEntry) {
if (in_array(strtolower($ldapEntry['dn']), $this->ignoredDNs)) {
continue;
$dn = strtolower($ldapEntry['dn']);
foreach ($this->ignoredDNs as $ignoredDN) {
if (str_starts_with($dn, strtolower($ignoredDN))) {
continue 2;
}
}
$authClient = $this->getAuthClientInstance($ldapEntry);

View File

@ -104,8 +104,8 @@ class LdapSettings extends Model
*/
public $encryptionTypes = [
'' => 'None',
'tls' => 'TLS (aka SSLV2)',
'ssl' => 'SSL',
'tls' => 'StartTLS',
'ssl' => 'SSL/TLS',
];
/**
@ -159,7 +159,6 @@ class LdapSettings extends Model
public function attributeHints()
{
return [
'encryption' => Yii::t('LdapModule.base', 'A TLS/SSL is strongly favored in production environments to prevent passwords from be transmitted in clear text.'),
'username' => Yii::t('LdapModule.base', 'The default credentials username. Some servers require that this be in DN form. This must be given in DN form if the LDAP server requires a DN to bind and binding should be possible with simple usernames.'),
'passwordField' => Yii::t('LdapModule.base', 'The default credentials password (used only with username above).'),
'baseDn' => Yii::t('LdapModule.base', 'The default base DN used for searching for accounts.'),

View File

@ -62,12 +62,15 @@ use humhub\modules\ui\form\widgets\ActiveForm;
<?= $form->field($model, 'encryption')->dropDownList($model->encryptionTypes) ?>
<?= $form->field($model, 'username')->textInput() ?>
<?= $form->field($model, 'passwordField')->passwordInput() ?>
<?= $form->field($model, 'baseDn')->textInput() ?>
<?= $form->field($model, 'loginFilter')->textArea() ?>
<?= $form->field($model, 'userFilter')->textArea() ?>
<?= $form->field($model, 'usernameAttribute')->textInput() ?>
<?= $form->field($model, 'emailAttribute')->textInput() ?>
<?= $form->field($model, 'idAttribute')->textInput() ?>
<?= $form->field($model, 'refreshUsers')->checkbox() ?>
<?= $form->beginCollapsibleFields(Yii::t('AdminModule.base', 'Advanced settings')); ?>