mirror of
https://github.com/moodle/moodle.git
synced 2025-01-29 19:50:14 +01:00
MDL-3941 auth/cas auth/ldap enrol/ldap Add support for LDAP-TLS.
Credit goes to Chris Bandy for proposing the initial patch.
This commit is contained in:
Iñaki Arenaza
Iñaki Arenaza
parent
03953061ca
commit
326929d54a
@ -280,6 +280,9 @@ class auth_plugin_cas extends auth_plugin_ldap {
|
||||
if (!isset($config->host_url)) {
|
||||
$config->host_url = '';
|
||||
}
|
||||
if (!isset($config->start_tls)) {
|
||||
$config->start_tls = false;
|
||||
}
|
||||
if (empty($config->ldapencoding)) {
|
||||
$config->ldapencoding = 'utf-8';
|
||||
}
|
||||
@ -345,6 +348,7 @@ class auth_plugin_cas extends auth_plugin_ldap {
|
||||
|
||||
// save LDAP settings
|
||||
set_config('host_url', trim($config->host_url), $this->pluginconfig);
|
||||
set_config('start_tls', $config->start_tls, $this->pluginconfig);
|
||||
set_config('ldapencoding', trim($config->ldapencoding), $this->pluginconfig);
|
||||
set_config('pagesize', (int)trim($config->pagesize), $this->pluginconfig);
|
||||
set_config('contexts', trim($config->contexts), $this->pluginconfig);
|
||||
|
||||
@ -41,6 +41,9 @@ if (!isset($config->logout_return_url)) {
|
||||
if (!isset($config->host_url)) {
|
||||
$config->host_url = '';
|
||||
}
|
||||
if (!isset($config->start_tls)) {
|
||||
$config->start_tls = false;
|
||||
}
|
||||
if (empty($config->ldapencoding)) {
|
||||
$config->ldapencoding = 'utf-8';
|
||||
}
|
||||
@ -235,7 +238,7 @@ $yesno = array( get_string('no'), get_string('yes') );
|
||||
</td>
|
||||
</tr>
|
||||
<tr valign="top" class="required">
|
||||
<td align="right"><label for="menuldap_version"><?php print_string('auth_ldap_version_key', 'auth_ldap') ?></label></td>
|
||||
<td align="right"><label for="ldap_version"><?php print_string('auth_ldap_version_key', 'auth_ldap') ?></label></td>
|
||||
<td>
|
||||
<?php
|
||||
$versions = array();
|
||||
@ -249,6 +252,17 @@ $yesno = array( get_string('no'), get_string('yes') );
|
||||
<?php print_string('auth_ldap_version', 'auth_ldap') ?>
|
||||
</td>
|
||||
</tr>
|
||||
<tr valign="top">
|
||||
<td align="right">
|
||||
<label for="start_tls"><?php print_string('start_tls_key', 'auth_ldap') ?></label>
|
||||
</td>
|
||||
<td>
|
||||
<?php echo html_writer::select($yesno, 'start_tls', $config->start_tls, false); ?>
|
||||
</td>
|
||||
<td>
|
||||
<?php print_string('start_tls', 'auth_ldap') ?>
|
||||
</td>
|
||||
</tr>
|
||||
<tr valign="top" class="required">
|
||||
<td align="right">
|
||||
<label for="ldapencoding"><?php print_string('auth_ldap_ldap_encoding_key', 'auth_ldap') ?></label>
|
||||
|
||||
@ -21,7 +21,7 @@
|
||||
* @subpackage cas
|
||||
* @author Martin Dougiamas
|
||||
* @author Jerome GUTIERREZ
|
||||
* @author Iñaky Arenaza
|
||||
* @author Iñaki Arenaza
|
||||
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
|
||||
*/
|
||||
|
||||
|
||||
@ -1726,6 +1726,9 @@ class auth_plugin_ldap extends auth_plugin_base {
|
||||
if (!isset($config->host_url)) {
|
||||
$config->host_url = '';
|
||||
}
|
||||
if (!isset($config->start_tls)) {
|
||||
$config->start_tls = false;
|
||||
}
|
||||
if (empty($config->ldapencoding)) {
|
||||
$config->ldapencoding = 'utf-8';
|
||||
}
|
||||
