mirror of
https://github.com/snipe/snipe-it.git
synced 2025-02-21 03:15:45 -08:00
Allow admin to turn LDAP password sync off.
This is added to handle customers/users with a security policy that prohibits third-parties or external databases from storing LDAP passwords.
This commit is contained in:
snipe
parent
29eadb10ae
commit
1d3255a00b
|
|
@ -108,7 +108,7 @@ class AuthController extends Controller
|
|||
LOG::debug("Creating local user ".Input::get('username'));
|
||||
|
||||
if ($newuser = Ldap::createUserFromLdap($userattr)) {
|
||||
LOG::debug("Local user created..");
|
||||
LOG::debug("Local user created.");
|
||||
} else {
|
||||
LOG::debug("Could not create local user.");
|
||||
}
|
||||
|
|
@ -131,12 +131,21 @@ class AuthController extends Controller
|
|||
|
||||
LOG::debug("Valid LDAP login. Updating the local data.");
|
||||
|
||||
if (Setting::getSettings()->ldap_pw_sync=='1') {
|
||||
$user->password = bcrypt($request->input('password'));
|
||||
}
|
||||
|
||||
$user->email = $ldap_attr['email'];
|
||||
$user->first_name = $ldap_attr['firstname'];
|
||||
$user->last_name = $ldap_attr['lastname'];
|
||||
$user->save();
|
||||
|
||||
if (Setting::getSettings()->ldap_pw_sync!='1') {
|
||||
Auth::login($user, true);
|
||||
// Redirect to the users page
|
||||
return redirect()->to('/home')->with('success', trans('auth/message.signin.success'));
|
||||
}
|
||||
|
||||
} else {
|
||||
LOG::debug("User ".Input::get('username')." did not authenticate correctly against LDAP. Local user was not updated.");
|
||||
}// End LDAP auth
|
||||
|
|
@ -146,6 +155,7 @@ class AuthController extends Controller
|
|||
// NO LDAP enabled - just try to login the user normally
|
||||
}
|
||||
|
||||
|
||||
LOG::debug("Authenticating user against database.");
|
||||
// Try to log the user in
|
||||
if (!Auth::attempt(Input::only('username', 'password'), Input::get('remember-me', 0))) {
|
||||
|
|
@ -154,6 +164,8 @@ class AuthController extends Controller
|
|||
return redirect()->back()->withInput()->with('error', trans('auth/message.account_not_found'));
|
||||
}
|
||||
|
||||
|
||||
|
||||
// Get the page we were before
|
||||
$redirect = \Session::get('loginRedirect', 'home');
|
||||
|
||||
|
|
|
|||
|
|
@ -417,6 +417,7 @@ class SettingsController extends Controller
|
|||
$setting->ad_domain = e(Input::get('ad_domain'));
|
||||
$setting->is_ad = e(Input::get('is_ad', '0'));
|
||||
$setting->ldap_tls = e(Input::get('ldap_tls', '0'));
|
||||
$setting->ldap_pw_sync = e(Input::get('ldap_pw_sync', '0'));
|
||||
|
||||
// If validation fails, we'll exit the operation now.
|
||||
if ($setting->save()) {
|
||||
|
|
|
|||
|
|
@ -191,6 +191,7 @@ class Ldap extends Model
|
|||
{
|
||||
$item = Ldap::parseAndMapLdapAttributes($ldapatttibutes);
|
||||
|
||||
|
||||
// Create user from LDAP data
|
||||
if (!empty($item["username"])) {
|
||||
$user = new User;
|
||||
|
|
@ -198,7 +199,14 @@ class Ldap extends Model
|
|||
$user->last_name = $item["lastname"];
|
||||
$user->username = $item["username"];
|
||||
$user->email = $item["email"];
|
||||
|
||||
if (Setting::getSettings()->ldap_pw_sync=='1') {
|
||||
$user->password = bcrypt(Input::get("password"));
|
||||
} else {
|
||||
$pass = substr(str_shuffle("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"), 0, 25);
|
||||
$user->password = bcrypt($pass);
|
||||
}
|
||||
|
||||
$user->activated = 1;
|
||||
$user->ldap_import = 1;
|
||||
$user->notes = 'Imported on first login from LDAP';
|
||||
|
|
|
|||
|
|
@ -0,0 +1,31 @@
|
|||
<?php
|
||||
|
||||
use Illuminate\Database\Schema\Blueprint;
|
||||
use Illuminate\Database\Migrations\Migration;
|
||||
|
||||
class AddDisallowLdapPwSyncToSettings extends Migration
|
||||
{
|
||||
/**
|
||||
* Run the migrations.
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
public function up()
|
||||
{
|
||||
Schema::table('settings', function (Blueprint $table) {
|
||||
$table->boolean('ldap_pw_sync')->default(1);
|
||||
});
|
||||
}
|
||||
|
||||
/**
|
||||
* Reverse the migrations.
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
public function down()
|
||||
{
|
||||
Schema::table('settings', function ($table) {
|
||||
$table->dropColumn('ldap_pw_sync');
|
||||
});
|
||||
}
|
||||
}
|
||||
|
|
@ -51,6 +51,8 @@ return array(
|
|||
'ldap_pword' => 'LDAP Bind Password',
|
||||
'ldap_basedn' => 'Base Bind DN',
|
||||
'ldap_filter' => 'LDAP Filter',
|
||||
'ldap_pw_sync' => 'LDAP Password Sync',
|
||||
'ldap_pw_sync_help' => 'Uncheck this box if you do not wish to keep LDAP passwords synced with local passwords. Disabling this means that your users may not be able to login if your LDAP server is unreachable for some reason.',
|
||||
'ldap_username_field' => 'Username Field',
|
||||
'ldap_lname_field' => 'Last Name',
|
||||
'ldap_fname_field' => 'LDAP First Name',
|
||||
|
|
|
|||
|
|
@ -705,6 +705,21 @@
|
|||
</div>
|
||||
<!-- /.form-group -->
|
||||
|
||||
<!-- LDAP Password Sync -->
|
||||
<div class="form-group">
|
||||
<div class="col-md-3">
|
||||
{{ Form::label('is_ad', trans('admin/settings/general.ldap_pw_sync')) }}
|
||||
</div>
|
||||
<div class="col-md-9">
|
||||
{{ Form::checkbox('ldap_pw_sync', '1', Input::old('ldap_pw_sync', $setting->ldap_pw_sync),array('class' => 'minimal')) }}
|
||||
{{ trans('general.yes') }}
|
||||
<p class="help-block">{{ trans('admin/settings/general.ldap_pw_sync_help') }}</p>
|
||||
{!! $errors->first('ldap_pw_sync', '<span class="alert-msg">:message</span>') !!}
|
||||
|
||||
</div>
|
||||
</div>
|
||||
<!-- /.form-group -->
|
||||
|
||||
<!-- AD Domain -->
|
||||
<div class="form-group {{ $errors->has('ad_domain') ? 'error' : '' }}">
|
||||
<div class="col-md-3">
|
||||
|
|
|
|||
Loading…
Reference in a new issue