diff --git a/app/Http/Controllers/Auth/AuthController.php b/app/Http/Controllers/Auth/AuthController.php index db80a14448..f6cb0ec50a 100644 --- a/app/Http/Controllers/Auth/AuthController.php +++ b/app/Http/Controllers/Auth/AuthController.php @@ -108,7 +108,7 @@ class AuthController extends Controller LOG::debug("Creating local user ".Input::get('username')); if ($newuser = Ldap::createUserFromLdap($userattr)) { - LOG::debug("Local user created.."); + LOG::debug("Local user created."); } else { LOG::debug("Could not create local user."); } @@ -131,12 +131,21 @@ class AuthController extends Controller LOG::debug("Valid LDAP login. Updating the local data."); - $user->password = bcrypt($request->input('password')); + if (Setting::getSettings()->ldap_pw_sync=='1') { + $user->password = bcrypt($request->input('password')); + } + $user->email = $ldap_attr['email']; $user->first_name = $ldap_attr['firstname']; $user->last_name = $ldap_attr['lastname']; $user->save(); + if (Setting::getSettings()->ldap_pw_sync!='1') { + Auth::login($user, true); + // Redirect to the users page + return redirect()->to('/home')->with('success', trans('auth/message.signin.success')); + } + } else { LOG::debug("User ".Input::get('username')." did not authenticate correctly against LDAP. Local user was not updated."); }// End LDAP auth @@ -146,14 +155,17 @@ class AuthController extends Controller // NO LDAP enabled - just try to login the user normally } + LOG::debug("Authenticating user against database."); // Try to log the user in if (!Auth::attempt(Input::only('username', 'password'), Input::get('remember-me', 0))) { LOG::debug("Local authentication failed."); - // throw new Cartalyst\Sentry\Users\UserNotFoundException(); + // throw new Cartalyst\Sentry\Users\UserNotFoundException(); return redirect()->back()->withInput()->with('error', trans('auth/message.account_not_found')); } + + // Get the page we were before $redirect = \Session::get('loginRedirect', 'home'); diff --git a/app/Http/Controllers/SettingsController.php b/app/Http/Controllers/SettingsController.php index 0ea1ca226d..9da23c5e49 100755 --- a/app/Http/Controllers/SettingsController.php +++ b/app/Http/Controllers/SettingsController.php @@ -417,6 +417,7 @@ class SettingsController extends Controller $setting->ad_domain = e(Input::get('ad_domain')); $setting->is_ad = e(Input::get('is_ad', '0')); $setting->ldap_tls = e(Input::get('ldap_tls', '0')); + $setting->ldap_pw_sync = e(Input::get('ldap_pw_sync', '0')); // If validation fails, we'll exit the operation now. if ($setting->save()) { diff --git a/app/Models/Ldap.php b/app/Models/Ldap.php index f7fa245577..b05475f2be 100644 --- a/app/Models/Ldap.php +++ b/app/Models/Ldap.php @@ -191,6 +191,7 @@ class Ldap extends Model { $item = Ldap::parseAndMapLdapAttributes($ldapatttibutes); + // Create user from LDAP data if (!empty($item["username"])) { $user = new User; @@ -198,7 +199,14 @@ class Ldap extends Model $user->last_name = $item["lastname"]; $user->username = $item["username"]; $user->email = $item["email"]; - $user->password = bcrypt(Input::get("password")); + + if (Setting::getSettings()->ldap_pw_sync=='1') { + $user->password = bcrypt(Input::get("password")); + } else { + $pass = substr(str_shuffle("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"), 0, 25); + $user->password = bcrypt($pass); + } + $user->activated = 1; $user->ldap_import = 1; $user->notes = 'Imported on first login from LDAP'; diff --git a/database/migrations/2016_08_04_134500_add_disallow_ldap_pw_sync_to_settings.php b/database/migrations/2016_08_04_134500_add_disallow_ldap_pw_sync_to_settings.php new file mode 100644 index 0000000000..c46203fdad --- /dev/null +++ b/database/migrations/2016_08_04_134500_add_disallow_ldap_pw_sync_to_settings.php @@ -0,0 +1,31 @@ +boolean('ldap_pw_sync')->default(1); + }); + } + + /** + * Reverse the migrations. + * + * @return void + */ + public function down() + { + Schema::table('settings', function ($table) { + $table->dropColumn('ldap_pw_sync'); + }); + } +} diff --git a/resources/lang/en/admin/settings/general.php b/resources/lang/en/admin/settings/general.php index 623b000605..a365f803c1 100644 --- a/resources/lang/en/admin/settings/general.php +++ b/resources/lang/en/admin/settings/general.php @@ -51,6 +51,8 @@ return array( 'ldap_pword' => 'LDAP Bind Password', 'ldap_basedn' => 'Base Bind DN', 'ldap_filter' => 'LDAP Filter', + 'ldap_pw_sync' => 'LDAP Password Sync', + 'ldap_pw_sync_help' => 'Uncheck this box if you do not wish to keep LDAP passwords synced with local passwords. Disabling this means that your users may not be able to login if your LDAP server is unreachable for some reason.', 'ldap_username_field' => 'Username Field', 'ldap_lname_field' => 'Last Name', 'ldap_fname_field' => 'LDAP First Name', diff --git a/resources/views/settings/edit.blade.php b/resources/views/settings/edit.blade.php index 0d4c3f4d7f..d0969818f1 100755 --- a/resources/views/settings/edit.blade.php +++ b/resources/views/settings/edit.blade.php @@ -705,6 +705,21 @@ + +
+
+ {{ Form::label('is_ad', trans('admin/settings/general.ldap_pw_sync')) }} +
+
+ {{ Form::checkbox('ldap_pw_sync', '1', Input::old('ldap_pw_sync', $setting->ldap_pw_sync),array('class' => 'minimal')) }} + {{ trans('general.yes') }} +

{{ trans('admin/settings/general.ldap_pw_sync_help') }}

+ {!! $errors->first('ldap_pw_sync', ':message') !!} + +
+
+ +