@ -1831,6 +1834,7 @@ class auth_plugin_ldap extends auth_plugin_base {
|
||||
|
||||
// Save settings
|
||||
set_config('host_url', trim($config->host_url), $this->pluginconfig);
|
||||
set_config('start_tls', $config->start_tls, $this->pluginconfig);
|
||||
set_config('ldapencoding', trim($config->ldapencoding), $this->pluginconfig);
|
||||
set_config('pagesize', (int)trim($config->pagesize), $this->pluginconfig);
|
||||
set_config('contexts', $config->contexts, $this->pluginconfig);
|
||||
@ -2023,7 +2027,7 @@ class auth_plugin_ldap extends auth_plugin_base {
|
||||
if($ldapconnection = ldap_connect_moodle($this->config->host_url, $this->config->ldap_version,
|
||||
$this->config->user_type, $this->config->bind_dn,
|
||||
$this->config->bind_pw, $this->config->opt_deref,
|
||||
$debuginfo)) {
|
||||
$debuginfo, $this->config->start_tls)) {
|
||||
$this->ldapconns = 1;
|
||||
$this->ldapconnection = $ldapconnection;
|
||||
return $ldapconnection;
|
||||
|
||||
@ -4,6 +4,9 @@
|
||||
if (!isset($config->host_url)) {
|
||||
$config->host_url = '';
|
||||
}
|
||||
if (!isset($config->start_tls)) {
|
||||
$config->start_tls = false;
|
||||
}
|
||||
if (empty($config->ldapencoding)) {
|
||||
$config->ldapencoding = 'utf-8';
|
||||
}
|
||||
@ -124,7 +127,7 @@ $yesno = array(get_string('no'), get_string('yes'));
|
||||
</tr>
|
||||
<tr valign="top" class="required">
|
||||
<td align="right">
|
||||
<label for="menuldap_version"><?php print_string('auth_ldap_version_key', 'auth_ldap') ?></label>
|
||||
<label for="ldap_version"><?php print_string('auth_ldap_version_key', 'auth_ldap') ?></label>
|
||||
</td>
|
||||
<td>
|
||||
<?php
|
||||
@ -139,6 +142,17 @@ $yesno = array(get_string('no'), get_string('yes'));
|
||||
<?php print_string('auth_ldap_version', 'auth_ldap') ?>
|
||||
</td>
|
||||
</tr>
|
||||
<tr valign="top">
|
||||
<td align="right">
|
||||
<label for="start_tls"><?php print_string('start_tls_key', 'auth_ldap') ?></label>
|
||||
</td>
|
||||
<td>
|
||||
<?php echo html_writer::select($yesno, 'start_tls', $config->start_tls, false); ?>
|
||||
</td>
|
||||
<td>
|
||||
<?php print_string('start_tls', 'auth_ldap') ?>
|
||||
</td>
|
||||
</tr>
|
||||
<tr valign="top" class="required">
|
||||
<td align="right">
|
||||
<label for="ldapencoding"><?php print_string('auth_ldap_ldap_encoding_key', 'auth_ldap') ?></label>
|
||||
|
||||
@ -135,6 +135,8 @@ $string['pluginname'] = 'LDAP server';
|
||||
$string['pluginnotenabled'] = 'Plugin not enabled!';
|
||||
$string['renamingnotallowed'] = 'User renaming not allowed in LDAP';
|
||||
$string['rootdseerror'] = 'Error querying rootDSE for Active Directory';
|
||||
$string['start_tls'] = 'Use regular LDAP service (port 389) with TLS encryption';
|
||||
$string['start_tls_key'] = 'Use TLS';
|
||||
$string['updateremfail'] = 'Error updating LDAP record. Error code: {$a->errno}; Error string: {$a->errstring}<br/>Key ({$a->key}) - old moodle value: \'{$a->ouvalue}\' new value: \'{$a->nuvalue}\'';
|
||||
$string['updateremfailamb'] = 'Failed to update LDAP with ambiguous field {$a->key}; old moodle value: \'{$a->ouvalue}\', new value: \'{$a->nuvalue}\'';
|
||||
$string['updatepasserror'] = 'Error in user_update_password(). Error code: {$a->errno}; Error string: {$a->errstring}';
|
||||
|
||||
@ -20,7 +20,7 @@
|
||||
* @package auth
|
||||
* @subpackage ldap
|
||||
* @author Martin Dougiamas
|
||||
* @author Iñaky Arenaza
|
||||
* @author Iñaki Arenaza
|
||||
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
|
||||
*/
|
||||
|
||||
|
||||
@ -618,7 +618,7 @@ class enrol_ldap_plugin extends enrol_plugin {
|
||||
if ($ldapconnection = ldap_connect_moodle($this->get_config('host_url'), $this->get_config('ldap_version'),
|
||||
$this->get_config('user_type'), $this->get_config('bind_dn'),
|
||||
$this->get_config('bind_pw'), $this->get_config('opt_deref'),
|
||||
$debuginfo)) {
|
||||
$debuginfo, $this->get_config('start_tls'))) {
|
||||
$this->ldapconns = 1;
|
||||
$this->ldapconnection = $ldapconnection;
|
||||
return $ldapconnection;
|
||||
|
||||
@ -43,6 +43,7 @@ if ($ADMIN->fulltree) {
|
||||
//--- connection settings ---
|
||||
$settings->add(new admin_setting_heading('enrol_ldap_server_settings', get_string('server_settings', 'enrol_ldap'), ''));
|
||||
$settings->add(new admin_setting_configtext_trim_lower('enrol_ldap/host_url', get_string('host_url_key', 'enrol_ldap'), get_string('host_url', 'enrol_ldap'), ''));
|
||||
$settings->add(new admin_setting_configselect('enrol_ldap/start_tls', get_string('start_tls_key', 'auth_ldap'), get_string('start_tls', 'auth_ldap'), 0, $yesno));
|
||||
// Set LDAPv3 as the default. Nowadays all the servers support it and it gives us some real benefits.
|
||||
$options = array(3=>'3', 2=>'2');
|
||||
$settings->add(new admin_setting_configselect('enrol_ldap/ldap_version', get_string('version_key', 'enrol_ldap'), get_string('version', 'enrol_ldap'), 3, $options));
|
||||
|
||||
@ -163,9 +163,10 @@ function ldap_isgroupmember($ldapconnection, $userid, $group_dns, $member_attrib
|
||||
* @param string $bind_pw the password for the binding user. Ignored for anonymous bindings.
|
||||
* @param boolean $opt_deref whether to set LDAP_OPT_DEREF on this connection or not.
|
||||
* @param string &$debuginfo the debugging information in case the connection fails.
|
||||
* @param boolean $start_tls whether to use LDAP with TLS (not to be confused with LDAP+SSL)
|
||||
* @return mixed connection result or false.
|
||||
*/
|
||||
function ldap_connect_moodle($host_url, $ldap_version, $user_type, $bind_dn, $bind_pw, $opt_deref, &$debuginfo) {
|
||||
function ldap_connect_moodle($host_url, $ldap_version, $user_type, $bind_dn, $bind_pw, $opt_deref, &$debuginfo, $start_tls=false) {
|
||||
if (empty($host_url) || empty($ldap_version) || empty($user_type)) {
|
||||
$debuginfo = 'No LDAP Host URL, Version or User Type specified in your LDAP settings';
|
||||
return false;
|
||||
@ -194,6 +195,11 @@ function ldap_connect_moodle($host_url, $ldap_version, $user_type, $bind_dn, $bi
|
||||
ldap_set_option($connresult, LDAP_OPT_DEREF, $opt_deref);
|
||||
}
|
||||
|
||||
if ($start_tls && (!ldap_start_tls($connresult))) {
|
||||
$debuginfo .= "Server: '$server', Connection: '$connresult', STARTTLS failed.\n";
|
||||
continue;
|
||||
}
|
||||
|
||||
if (!empty($bind_dn)) {
|
||||
$bindresult = @ldap_bind($connresult, $bind_dn, $bind_pw);
|
||||
} else {
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user